aboutsummaryrefslogtreecommitdiff
path: root/juick-common/src/main/java/com/juick/server
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-05-08 21:46:36 +0300
committerGravatar Vitaly Takmazov2018-05-08 21:46:36 +0300
commitf9f4115b7baeb9a73b63ecda3397994961071373 (patch)
treedebde6ef9a819f11677cbb6966c22ec755232529 /juick-common/src/main/java/com/juick/server
parent67c5a5eedcd1bf68ade678935392eace59af1c37 (diff)
common: strip login urls from input
Diffstat (limited to 'juick-common/src/main/java/com/juick/server')
-rw-r--r--juick-common/src/main/java/com/juick/server/CommandsManager.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/juick-common/src/main/java/com/juick/server/CommandsManager.java b/juick-common/src/main/java/com/juick/server/CommandsManager.java
index 82d293fe..ab55bba7 100644
--- a/juick-common/src/main/java/com/juick/server/CommandsManager.java
+++ b/juick-common/src/main/java/com/juick/server/CommandsManager.java
@@ -29,9 +29,9 @@ import com.juick.server.helpers.CommandResult;
import com.juick.server.helpers.TagStats;
import com.juick.server.helpers.annotation.UserCommand;
import com.juick.server.util.HttpUtils;
-import com.juick.server.util.ImageUtils;
import com.juick.server.util.TagUtils;
import com.juick.service.*;
+import com.juick.util.MessageUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
@@ -79,7 +79,8 @@ public class CommandsManager {
private ImagesService imagesService;
public CommandResult processCommand(User user, String data, @Nonnull URI attachment) throws Exception {
- String input = StringUtils.stripStart(data, null);
+ String strippedData = StringUtils.stripStart(data, null);
+ String input = MessageUtils.stripNonSafeUrls(strippedData);
Optional<Method> cmd = MethodUtils.getMethodsListWithAnnotation(getClass(), UserCommand.class).stream()
.filter(m -> Pattern.compile(m.getAnnotation(UserCommand.class).pattern(),
m.getAnnotation(UserCommand.class).patternFlags()).matcher(input).matches())