diff options
Diffstat (limited to 'src/java/com')
-rw-r--r-- | src/java/com/juick/http/www/Blogs.java | 36 | ||||
-rw-r--r-- | src/java/com/juick/http/www/Login.java | 4 | ||||
-rw-r--r-- | src/java/com/juick/http/www/Main.java | 2 | ||||
-rw-r--r-- | src/java/com/juick/http/www/NewMessage.java | 12 | ||||
-rw-r--r-- | src/java/com/juick/http/www/PageTemplates.java | 13 | ||||
-rw-r--r-- | src/java/com/juick/http/www/UserThread.java | 38 |
6 files changed, 79 insertions, 26 deletions
diff --git a/src/java/com/juick/http/www/Blogs.java b/src/java/com/juick/http/www/Blogs.java index 1e212b7a..a1cfdeb0 100644 --- a/src/java/com/juick/http/www/Blogs.java +++ b/src/java/com/juick/http/www/Blogs.java @@ -83,17 +83,37 @@ public class Blogs { mids = MessagesQueries.getAll(sql, paramBefore); } } else if (paramShow.equals("my")) { - title = rb.getString("My feed"); - mids = MessagesQueries.getMyFeed(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("My feed"); + mids = MessagesQueries.getMyFeed(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("private")) { - title = rb.getString("Private"); - mids = MessagesQueries.getPrivate(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("Private"); + mids = MessagesQueries.getPrivate(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("incoming")) { - title = rb.getString("Incoming"); - mids = MessagesQueries.getIncoming(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("Incoming"); + mids = MessagesQueries.getIncoming(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("recommended")) { - title = rb.getString("Recommended"); - mids = MessagesQueries.getRecommended(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("Recommended"); + mids = MessagesQueries.getRecommended(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("top")) { title = rb.getString("Popular"); mids = MessagesQueries.getPopular(sql, paramBefore); diff --git a/src/java/com/juick/http/www/Login.java b/src/java/com/juick/http/www/Login.java index 1baf6e43..0006f9d0 100644 --- a/src/java/com/juick/http/www/Login.java +++ b/src/java/com/juick/http/www/Login.java @@ -73,7 +73,7 @@ public class Login { if (com.juick.server.UserQueries.getUIDbyHash(sql, hash) > 0) { Cookie c = new Cookie("hash", hash); c.setDomain(".juick.com"); - c.setMaxAge(0); + c.setMaxAge(365 * 24 * 60 * 60); response.addCookie(c); response.sendRedirect("/"); @@ -95,7 +95,7 @@ public class Login { String hash = com.juick.server.UserQueries.getHashByUID(sql, uid); Cookie c = new Cookie("hash", hash); c.setDomain(".juick.com"); - c.setMaxAge(0); + c.setMaxAge(365 * 24 * 60 * 60); response.addCookie(c); String referer = request.getHeader("Referer"); diff --git a/src/java/com/juick/http/www/Main.java b/src/java/com/juick/http/www/Main.java index b7f95a4a..910a554f 100644 --- a/src/java/com/juick/http/www/Main.java +++ b/src/java/com/juick/http/www/Main.java @@ -149,7 +149,7 @@ public class Main extends HttpServlet implements XmppListener { //TODO settings } else if (uri.matches("^/\\d+$")) { rootRedirects.doGetPostID(sql, request, response); - } else if (uri.matches("^/[^/]$")) { + } else if (uri.matches("^/[^/]+$")) { rootRedirects.doGetUsername(sql, request, response); } else if (uri.matches("^/.