diff options
-rw-r--r-- | nbproject/build-impl.xml | 2 | ||||
-rw-r--r-- | nbproject/genfiles.properties | 6 | ||||
-rw-r--r-- | nbproject/project.properties | 5 | ||||
-rw-r--r-- | nbproject/project.xml | 4 | ||||
-rw-r--r-- | src/java/com/juick/api/Main.java | 2 | ||||
-rw-r--r-- | src/java/com/juick/api/Users.java | 36 | ||||
-rw-r--r-- | src/java/com/juick/api/Utils.java | 2 |
7 files changed, 29 insertions, 28 deletions
diff --git a/nbproject/build-impl.xml b/nbproject/build-impl.xml index 00a253906..c6dd50e75 100644 --- a/nbproject/build-impl.xml +++ b/nbproject/build-impl.xml @@ -693,7 +693,6 @@ exists or setup the property manually. For example like this: </target> <target depends="init,compile,compile-jsps,-pre-dist,-do-dist-with-manifest,-do-dist-without-manifest" name="do-dist"/> <target depends="init" if="dist.ear.dir" name="library-inclusion-in-manifest"> - <copyfiles files="${libs.MySQLDriver.classpath}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/> <copyfiles files="${reference.com_juick.jar}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/> <copyfiles files="${reference.com_juick_server.jar}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/> <copyfiles files="${reference.com_juick_json.jar}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/> @@ -701,7 +700,6 @@ exists or setup the property manually. For example like this: <manifest file="${build.web.dir}/META-INF/MANIFEST.MF" mode="update"/> </target> <target depends="init" name="library-inclusion-in-archive" unless="dist.ear.dir"> - <copyfiles files="${libs.MySQLDriver.classpath}" todir="${build.web.dir}/WEB-INF/lib"/> <copyfiles files="${reference.com_juick.jar}" todir="${build.web.dir}/WEB-INF/lib"/> <copyfiles files="${reference.com_juick_server.jar}" todir="${build.web.dir}/WEB-INF/lib"/> <copyfiles files="${reference.com_juick_json.jar}" todir="${build.web.dir}/WEB-INF/lib"/> diff --git a/nbproject/genfiles.properties b/nbproject/genfiles.properties index fd5f8a0bb..0b0474515 100644 --- a/nbproject/genfiles.properties +++ b/nbproject/genfiles.properties @@ -1,8 +1,8 @@ -build.xml.data.CRC32=0970a525 +build.xml.data.CRC32=649ef84a build.xml.script.CRC32=2226508e build.xml.stylesheet.CRC32=651128d4@1.33.1.1 # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. -nbproject/build-impl.xml.data.CRC32=0970a525 -nbproject/build-impl.xml.script.CRC32=76130e45 +nbproject/build-impl.xml.data.CRC32=649ef84a +nbproject/build-impl.xml.script.CRC32=3499afe6 nbproject/build-impl.xml.stylesheet.CRC32=0cbf5bb7@1.33.1.1 diff --git a/nbproject/project.properties b/nbproject/project.properties index f54b89b4c..5d65b1aa0 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -34,7 +34,6 @@ j2ee.platform.classpath=${j2ee.server.home}/lib/catalina-ant.jar:${j2ee.server.h j2ee.server.type=Tomcat jar.compress=false javac.classpath=\ - ${libs.MySQLDriver.classpath}:\ ${reference.com_juick.jar}:\ ${reference.com_juick_server.jar}:\ ${reference.com_juick_json.jar} @@ -85,7 +84,7 @@ source.root=src src.dir=${source.root}/java test.src.dir=test war.content.additional= -war.ear.name=com.juick.http.api.war -war.name=com.juick.http.api.war +war.ear.name=com.juick.api.war +war.name=com.juick.api.war web.docbase.dir=web webinf.dir=web/WEB-INF diff --git a/nbproject/project.xml b/nbproject/project.xml index 72915234b..6d66c0213 100644 --- a/nbproject/project.xml +++ b/nbproject/project.xml @@ -7,10 +7,6 @@ <minimum-ant-version>1.6.5</minimum-ant-version> <web-module-libraries> <library