LPS-144246 Add size and number check to put(HttpSession, ...)

dantewang · brianchandotcom · commit 429834b7cf7c · 2022-02-20T19:29:18.000-03:00
diff --git a/portal-kernel/src/com/liferay/portal/kernel/util/SessionClicks.java b/portal-kernel/src/com/liferay/portal/kernel/util/SessionClicks.java
@@ -22,6 +22,7 @@
 import com.liferay.portal.kernel.portlet.PortletPreferencesFactoryUtil;
 
 import java.util.ConcurrentModificationException;
+import java.util.Enumeration;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@@ -143,10 +144,46 @@ public static void put(HttpSession httpSession, String key, String value) {
 	public static void put(
 		HttpSession httpSession, String namespace, String key, String value) {
 
-		String sessionKey = StringBundler.concat(
-			namespace, StringPool.COLON, key);
+		if ((key.length() > _SESSION_CLICKS_MAX_SIZE_TERMS) ||
+			(value.length() > _SESSION_CLICKS_MAX_SIZE_TERMS)) {
+
+			if (_log.isWarnEnabled()) {
+				_log.warn(
+					StringBundler.concat(
+						"Session clicks has attempted to exceed the maximum ",
+						"size allowed for keys or values with {key=", key,
+						", value=", value, "}"));
+			}
+
+			return;
+		}
+
+		Enumeration<String> enumeration = httpSession.getAttributeNames();
+
+		int size = 0;
+
+		while (enumeration.hasMoreElements()) {
+			enumeration.nextElement();
+
+			size++;
+		}
 
-		httpSession.setAttribute(sessionKey, value);
+		if (size < _SESSION_CLICKS_MAX_ALLOWED_VALUES) {
+			String sessionKey = StringBundler.concat(
+				namespace, StringPool.COLON, key);
+
+			httpSession.setAttribute(sessionKey, value);
+
+			return;
+		}
+
+		if (_log.isWarnEnabled()) {
+			_log.warn(
+				StringBundler.concat(
+					"Session clicks has attempted to exceed the maximum ",
+					"number of allowed values with {key=", key, ", value=",
+					value, "}"));
+		}
 	}
 
 	private static final String _DEFAULT_NAMESPACE =