+/.*")) { String uriparts[] = uri.split("/"); diff --git a/src/java/com/juick/http/www/NewMessage.java b/src/java/com/juick/http/www/NewMessage.java index 1beacf62..d35af8f3 100644 --- a/src/java/com/juick/http/www/NewMessage.java +++ b/src/java/com/juick/http/www/NewMessage.java @@ -54,10 +54,18 @@ public class NewMessage { out.println("<div id=\"wrapper\"><div id=\"content\" class=\"pagetext\">"); out.println("<form action=\"/post\" method=\"post\" id=\"postmsg\" enctype=\"multipart/form-data\">"); out.println("<p style=\"text-align: left\"><b>" + rbnm.getString("Location") + ": <span id=\"location\"></span></b> <span id=\"locationclear\">— <a href=\"#\" onclick=\"clearLocation()\">" + rbnm.getString("Clear") + "</a></span></p>"); - out.println("<p style=\"text-align: left\"><b>" + rbnm.getString("Attachment") + ":</b> <span id=\"attachmentfile\"><input type=\"file\" name=\"attach\"$canmedia/> " + rbnm.getString("or") + " <a href=\"#\" onclick=\"webcamShow(); return false;\">" + rbnm.getString("from webcam") + "</a><br/>"); + out.println("<p style=\"text-align: left\"><b>" + rbnm.getString("Attachment") + ":</b> <span id=\"attachmentfile\"><input type=\"file\" name=\"attach\"" + (com.juick.server.UserQueries.getCanMedia(sql, visitor.UID) ? "" : " disabled=\"disabled\"") + "/> " + rbnm.getString("or") + " <a href=\"#\" onclick=\"webcamShow(); return false;\">" + rbnm.getString("from webcam") + "</a><br/>"); out.println("<i>" + rbnm.getString("Photo_JPG") + "</i></span><span id=\"attachmentwebcam\">" + rbnm.getString("Webcam photo") + " — <a href=\"#\" onclick=\"clearAttachment(); return false;\">" + rbnm.getString("Clear") + "</a></span></p>"); out.println("<div id=\"webcamwrap\" style=\"width: 320px; margin: 0 auto\"><div id=\"webcam\"></div></div>"); - out.println("<p><textarea name=\"body\" rows=\"7\" cols=\"10\">" + "" + "</textarea><br/>"); + + String body = request.getParameter("body"); + if (body != null && body.length() < 4096) { + body = Utils.encodeHTML(body); + } else { + body = ""; + } + out.println("<p><textarea name=\"body\" class=\"newmessage\" rows=\"7\" cols=\"10\">" + body + "</textarea><br/>"); + out.println("<input type=\"hidden\" name=\"place_id\"/><input type=\"hidden\" name=\"webcam\"/>" + "" + "<input type=\"submit\" class=\"subm\" value=\" " + rbnm.getString("Post") + " \"/></p>"); out.println("</form>"); out.println("<div id=\"geomap\"></div>"); diff --git a/src/java/com/juick/http/www/PageTemplates.java b/src/java/com/juick/http/www/PageTemplates.java index 4997f778..b7b2f536 100644 --- a/src/java/com/juick/http/www/PageTemplates.java +++ b/src/java/com/juick/http/www/PageTemplates.java @@ -62,7 +62,7 @@ public class PageTemplates { public static void pageNavigation(PrintWriter out, Locale loc, com.juick.User user) { ResourceBundle rb = ResourceBundle.getBundle("Global", loc); out.println("<div id=\"header\">"); - out.println("<div id=\"logo\"><a href=\"/?show=my\"><img src=\"http://static.juick.com/logo3.png\" width=\"120\" height=\"40\" alt=\"Juick\"/></a></div>"); + out.println("<div id=\"logo\"><a href=\"" + (user != null ? "/?show=my" : "/") + "\"><img src=\"http://static.juick.com/logo3.png\" width=\"120\" height=\"40\" alt=\"Juick\"/></a></div>"); out.println(" <ul