aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-01-20 14:10:46 +0300
committerGravatar Vitaly Takmazov2017-01-20 14:10:46 +0300
commitfd3b2e951400bf69ca9394d752118b6a3c039516 (patch)
tree912b6473a1b0f8f28f0b58379fe532b3e5c52223
parent0736bfd7a02c1c3991be475fae5f70607bf3070f (diff)
juick-server: database tags should not be escaped now
-rw-r--r--juick-core/src/main/java/com/juick/Message.java1
-rw-r--r--juick-server/src/main/java/com/juick/service/TagServiceImpl.java19
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Tags.java (renamed from juick-www/src/main/java/com/juick/www/controllers/Discover.java)28
-rw-r--r--src/test/java/com/juick/tests/ApiTests.java6
4 files changed, 24 insertions, 30 deletions
diff --git a/juick-core/src/main/java/com/juick/Message.java b/juick-core/src/main/java/com/juick/Message.java
index ae13d7e9..583f2570 100644
--- a/juick-core/src/main/java/com/juick/Message.java
+++ b/juick-core/src/main/java/com/juick/Message.java
@@ -28,7 +28,6 @@ import org.apache.commons.lang3.builder.ToStringBuilder;
import javax.xml.bind.annotation.*;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
import java.util.*;
-import java.util.stream.Collectors;
/**
* @author Ugnich Anton
diff --git a/juick-server/src/main/java/com/juick/service/TagServiceImpl.java b/juick-server/src/main/java/com/juick/service/TagServiceImpl.java
index 61f23d71..cb345ceb 100644
--- a/juick-server/src/main/java/com/juick/service/TagServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/TagServiceImpl.java
@@ -4,7 +4,6 @@ import com.juick.Tag;
import com.juick.server.helpers.TagStats;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
@@ -16,7 +15,10 @@ import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import javax.inject.Inject;
-import java.sql.*;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -49,7 +51,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService {
List<Tag> list = getJdbcTemplate().query(
"SELECT synonym_id,name FROM tags WHERE tag_id=?",
(rs, num) -> {
- Tag ret = new Tag(StringEscapeUtils.unescapeHtml4(rs.getString(2)));
+ Tag ret = new Tag(rs.getString(2));
ret.TID = tid;
ret.SynonymID = rs.getInt(1);
return ret;
@@ -69,12 +71,12 @@ public class TagServiceImpl extends BaseJdbcService implements TagService {
List<Tag> list = getJdbcTemplate().query(
"SELECT tag_id, synonym_id, name FROM tags WHERE name = ?",
(rs, rowNum) -> {
- Tag ret1 = new Tag(StringEscapeUtils.unescapeHtml4(rs.getString(3)));
+ Tag ret1 = new Tag(rs.getString(3));
ret1.TID = rs.getInt(1);
ret1.SynonymID = rs.getInt(2);
return ret1;
},
- StringEscapeUtils.escapeHtml4(tag));
+ tag);
Tag ret = list.isEmpty() ?
null : list.get(0);
@@ -124,7 +126,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService {
PreparedStatement stmt = con.prepareStatement(
"INSERT INTO tags(name) VALUES (?)",
Statement.RETURN_GENERATED_KEYS);
- stmt.setString(1, StringEscapeUtils.escapeHtml4(name));
+ stmt.setString(1, name);
return stmt;
},
holder);
@@ -136,7 +138,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService {
@Override
public TagStats mapRow(ResultSet rs, int rowNum) throws SQLException {
- Tag t = new Tag(StringEscapeUtils.unescapeHtml4(rs.getString(1)));
+ Tag t = new Tag(rs.getString(1));
TagStats s = new TagStats();
s.setTag(t);
s.setUsageCount(rs.getInt(2));
@@ -171,7 +173,6 @@ public class TagServiceImpl extends BaseJdbcService implements TagService {
return getJdbcTemplate().queryForList(
"SELECT name FROM tags WHERE top=1 ORDER BY name ASC", String.class)
.stream()
- .map(StringEscapeUtils::unescapeHtml4)
.collect(Collectors.toList());
}
@@ -239,7 +240,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService {
"SELECT tags.tag_id,synonym_id,name,stat_messages FROM tags " +
"INNER JOIN messages_tags ON (messages_tags.message_id = ? AND messages_tags.tag_id = tags.tag_id)",
(rs, num) -> {
- com.juick.Tag t = new com.juick.Tag(StringEscapeUtils.unescapeHtml4(rs.getString(3)));
+ com.juick.Tag t = new com.juick.Tag(rs.getString(3));
t.TID = rs.getInt(1);
t.SynonymID = rs.getInt(2);
TagStats s = new TagStats();
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Discover.java b/juick-www/src/main/java/com/juick/www/controllers/Tags.java
index e5d17501..ee95d08c 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Discover.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Tags.java
