diff options
author | Vitaly Takmazov | 2017-01-20 14:10:46 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2017-01-20 14:10:46 +0300 |
commit | fd3b2e951400bf69ca9394d752118b6a3c039516 (patch) | |
tree | 912b6473a1b0f8f28f0b58379fe532b3e5c52223 | |
parent | 0736bfd7a02c1c3991be475fae5f70607bf3070f (diff) |
juick-server: database tags should not be escaped now
-rw-r--r-- | juick-core/src/main/java/com/juick/Message.java | 1 | ||||
-rw-r--r-- | juick-server/src/main/java/com/juick/service/TagServiceImpl.java | 19 | ||||
-rw-r--r-- | juick-www/src/main/java/com/juick/www/controllers/Tags.java (renamed from juick-www/src/main/java/com/juick/www/controllers/Discover.java) | 28 | ||||
-rw-r--r-- | src/test/java/com/juick/tests/ApiTests.java | 6 |
4 files changed, 24 insertions, 30 deletions
diff --git a/juick-core/src/main/java/com/juick/Message.java b/juick-core/src/main/java/com/juick/Message.java index ae13d7e9..583f2570 100644 --- a/juick-core/src/main/java/com/juick/Message.java +++ b/juick-core/src/main/java/com/juick/Message.java @@ -28,7 +28,6 @@ import org.apache.commons.lang3.builder.ToStringBuilder; import javax.xml.bind.annotation.*; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; import java.util.*; -import java.util.stream.Collectors; /** * @author Ugnich Anton diff --git a/juick-server/src/main/java/com/juick/service/TagServiceImpl.java b/juick-server/src/main/java/com/juick/service/TagServiceImpl.java index 61f23d71..cb345ceb 100644 --- a/juick-server/src/main/java/com/juick/service/TagServiceImpl.java +++ b/juick-server/src/main/java/com/juick/service/TagServiceImpl.java @@ -4,7 +4,6 @@ import com.juick.Tag; import com.juick.server.helpers.TagStats; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.RowMapper; @@ -16,7 +15,10 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.util.Assert; import javax.inject.Inject; -import java.sql.*; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -49,7 +51,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService { List<Tag> list = getJdbcTemplate().query( "SELECT synonym_id,name FROM tags WHERE tag_id=?", (rs, num) -> { - Tag ret = new Tag(StringEscapeUtils.unescapeHtml4(rs.getString(2))); + Tag ret = new Tag(rs.getString(2)); ret.TID = tid; ret.SynonymID = rs.getInt(1); return ret; @@ -69,12 +71,12 @@ public class TagServiceImpl extends BaseJdbcService implements TagService { List<Tag> list = getJdbcTemplate().query( "SELECT tag_id, synonym_id, name FROM tags WHERE name = ?", (rs, rowNum) -> { - Tag ret1 = new Tag(StringEscapeUtils.unescapeHtml4(rs.getString(3))); + Tag ret1 = new Tag(rs.getString(3)); ret1.TID = rs.getInt(1); ret1.SynonymID = rs.getInt(2); return ret1; }, - StringEscapeUtils.escapeHtml4(tag)); + tag); Tag ret = list.isEmpty() ? null : list.get(0); @@ -124,7 +126,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService { PreparedStatement stmt = con.prepareStatement( "INSERT INTO tags(name) VALUES (?)", Statement.RETURN_GENERATED_KEYS); - stmt.setString(1, StringEscapeUtils.escapeHtml4(name)); + stmt.setString(1, name); return stmt; }, holder); @@ -136,7 +138,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService { @Override public TagStats mapRow(ResultSet rs, int rowNum) throws SQLException { - Tag t = new Tag(StringEscapeUtils.unescapeHtml4(rs.getString(1))); + Tag t = new Tag(rs.getString(1)); TagStats s = new TagStats(); s.setTag(t); s.setUsageCount(rs.getInt(2)); @@ -171,7 +173,6 @@ public class TagServiceImpl extends BaseJdbcService implements TagService { return getJdbcTemplate().queryForList( "SELECT name FROM tags WHERE top=1 ORDER BY name ASC", String.class) .stream() - .map(StringEscapeUtils::unescapeHtml4) .collect(Collectors.toList()); } @@ -239,7 +240,7 @@ public class TagServiceImpl extends BaseJdbcService implements TagService { "SELECT tags.tag_id,synonym_id,name,stat_messages FROM tags " + "INNER JOIN messages_tags ON (messages_tags.message_id = ? AND messages_tags.tag_id = tags.tag_id)", (rs, num) -> { - com.juick.Tag t = new com.juick.Tag(StringEscapeUtils.unescapeHtml4(rs.getString(3))); + com.juick.Tag t = new com.juick.Tag(rs.getString(3)); t.TID = rs.getInt(1); t.SynonymID = rs.getInt(2); TagStats s = new TagStats(); diff --git a/juick-www/src/main/java/com/juick/www/controllers/Discover.java b/juick-www/src/main/java/com/juick/www/controllers/Tags.java index e5d17501..ee95d08c 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/Discover.java +++ b/juick-www/src/main/java/com/juick/www/controllers/Tags.java @@ -26,8 +26,10 @@ import org.apache.commons.lang3.CharEncoding; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; @@ -43,7 +45,7 @@ import java.util.List; * @author Ugnich Anton */ @Controller -public class Discover { +public class Tags { @Inject WebApp webApp; @Inject @@ -56,24 +58,27 @@ public class Discover { PageTemplates templates; @RequestMapping(value = "/tag/{tagName}", method = RequestMethod.GET) - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + protected void doGet(HttpServletRequest request, + @PathVariable String tagName, + @RequestParam(required = false, defaultValue = "0") int before, + HttpServletResponse response) throws IOException { com.juick.User visitor = webApp.getVisitorUser(request, response); - String paramTagStr = URLDecoder.decode(request.getRequestURI().substring(5), CharEncoding.UTF_8); + String paramTagStr = URLDecoder.decode(StringEscapeUtils.unescapeHtml4(tagName), CharEncoding.UTF_8); com.juick.Tag paramTag = tagService.getTag(paramTagStr, false); if (paramTag == null) { response.sendError(HttpServletResponse.SC_NOT_FOUND); return; } else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) { com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID); - String url = "/tag/" + URLEncoder.encode(synTag.getName(), CharEncoding.UTF_8); + String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(synTag.getName()), CharEncoding.UTF_8); if (request.getQueryString() != null) { url += "?" + request.getQueryString(); } Utils.sendPermanentRedirect(response, url); return; } else if (!paramTag.getName().equals(paramTagStr)) { - String url = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8); + String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(paramTag.getName()), CharEncoding.UTF_8); if (request.getQueryString() != null) { url += "?" + request.getQueryString(); } @@ -81,26 +86,17 @@ public class Discover { return; } - int paramBefore = 0; - String paramBeforeStr = request.getParameter("before"); - if (paramBeforeStr != null) { - try { - paramBefore = Integer.parseInt(paramBeforeStr); - } catch (NumberFormatException e) { - } - } - int visitor_uid = visitor.getUid(); String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName()); - List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20); + List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, before, (visitor_uid == 0) ? 40 : 20); response.setContentType("text/html; charset=UTF-8"); try (PrintWriter out = response.getWriter()) { String head = StringUtils.EMPTY; if (tagService.getTagNoIndex(paramTag.TID)) { head = "<meta name=\"robots\" content=\"noindex,nofollow\"/>"; - } else if (paramBefore > 0 || mids.size() < 5) { + } else if (before > 0 || mids.size() < 5) { head = "<meta name=\"robots\" content=\"noindex\"/>"; } templates.pageHead(out, visitor, title, head); diff --git a/src/test/java/com/juick/tests/ApiTests.java b/src/test/java/com/juick/tests/ApiTests.java index 0317dbb4..1cd17bd6 100644 --- a/src/test/java/com/juick/tests/ApiTests.java +++ b/src/test/java/com/juick/tests/ApiTests.java @@ -17,7 +17,6 @@ import com.juick.service.UserService; import com.juick.service.search.SearchService; import com.juick.www.controllers.PageTemplates; import org.apache.commons.dbcp2.BasicDataSource; -import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.junit.Before; import org.junit.Test; @@ -181,9 +180,8 @@ public class ApiTests { Tag htmlTag = tagService.getTag(htmlTagName, true); TagStats htmlTagStats = new TagStats(); htmlTagStats.setTag(htmlTag); - String dbTagName = jdbcTemplate.queryForObject("select name from tags where name=?", String.class, StringEscapeUtils.escapeHtml4(htmlTagName)); - assertNotEquals("db tags should be escaped", dbTagName, htmlTag.getName()); - assertEquals("object tags should unescaped", htmlTag.getName(), StringEscapeUtils.unescapeHtml4(dbTagName)); + String dbTagName = jdbcTemplate.queryForObject("select name from tags where name=?", String.class, htmlTagName); + assertEquals("db tags should not be escaped", dbTagName, htmlTag.getName()); assertEquals("template should encode escaped tag in url and show escaped tag in name", "<a href=\"/tag/%3E_%3C\" rel=\"nofollow\">>_<</a>", templates.formatTags(Collections.singletonList(htmlTagStats))); int mid4 = messagesService.createMessage(user_id, "yoyoyo", null, null); |