id=\"nav\">"); out.println(" <li><a href=\"/\">" + rb.getString("Blogs") + "</a></li>"); // out.println(" <li><a href=\"/chats\">" + rb.getString("Chats") + "</a></li>"); @@ -324,9 +324,12 @@ public class PageTemplates { // lat // lon + boolean cancomment = true; + tags = (tags != null) ? formatTags(tags) : ""; if (rs.getInt(5) == 1) { tags += " *readonly"; + cancomment = false; } switch (rs.getInt(6)) { case 2: @@ -361,7 +364,9 @@ public class PageTemplates { out.println(" <div class=\"msg-avatar\"><a href=\"/" + uname + "/\"><img src=\"http://i.juick.com/a/" + uid + ".png\" alt=\"" + uname + "\"/></a></div>"); out.println(" <div class=\"msg-ts\"><a href=\"/" + uname + "/" + mid + "\">" + formatDate(rs.getInt(8), rs.getString(9), locale) + "</a><div class=\"msg-menu\"><a href=\"#\" onclick=\"$('#msg-menu-" + mid + "').toggle('blind'); return false\"><img src=\"http://static.juick.com/message-menu-icon.png\"></a><ul id=\"msg-menu-" + mid + "\">"); - out.println(" <li><a href=\"#\" onclick=\"return false\">Under construction</a></li>"); + out.println(" <li><a href=\"/post?body=%21%20%23" + mid + "\">" + rb.getString("Recommend message") + "</a></li>"); + out.println(" <li><a href=\"/post?body=%40" + uname + "%20\">" + rb.getString("Send private message") + "</a></li>"); + out.println(" <li><a href=\"/post?body=BL%20%40" + uname + "\">" + rb.getString("Block user") + "</a></li>"); out.println(" </ul></div></div>"); out.println(" <div class=\"msg-header\"><a href=\"/" + uname + "/\">@" + uname + "</a>:" + tags + "</div>"); out.println(" <div class=\"msg-txt\">" + txt + "</div>"); @@ -372,9 +377,9 @@ public class PageTemplates { repliesby = "..."; } out.println(" <div class=\"msg-comments\"><a href=\"/" + uname + "/" + mid + "\">" + formatReplies(rs.getInt(10), locale) + "</a> " + rb.getString("(replies) by") + " " + repliesby + "</div>"); - } else { + } else if (cancomment) { out.println(" <form action=\"/post\" method=\"POST\" enctype=\"multipart/form-data\"><input type=\"hidden\" name=\"mid\" value=\"" + mid + "\"/>"); - out.println(" <div class=\"msg-comment\"><textarea name=\"body\" rows=\"1\" class=\"reply\" placeholder=\"Add a comment...\" onkeypress=\"postformListener(this.form,event)\"></textarea></div>"); + out.println(" <div class=\"msg-comment\"><textarea name=\"body\" rows=\"1\" class=\"reply\" placeholder=\"Add a comment...\" onkeypress=\"postformListener(this.form,event)\"></textarea><input type=\"submit\" value=\"OK\"/></div>"); out.println(" </form>"); } out.println(" </li>"); diff --git a/src/java/com/juick/http/www/UserThread.java b/src/java/com/juick/http/www/UserThread.java index eb3adfad..406698bf 100644 --- a/src/java/com/juick/http/www/UserThread.java +++ b/src/java/com/juick/http/www/UserThread.java @@ -17,6 +17,7 @@ */ package com.juick.http.www; +import com.juick.server.MessagesQueries; import com.juick.server.UserQueries; import java.io.IOException; import java.io.PrintWriter; @@ -41,6 +42,11 @@ public class UserThread { com.juick.User visitor = Utils.getVisitorUser(sql, request); Locale locale = request.getLocale(); + if (!MessagesQueries.canViewThread(sql, MID, visitor != null ? visitor.UID : 