dirs="200"> - <file>${libs.MySQLDriver.classpath}</file> - <path-in-war>WEB-INF/lib</path-in-war> - </library> - <library dirs="200"> <file>${reference.com_juick.jar}</file> <path-in-war>WEB-INF/lib</path-in-war> </library> diff --git a/src/java/com/juick/api/Main.java b/src/java/com/juick/api/Main.java index d32a00aa4..ebbeb103c 100644 --- a/src/java/com/juick/api/Main.java +++ b/src/java/com/juick/api/Main.java @@ -125,7 +125,7 @@ public class Main extends HttpServlet { response.setHeader("Access-Control-Allow-Origin", "*"); String callback = request.getParameter("callback"); - if (callback.length() > 64 || !callback.matches("a-zA-Z0-9\\-")) { + if (callback != null && (callback.length() > 64 || !callback.matches("[a-zA-Z0-9\\-]+"))) { callback = null; } diff --git a/src/java/com/juick/api/Users.java b/src/java/com/juick/api/Users.java index 5810ddba8..2c60a95f8 100644 --- a/src/java/com/juick/api/Users.java +++ b/src/java/com/juick/api/Users.java @@ -21,17 +21,21 @@ public class Users { } public void doGetUserRead(HttpServletRequest request, HttpServletResponse response, int vuid) throws ServletException, IOException { - int uid = vuid; - String paramUID = request.getParameter("user_id"); - if (paramUID != null) { - try { - uid = Integer.parseInt(paramUID); - } catch (NumberFormatException e) { + int uid = 0; + String uname = request.getParameter("uname"); + if (uname == null) { + uid = vuid; + } else { + if (UserQueries.checkUserNameValid(uname)) { + com.juick.User u = UserQueries.getUserByNick(sql, uname); + if (u != null && u.UID > 0) { + uid = u.UID; + } } } if (uid > 0) { - ArrayList<Integer> uids = UserQueries.getUserRead(sql, vuid); + ArrayList<Integer> uids = UserQueries.getUserRead(sql, uid); if (uids.size() > 0) { ArrayList<com.juick.User> users = UserQueries.getUsersByID(sql, uids); if (users.size() > 0) { @@ -45,17 +49,21 @@ public class Users { } public void doGetUserReaders(HttpServletRequest request, HttpServletResponse response, int vuid) throws ServletException, IOException { - int uid = vuid; - String paramUID = request.getParameter("user_id"); - if (paramUID != null) { - try { - uid = Integer.parseInt(paramUID); - } catch (NumberFormatException e) { + int uid = 0; + String uname = request.getParameter("uname"); + if (uname == null) { + uid = vuid; + } else { + if (UserQueries.checkUserNameValid(uname)) { + com.juick.User u = UserQueries.getUserByNick(sql, uname); + if (u != null && u.UID > 0) { + uid = u.UID; + } } } if (uid > 0) { - ArrayList<Integer> uids = UserQueries.getUserReaders(sql, vuid); + ArrayList<Integer> uids = UserQueries.getUserReaders(sql, uid); if (uids.size() > 0) { ArrayList<com.juick.User> users = UserQueries.getUsersByID(sql, uids); if (users.size() > 0) { diff --git a/src/java/com/juick/api/Utils.java b/src/java/com/juick/api/Utils.java index b325b19a8..cac5612d5 100644 --- a/src/java/com/juick/api/Utils.java +++ b/src/java/com/juick/api/Utils.java @@ -75,7 +75,7 @@ public class Utils { try { BASE64Decoder dec = new BASE64Decoder(); String loginpassw[] = new String(dec.decodeBuffer(auth.substring(6))).split(":", 2); - if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("a-zA-Z0-9\\-") && !loginpassw[1].isEmpty()) { + if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("[a-zA-Z0-9\\-]+") && !loginpassw[1].isEmpty()) { return UserQueries.checkPassword(sql, loginpassw[0], loginpassw[1]); } } catch (IOException e) { |