@@ -26,8 +26,10 @@ import org.apache.commons.lang3.CharEncoding;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
@@ -43,7 +45,7 @@ import java.util.List;
* @author Ugnich Anton
*/
@Controller
-public class Discover {
+public class Tags {
@Inject
WebApp webApp;
@Inject
@@ -56,24 +58,27 @@ public class Discover {
PageTemplates templates;
@RequestMapping(value = "/tag/{tagName}", method = RequestMethod.GET)
- protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
+ protected void doGet(HttpServletRequest request,
+ @PathVariable String tagName,
+ @RequestParam(required = false, defaultValue = "0") int before,
+ HttpServletResponse response) throws IOException {
com.juick.User visitor = webApp.getVisitorUser(request, response);
- String paramTagStr = URLDecoder.decode(request.getRequestURI().substring(5), CharEncoding.UTF_8);
+ String paramTagStr = URLDecoder.decode(StringEscapeUtils.unescapeHtml4(tagName), CharEncoding.UTF_8);
com.juick.Tag paramTag = tagService.getTag(paramTagStr, false);
if (paramTag == null) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
} else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) {
com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID);
- String url = "/tag/" + URLEncoder.encode(synTag.getName(), CharEncoding.UTF_8);
+ String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(synTag.getName()), CharEncoding.UTF_8);
if (request.getQueryString() != null) {
url += "?" + request.getQueryString();
}
Utils.sendPermanentRedirect(response, url);
return;
} else if (!paramTag.getName().equals(paramTagStr)) {
- String url = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8);
+ String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(paramTag.getName()), CharEncoding.UTF_8);
if (request.getQueryString() != null) {
url += "?" + request.getQueryString();
}
@@ -81,26 +86,17 @@ public class Discover {
return;
}
- int paramBefore = 0;
- String paramBeforeStr = request.getParameter("before");
- if (paramBeforeStr != null) {
- try {
- paramBefore = Integer.parseInt(paramBeforeStr);
- } catch (NumberFormatException e) {
- }
- }
-
int visitor_uid = visitor.getUid();
String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName());
- List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20);
+ List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, before, (visitor_uid == 0) ? 40 : 20);
response.setContentType("text/html; charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
String head = StringUtils.EMPTY;
if (tagService.getTagNoIndex(paramTag.TID)) {
head = "<meta name=\"robots\" content=\"noindex,nofollow\"/>";
- } else if (paramBefore > 0 || mids.size() < 5) {
+ } else if (before > 0 || mids.size() < 5) {
head = "<meta name=\"robots\" content=\"noindex\"/>";
}
templates.pageHead(out, visitor, title, head);
diff --git a/src/test/java/com/juick/tests/ApiTests.java b/src/test/java/com/juick/tests/ApiTests.java
index 0317dbb4..1cd17bd6 100644
--- a/src/test/java/com/juick/tests/ApiTests.java
+++ b/src/test/java/com/juick/tests/ApiTests.java
@@ -17,7 +17,6 @@ import com.juick.service.UserService;
import com.juick.service.search.SearchService;
import com.juick.www.controllers.PageTemplates;
import org.apache.commons.dbcp2.BasicDataSource;
-import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.junit.Before;
import org.junit.Test;
@@ -181,9 +180,8 @@ public class ApiTests {
Tag htmlTag = tagService.getTag(htmlTagName, true);
TagStats htmlTagStats = new TagStats();
htmlTagStats.setTag(htmlTag);
- String dbTagName = jdbcTemplate.queryForObject("select name from tags where name=?", String.class, StringEscapeUtils.escapeHtml4(htmlTagName));
- assertNotEquals("db tags should be escaped", dbTagName, htmlTag.getName());
- assertEquals("object tags should unescaped", htmlTag.getName(), StringEscapeUtils.unescapeHtml4(dbTagName));
+ String dbTagName = jdbcTemplate.queryForObject("select name from tags where name=?", String.class, htmlTagName);
+ assertEquals("db tags should not be escaped", dbTagName, htmlTag.getName());
assertEquals("template should encode escaped tag in url and show escaped tag in name",
"<a href=\"/tag/%3E_%3C\" rel=\"nofollow\">&gt;_&lt;</a>", templates.formatTags(Collections.singletonList(htmlTagStats)));
int mid4 = messagesService.createMessage(user_id, "yoyoyo", null, null);