0)) { + response.sendError(403); + return; + } + boolean listview = false; String paramView = request.getParameter("view"); if (paramView != null) { @@ -65,6 +71,7 @@ public class UserThread { PageTemplates.pageNavigation(out, locale, visitor); PageTemplates.pageUserTitle(out, sql, locale, user, visitor); + out.println("<div id=\"wrapper\">"); out.println("<div id=\"content\" style=\"margin-left: 0; width: 100%\">"); @@ -105,9 +112,12 @@ public class UserThread { // lat // lon + boolean cancomment = true; + tags = (tags != null) ? PageTemplates.formatTags(tags) : ""; if (rs.getInt(5) == 1) { tags += " *readonly"; + cancomment = false; } switch (rs.getInt(6)) { case 2: @@ -139,14 +149,18 @@ public class UserThread { out.println(" <div class=\"msg-avatar\"><a href=\"/" + uname + "/\"><img src=\"http://i.juick.com/a/" + uid + ".png\" alt=\"" + uname + "\"/></a></div>"); out.println(" <div class=\"msg-ts\"><a href=\"/" + uname + "/" + mid + "\">" + PageTemplates.formatDate(rs.getInt(8), rs.getString(9), locale) + "</a><div class=\"msg-menu\"><a href=\"#\" onclick=\"$('#msg-menu-" + mid + "').toggle('blind'); return false\"><img src=\"http://static.juick.com/message-menu-icon.png\"></a><ul id=\"msg-menu-" + mid + "\">"); - out.println(" <li><a href=\"#\" onclick=\"return false\">Under construction</a></li>"); + out.println(" <li><a href=\"/post?body=%21%20%23" + mid + "\">" + rb.getString("Recommend message") + "</a></li>"); + out.println(" <li><a href=\"/post?body=%40" + uname + "%20\">" + rb.getString("Send private message") + "</a></li>"); + out.println(" <li><a href=\"/post?body=BL%20%40" + uname + "\">" + rb.getString("Block user") + "</a></li>"); out.println(" </ul></div></div>"); out.println(" <div class=\"msg-header\"><a href=\"/" + uname + "/\">@" + uname + "</a>:" + tags + "</div>"); out.println(" <div class=\"msg-txt\">" + txt + "</div>"); - out.println(" <form action=\"/post\" method=\"POST\" enctype=\"multipart/form-data\"><input type=\"hidden\" name=\"mid\" value=\"" + mid + "\"/>"); - out.println(" <div class=\"msg-comment\"><textarea name=\"body\" rows=\"1\" class=\"reply\" placeholder=\"Add a comment...\" onkeypress=\"postformListener(this.form,event)\"></textarea></div>"); - out.println(" </form>"); + if (cancomment) { + out.println(" <form action=\"/post\" method=\"POST\" enctype=\"multipart/form-data\"><input type=\"hidden\" name=\"mid\" value=\"" + mid + "\"/>"); + out.println(" <div class=\"msg-comment\"><textarea name=\"body\" rows=\"1\" class=\"reply\" placeholder=\"Add a comment...\" onkeypress=\"postformListener(this.form,event)\"></textarea><input type=\"submit\" value=\"OK\"/></div>"); + out.println(" </form>"); + } out.println(" </li>"); out.println("</ul>"); @@ -259,8 +273,9 @@ public class UserThread { } } out.println(" <div class=\"msg-avatar\"><a href=\"/" + msg.User.UName + "/\"><img src=\"http://i.juick.com/a/" + msg.User.UID + ".png\" alt=\"" + msg.User.UName + "\"/></a></div>"); - out.println(" <div class=\"msg-ts\"><a href=\"/" + msg.User.UName + "/" + msg.MID + "#" + msg.RID + "\">" + PageTemplates.formatDate(msg.MinutesAgo, msg.TimestampString, locale) + "</a><div class=\"msg-menu\"><a href=\"#\" onclick=\"$('#msg-menu-" + msg.MID + "-" + msg.RID + "').toggle('blind'); return