diff options
author | Vitaly Takmazov | 2017-01-20 14:10:46 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2017-01-20 14:10:46 +0300 |
commit | fd3b2e951400bf69ca9394d752118b6a3c039516 (patch) | |
tree | 912b6473a1b0f8f28f0b58379fe532b3e5c52223 /juick-www | |
parent | 0736bfd7a02c1c3991be475fae5f70607bf3070f (diff) |
juick-server: database tags should not be escaped now
Diffstat (limited to 'juick-www')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/controllers/Tags.java (renamed from juick-www/src/main/java/com/juick/www/controllers/Discover.java) | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Discover.java b/juick-www/src/main/java/com/juick/www/controllers/Tags.java index e5d17501..ee95d08c 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/Discover.java +++ b/juick-www/src/main/java/com/juick/www/controllers/Tags.java @@ -26,8 +26,10 @@ import org.apache.commons.lang3.CharEncoding; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; @@ -43,7 +45,7 @@ import java.util.List; * @author Ugnich Anton */ @Controller -public class Discover { +public class Tags { @Inject WebApp webApp; @Inject @@ -56,24 +58,27 @@ public class Discover { PageTemplates templates; @RequestMapping(value = "/tag/{tagName}", method = RequestMethod.GET) - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + protected void doGet(HttpServletRequest request, + @PathVariable String tagName, + @RequestParam(required = false, defaultValue = "0") int before, + HttpServletResponse response) throws IOException { com.juick.User visitor = webApp.getVisitorUser(request, response); - String paramTagStr = URLDecoder.decode(request.getRequestURI().substring(5), CharEncoding.UTF_8); + String paramTagStr = URLDecoder.decode(StringEscapeUtils.unescapeHtml4(tagName), CharEncoding.UTF_8); com.juick.Tag paramTag = tagService.getTag(paramTagStr, false); if (paramTag == null) { response.sendError(HttpServletResponse.SC_NOT_FOUND); return; } else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) { com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID); - String url = "/tag/" + URLEncoder.encode(synTag.getName(), CharEncoding.UTF_8); + String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(synTag.getName()), CharEncoding.UTF_8); if (request.getQueryString() != null) { url += "?" + request.getQueryString(); } Utils.sendPermanentRedirect(response, url); return; } else if (!paramTag.getName().equals(paramTagStr)) { - String url = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8); + String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(paramTag.getName()), CharEncoding.UTF_8); if (request.getQueryString() != null) { url += "?" + request.getQueryString(); } @@ -81,26 +86,17 @@ public class Discover { return; } - int paramBefore = 0; - String paramBeforeStr = request.getParameter("before"); - if (paramBeforeStr != null) { - try { - paramBefore = Integer.parseInt(paramBeforeStr); - } catch (NumberFormatException e) { - } - } - int visitor_uid = visitor.getUid(); String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName()); - List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20); + List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, before, (visitor_uid == 0) ? 40 : 20); response.setContentType("text/html; charset=UTF-8"); try (PrintWriter out = response.getWriter()) { String head = StringUtils.EMPTY; if (tagService.getTagNoIndex(paramTag.TID)) { head = "<meta name=\"robots\" content=\"noindex,nofollow\"/>"; - } else if (paramBefore > 0 || mids.size() < 5) { + } else if (before > 0 || mids.size() < 5) { head = "<meta name=\"robots\" content=\"noindex\"/>"; } templates.pageHead(out, visitor, title, head); |