juick-server: database tags should not be escaped now

author: Vitaly Takmazov 2017-01-20 14:10:46 +0300
committer: Vitaly Takmazov 2017-01-20 14:10:46 +0300
commit: fd3b2e951400bf69ca9394d752118b6a3c039516 (patch)
tree: 912b6473a1b0f8f28f0b58379fe532b3e5c52223 /juick-www
parent: 0736bfd7a02c1c3991be475fae5f70607bf3070f (diff)
1 files changed, 12 insertions, 16 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Discover.java b/juick-www/src/main/java/com/juick/www/controllers/Tags.java
index e5d17501..ee95d08c 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Discover.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Tags.java
@@ -26,8 +26,10 @@ import org.apache.commons.lang3.CharEncoding;
 import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
@@ -43,7 +45,7 @@ import java.util.List;
  * @author Ugnich Anton
  */
 @Controller
-public class Discover {
+public class Tags {
     @Inject
     WebApp webApp;
     @Inject
@@ -56,24 +58,27 @@ public class Discover {
     PageTemplates templates;
 
     @RequestMapping(value = "/tag/{tagName}", method = RequestMethod.GET)
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
+    protected void doGet(HttpServletRequest request,
+                         @PathVariable String tagName,
+                         @RequestParam(required = false, defaultValue = "0") int before,
+                         HttpServletResponse response) throws IOException {
         com.juick.User visitor = webApp.getVisitorUser(request, response);
 
-        String paramTagStr = URLDecoder.decode(request.getRequestURI().substring(5), CharEncoding.UTF_8);
+        String paramTagStr = URLDecoder.decode(StringEscapeUtils.unescapeHtml4(tagName), CharEncoding.UTF_8);
         com.juick.Tag paramTag = tagService.getTag(paramTagStr, false);
         if (paramTag == null) {
             response.sendError(HttpServletResponse.SC_NOT_FOUND);
             return;
         } else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) {
             com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID);
-            String url = "/tag/" + URLEncoder.encode(synTag.getName(), CharEncoding.UTF_8);
+            String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(synTag.getName()), CharEncoding.UTF_8);
             if (request.getQueryString() != null) {
                 url += "?" + request.getQueryString();
             }
             Utils.sendPermanentRedirect(response, url);
             return;
         } else if (!paramTag.getName().equals(paramTagStr)) {
-            String url = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8);
+            String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(paramTag.getName()), CharEncoding.UTF_8);
             if (request.getQueryString() != null) {
                 url += "?" + request.getQueryString();
             }
@@ -81,26 +86,17 @@ public class Discover {
             return;
         }
 
-        int paramBefore = 0;
-        String paramBeforeStr = request.getParameter("before");
-        if (paramBeforeStr != null) {
-            try {
-                paramBefore = Integer.parseInt(paramBeforeStr);
-            } catch (NumberFormatException e) {
-            }
-        }
-
         int visitor_uid = visitor.getUid();
 
         String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName());
-        List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20);
+        List<Integer> mids = messagesService.getTag(paramTag.TID, visitor_uid, before, (visitor_uid == 0) ? 40 : 20);
 
         response.setContentType("text/html; charset=UTF-8");
         try (PrintWriter out = response.getWriter()) {
             String head = StringUtils.EMPTY;
             if (tagService.getTagNoIndex(paramTag.TID)) {
                 head = "<meta name=\"robots\" content=\"noindex,nofollow\"/>";
-            } else if (paramBefore > 0 || mids.size() < 5) {
+            } else if (before > 0 || mids.size() < 5) {
                 head = "<meta name=\"robots\" content=\"noindex\"/>";
             }
             templates.pageHead(out, visitor, title, head);
author	Vitaly Takmazov	2017-01-20 14:10:46 +0300
committer	Vitaly Takmazov	2017-01-20 14:10:46 +0300
commit	fd3b2e951400bf69ca9394d752118b6a3c039516 (patch)
tree	912b6473a1b0f8f28f0b58379fe532b3e5c52223 /juick-www
parent	0736bfd7a02c1c3991be475fae5f70607bf3070f (diff)