aboutsummaryrefslogtreecommitdiff
path: root/src/main
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2019-04-07 01:59:33 +0300
committerGravatar Vitaly Takmazov2019-04-07 01:59:33 +0300
commite359e0788d4d9c675a88daaebda416f38e2ac03a (patch)
tree379cccea18d81ae56036dcb536c8a75c237ae43b /src/main
parent384c61ceae3301c6bc92ee6f591ed9d186b15204 (diff)
Tags should be unescaped before storing
Test tag is Test tag
Diffstat (limited to 'src/main')
-rw-r--r--src/main/java/com/juick/server/CommandsManager.java3
-rw-r--r--src/main/java/com/juick/service/MessagesServiceImpl.java2
-rw-r--r--src/main/resources/templates/views/macros/tags.html4
-rw-r--r--src/main/resources/templates/views/partial/tags.html2
4 files changed, 6 insertions, 5 deletions
diff --git a/src/main/java/com/juick/server/CommandsManager.java b/src/main/java/com/juick/server/CommandsManager.java
index f6f29941..fdea0d83 100644
--- a/src/main/java/com/juick/server/CommandsManager.java
+++ b/src/main/java/com/juick/server/CommandsManager.java
@@ -35,6 +35,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.lang3.reflect.MethodUtils;
import org.apache.commons.lang3.tuple.Pair;
+import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
@@ -91,7 +92,7 @@ public class CommandsManager {
if (strippedData.startsWith("?OTR")) {
return CommandResult.fromString("?OTR Error: we are not using OTR");
}
- String input = MessageUtils.stripNonSafeUrls(strippedData);
+ String input = StringEscapeUtils.unescapeHtml4(MessageUtils.stripNonSafeUrls(strippedData));
Optional<Method> cmd = MethodUtils.getMethodsListWithAnnotation(getClass(), UserCommand.class).stream()
.filter(m -> Pattern.compile(m.getAnnotation(UserCommand.class).pattern(),
m.getAnnotation(UserCommand.class).patternFlags()).matcher(input).matches())
diff --git a/src/main/java/com/juick/service/MessagesServiceImpl.java b/src/main/java/com/juick/service/MessagesServiceImpl.java
index 3e09d204..2bae04e6 100644
--- a/src/main/java/com/juick/service/MessagesServiceImpl.java
+++ b/src/main/java/com/juick/service/MessagesServiceImpl.java
@@ -765,7 +765,7 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
return getNamedParameterJdbcTemplate().queryForList(
"SELECT messages.message_id FROM messages_tags INNER JOIN messages " +
- " USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " +
+ " ON messages.message_id = messages_tags.message_id WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " +
(before > 0 ?
" AND messages.message_id < :before " : StringUtils.EMPTY) +
" AND messages.privacy >= :privacy ORDER BY messages.message_id DESC LIMIT 20",
diff --git a/src/main/resources/templates/views/macros/tags.html b/src/main/resources/templates/views/macros/tags.html
index defed8e6..08687f5a 100644
--- a/src/main/resources/templates/views/macros/tags.html
+++ b/src/main/resources/templates/views/macros/tags.html
@@ -1,11 +1,11 @@
{% macro tags(uname="", tagsList) %}
{% for tag in tagsList %}
-<a href="/{{ uname }}/?tag={{ tag | urlencode }}">{{ tag | raw }}</a>
+<a href="/{{ uname }}/?tag={{ tag | urlencode }}">{{ tag }}</a>
{% endfor %}
{% endmacro %}
{% macro allTags(baseUri, tagsList) %}
{% for tag in tagsList %}
-<a href="{{ baseUri }}tag/{{ tag | urlencode }}">#{{ tag | raw }}</a>
+<a href="{{ baseUri }}tag/{{ tag | urlencode }}">#{{ tag }}</a>
{% endfor %}
{% endmacro %} \ No newline at end of file
diff --git a/src/main/resources/templates/views/partial/tags.html b/src/main/resources/templates/views/partial/tags.html
index 3235213e..4d05b7fb 100644
--- a/src/main/resources/templates/views/partial/tags.html
+++ b/src/main/resources/templates/views/partial/tags.html
@@ -1,3 +1,3 @@
{% for tag in tags %}
- <a href="/tag/{{ tag | urlencode }}" title="{{ tag }}">{{ tag | raw }}</a>
+ <a href="/tag/{{ tag | urlencode }}" title="{{ tag }}">{{ tag }}</a>
{% endfor %} \ No newline at end of file