diff options
| author |  Vitaly Takmazov | 2019-04-07 01:59:33 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2019-04-07 01:59:33 +0300 |
| commit | e359e0788d4d9c675a88daaebda416f38e2ac03a (patch) | |
| tree | 379cccea18d81ae56036dcb536c8a75c237ae43b /src/main | |
| parent | 384c61ceae3301c6bc92ee6f591ed9d186b15204 (diff) | |
Tags should be unescaped before storing
Test tag is Test tag
Diffstat (limited to 'src/main')
4 files changed, 6 insertions, 5 deletions
diff --git a/src/main/java/com/juick/server/CommandsManager.java b/src/main/java/com/juick/server/CommandsManager.java index f6f29941..fdea0d83 100644 --- a/src/main/java/com/juick/server/CommandsManager.java +++ b/src/main/java/com/juick/server/CommandsManager.java @@ -35,6 +35,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.apache.commons.lang3.reflect.MethodUtils; import org.apache.commons.lang3.tuple.Pair; +import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; @@ -91,7 +92,7 @@ public class CommandsManager { if (strippedData.startsWith("?OTR")) { return CommandResult.fromString("?OTR Error: we are not using OTR"); } - String input = MessageUtils.stripNonSafeUrls(strippedData); + String input = StringEscapeUtils.unescapeHtml4(MessageUtils.stripNonSafeUrls(strippedData)); Optional<Method> cmd = MethodUtils.getMethodsListWithAnnotation(getClass(), UserCommand.class).stream() .filter(m -> Pattern.compile(m.getAnnotation(UserCommand.class).pattern(), m.getAnnotation(UserCommand.class).patternFlags()).matcher(input).matches()) diff --git a/src/main/java/com/juick/service/MessagesServiceImpl.java b/src/main/java/com/juick/service/MessagesServiceImpl.java index 3e09d204..2bae04e6 100644 --- a/src/main/java/com/juick/service/MessagesServiceImpl.java +++ b/src/main/java/com/juick/service/MessagesServiceImpl.java @@ -765,7 +765,7 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ return getNamedParameterJdbcTemplate().queryForList( "SELECT messages.message_id FROM messages_tags INNER JOIN messages " + - " USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " + + " ON messages.message_id = messages_tags.message_id WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " + (before > 0 ? " AND messages.message_id < :before " : StringUtils.EMPTY) + " AND messages.privacy >= :privacy ORDER BY messages.message_id DESC LIMIT 20", diff --git a/src/main/resources/templates/views/macros/tags.html b/src/main/resources/templates/views/macros/tags.html index defed8e6..08687f5a 100644 --- a/src/main/resources/templates/views/macros/tags.html +++ b/src/main/resources/templates/views/macros/tags.html @@ -1,11 +1,11 @@ {% macro tags(uname="", tagsList) %} {% for tag in tagsList %} -<a href="/{{ uname }}/?tag={{ tag | urlencode }}">{{ tag | raw }}</a> +<a href="/{{ uname }}/?tag={{ tag | urlencode }}">{{ tag }}</a> {% endfor %} {% endmacro %} {% macro allTags(baseUri, tagsList) %} {% for tag in tagsList %} -<a href="{{ baseUri }}tag/{{ tag | urlencode }}">#{{ tag | raw }}</a> +<a href="{{ baseUri }}tag/{{ tag | urlencode }}">#{{ tag }}</a> {% endfor %} {% endmacro %}
\ No newline at end of file diff --git a/src/main/resources/templates/views/partial/tags.html b/src/main/resources/templates/views/partial/tags.html index 3235213e..4d05b7fb 100644 --- a/src/main/resources/templates/views/partial/tags.html +++ b/src/main/resources/templates/views/partial/tags.html @@ -1,3 +1,3 @@ {% for tag in tags %} - <a href="/tag/{{ tag | urlencode }}" title="{{ tag }}">{{ tag | raw }}</a> + <a href="/tag/{{ tag | urlencode }}" title="{{ tag }}">{{ tag }}</a> {% endfor %}
\ No newline at end of file |