diff options
Diffstat (limited to 'src/java')
-rw-r--r-- | src/java/com/juick/api/Main.java | 2 | ||||
-rw-r--r-- | src/java/com/juick/api/Users.java | 36 | ||||
-rw-r--r-- | src/java/com/juick/api/Utils.java | 2 |
3 files changed, 24 insertions, 16 deletions
diff --git a/src/java/com/juick/api/Main.java b/src/java/com/juick/api/Main.java index d32a00aa4..ebbeb103c 100644 --- a/src/java/com/juick/api/Main.java +++ b/src/java/com/juick/api/Main.java @@ -125,7 +125,7 @@ public class Main extends HttpServlet { response.setHeader("Access-Control-Allow-Origin", "*"); String callback = request.getParameter("callback"); - if (callback.length() > 64 || !callback.matches("a-zA-Z0-9\\-")) { + if (callback != null && (callback.length() > 64 || !callback.matches("[a-zA-Z0-9\\-]+"))) { callback = null; } diff --git a/src/java/com/juick/api/Users.java b/src/java/com/juick/api/Users.java index 5810ddba8..2c60a95f8 100644 --- a/src/java/com/juick/api/Users.java +++ b/src/java/com/juick/api/Users.java @@ -21,17 +21,21 @@ public class Users { } public void doGetUserRead(HttpServletRequest request, HttpServletResponse response, int vuid) throws ServletException, IOException { - int uid = vuid; - String paramUID = request.getParameter("user_id"); - if (paramUID != null) { - try { - uid = Integer.parseInt(paramUID); - } catch (NumberFormatException e) { + int uid = 0; + String uname = request.getParameter("uname"); + if (uname == null) { + uid = vuid; + } else { + if (UserQueries.checkUserNameValid(uname)) { + com.juick.User u = UserQueries.getUserByNick(sql, uname); + if (u != null && u.UID > 0) { + uid = u.UID; + } } } if (uid > 0) { - ArrayList<Integer> uids = UserQueries.getUserRead(sql, vuid); + ArrayList<Integer> uids = UserQueries.getUserRead(sql, uid); if (uids.size() > 0) { ArrayList<com.juick.User> users = UserQueries.getUsersByID(sql, uids); if (users.size() > 0) { @@ -45,17 +49,21 @@ public class Users { } public void doGetUserReaders(HttpServletRequest request, HttpServletResponse response, int vuid) throws ServletException, IOException { - int uid = vuid; - String paramUID = request.getParameter("user_id"); - if (paramUID != null) { - try { - uid = Integer.parseInt(paramUID); - } catch (NumberFormatException e) { + int uid = 0; + String uname = request.getParameter("uname"); + if (uname == null) { + uid = vuid; + } else { + if (UserQueries.checkUserNameValid(uname)) { + com.juick.User u = UserQueries.getUserByNick(sql, uname); + if (u != null && u.UID > 0) { + uid = u.UID; + } } } if (uid > 0) { - ArrayList<Integer> uids = UserQueries.getUserReaders(sql, vuid); + ArrayList<Integer> uids = UserQueries.getUserReaders(sql, uid); if (uids.size() > 0) { ArrayList<com.juick.User> users = UserQueries.getUsersByID(sql, uids); if (users.size() > 0) { diff --git a/src/java/com/juick/api/Utils.java b/src/java/com/juick/api/Utils.java index b325b19a8..cac5612d5 100644 --- a/src/java/com/juick/api/Utils.java +++ b/src/java/com/juick/api/Utils.java @@ -75,7 +75,7 @@ public class Utils { try { BASE64Decoder dec = new BASE64Decoder(); String loginpassw[] = new String(dec.decodeBuffer(auth.substring(6))).split(":", 2); - if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("a-zA-Z0-9\\-") && !loginpassw[1].isEmpty()) { + if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("[a-zA-Z0-9\\-]+") && !loginpassw[1].isEmpty()) { return UserQueries.checkPassword(sql, loginpassw[0], loginpassw[1]); } } catch (IOException e) { |