aboutsummaryrefslogtreecommitdiff
path: root/juick-www
diff options
context:
space:
mode:
Diffstat (limited to 'juick-www')
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/NewMessage.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
index 585a4906..7c378930 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
@@ -106,6 +106,9 @@ public class NewMessage {
@RequestParam(required = false, name = "tags") String tagsStr,
@RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.getUid() == 0 || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
throw new HttpBadRequestException();
}
@@ -206,6 +209,9 @@ public class NewMessage {
@RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.getUid() == 0 || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
com.juick.Message msg = messagesService.getMessage(mid);
if (msg == null) {
throw new HttpNotFoundException();