false\"><img src=\"http://static.juick.com/message-menu-icon.png\"/></a><ul id=\"msg-menu-" + msg.MID + "-" + msg.RID + "\">"); - out.println(" <li><a href=\"#\" onclick=\"return false\">Under construction</a></li>"); + out.println(" <div class=\"msg-ts\"><a href=\"/" + msg.MID + "#" + msg.RID + "\">" + PageTemplates.formatDate(msg.MinutesAgo, msg.TimestampString, locale) + "</a><div class=\"msg-menu\"><a href=\"#\" onclick=\"$('#msg-menu-" + msg.MID + "-" + msg.RID + "').toggle('blind'); return false\"><img src=\"http://static.juick.com/message-menu-icon.png\"/></a><ul id=\"msg-menu-" + msg.MID + "-" + msg.RID + "\">"); + out.println(" <li><a href=\"/post?body=%40" + msg.User.UName + "%20\">" + rb.getString("Send private message") + "</a></li>"); + out.println(" <li><a href=\"/post?body=BL%20%40" + msg.User.UName + "\">" + rb.getString("Block user") + "</a></li>"); out.println(" </ul></div></div>"); out.println(" <div class=\"msg-header\"><a href=\"/" + msg.User.UName + "/\">@" + msg.User.UName + "</a>:</div>"); out.println(" <div class=\"msg-txt\">" + msg.Text + "</div>"); @@ -297,12 +312,17 @@ public class UserThread { } } out.println(" <div class=\"msg-avatar\"><a href=\"/" + msg.User.UName + "/\"><img src=\"http://i.juick.com/a/" + msg.User.UID + ".png\"></a></div>"); - out.println(" <div class=\"msg-ts\"><a href=\"/" + msg.User.UName + "/" + msg.MID + "#" + msg.RID + "\">" + PageTemplates.formatDate(msg.MinutesAgo, msg.TimestampString, locale) + "</a><div class=\"msg-menu\"><a href=\"#\" onclick=\"return msgMenu(" + msg.MID + ")\"><img src=\"http://static.juick.com/message-menu-icon.png\"></a><ul id=\"msg-menu-" + msg.MID + "\">"); - out.println(" <li><a href=\"#\" onclick=\"return false\">Under construction</a></li>"); + out.println(" <div class=\"msg-ts\"><a href=\"/" + msg.MID + "#" + msg.RID + "\">" + PageTemplates.formatDate(msg.MinutesAgo, msg.TimestampString, locale) + "</a><div class=\"msg-menu\"><a href=\"#\" onclick=\"$('#msg-menu-" + msg.MID + "-" + msg.RID + "').toggle('blind'); return false\"><img src=\"http://static.juick.com/message-menu-icon.png\"></a><ul id=\"msg-menu-" + msg.MID + "\">"); + out.println(" <li><a href=\"/post?body=%40" + msg.User.UName + "%20\">" + rb.getString("Send private message") + "</a></li>"); + out.println(" <li><a href=\"/post?body=BL%20%40" + msg.User.UName + "\">" + rb.getString("Block user") + "</a></li>"); out.println(" </ul></div></div>"); out.println(" <div class=\"msg-header\"><a href=\"/" + msg.User.UName + "/\">@" + msg.User.UName + "</a>:</div>"); out.println(" <div class=\"msg-txt\">" + msg.Text + "</div>"); - out.println(" <div class=\"msg-links\"><a href=\"#\" onclick=\"return showCommentForm(" + msg.MID + "," + msg.RID + ")\">" + rb.getString("Comment") + "</a></div>"); + out.print(" <div class=\"msg-links\">/" + msg.RID); + if (msg.ReplyTo > 0) { + out.print(" " + rb.getString("in reply to") + " <a href=\"#" + msg.ReplyTo + "\">/" + msg.ReplyTo + "</a>"); + } + out.println(" · <a href=\"#\" onclick=\"return showCommentForm(" + msg.MID + "," + msg.RID + ")\">" + rb.getString("Comment") + "</a></div>"); out.println(" <div class=\"msg-comment\" style=\"display: none\"></div>"); out.println(" </li>"); } |