aboutsummaryrefslogtreecommitdiff
path: root/src/java
diff options
context:
space:
mode:
Diffstat (limited to 'src/java')
-rw-r--r--src/java/com/juick/api/Main.java2
-rw-r--r--src/java/com/juick/api/Users.java36
-rw-r--r--src/java/com/juick/api/Utils.java2
3 files changed, 24 insertions, 16 deletions
diff --git a/src/java/com/juick/api/Main.java b/src/java/com/juick/api/Main.java
index d32a00aa4..ebbeb103c 100644
--- a/src/java/com/juick/api/Main.java
+++ b/src/java/com/juick/api/Main.java
@@ -125,7 +125,7 @@ public class Main extends HttpServlet {
response.setHeader("Access-Control-Allow-Origin", "*");
String callback = request.getParameter("callback");
- if (callback.length() > 64 || !callback.matches("a-zA-Z0-9\\-")) {
+ if (callback != null && (callback.length() > 64 || !callback.matches("[a-zA-Z0-9\\-]+"))) {
callback = null;
}
diff --git a/src/java/com/juick/api/Users.java b/src/java/com/juick/api/Users.java
index 5810ddba8..2c60a95f8 100644
--- a/src/java/com/juick/api/Users.java
+++ b/src/java/com/juick/api/Users.java
@@ -21,17 +21,21 @@ public class Users {
}
public void doGetUserRead(HttpServletRequest request, HttpServletResponse response, int vuid) throws ServletException, IOException {
- int uid = vuid;
- String paramUID = request.getParameter("user_id");
- if (paramUID != null) {
- try {
- uid = Integer.parseInt(paramUID);
- } catch (NumberFormatException e) {
+ int uid = 0;
+ String uname = request.getParameter("uname");
+ if (uname == null) {
+ uid = vuid;
+ } else {
+ if (UserQueries.checkUserNameValid(uname)) {
+ com.juick.User u = UserQueries.getUserByNick(sql, uname);
+ if (u != null && u.UID > 0) {
+ uid = u.UID;
+ }
}
}
if (uid > 0) {
- ArrayList<Integer> uids = UserQueries.getUserRead(sql, vuid);
+ ArrayList<Integer> uids = UserQueries.getUserRead(sql, uid);
if (uids.size() > 0) {
ArrayList<com.juick.User> users = UserQueries.getUsersByID(sql, uids);
if (users.size() > 0) {
@@ -45,17 +49,21 @@ public class Users {
}
public void doGetUserReaders(HttpServletRequest request, HttpServletResponse response, int vuid) throws ServletException, IOException {
- int uid = vuid;
- String paramUID = request.getParameter("user_id");
- if (paramUID != null) {
- try {
- uid = Integer.parseInt(paramUID);
- } catch (NumberFormatException e) {
+ int uid = 0;
+ String uname = request.getParameter("uname");
+ if (uname == null) {
+ uid = vuid;
+ } else {
+ if (UserQueries.checkUserNameValid(uname)) {
+ com.juick.User u = UserQueries.getUserByNick(sql, uname);
+ if (u != null && u.UID > 0) {
+ uid = u.UID;
+ }
}
}
if (uid > 0) {
- ArrayList<Integer> uids = UserQueries.getUserReaders(sql, vuid);
+ ArrayList<Integer> uids = UserQueries.getUserReaders(sql, uid);
if (uids.size() > 0) {
ArrayList<com.juick.User> users = UserQueries.getUsersByID(sql, uids);
if (users.size() > 0) {
diff --git a/src/java/com/juick/api/Utils.java b/src/java/com/juick/api/Utils.java
index b325b19a8..cac5612d5 100644
--- a/src/java/com/juick/api/Utils.java
+++ b/src/java/com/juick/api/Utils.java
@@ -75,7 +75,7 @@ public class Utils {
try {
BASE64Decoder dec = new BASE64Decoder();
String loginpassw[] = new String(dec.decodeBuffer(auth.substring(6))).split(":", 2);
- if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("a-zA-Z0-9\\-") && !loginpassw[1].isEmpty()) {
+ if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("[a-zA-Z0-9\\-]+") && !loginpassw[1].isEmpty()) {
return UserQueries.checkPassword(sql, loginpassw[0], loginpassw[1]);
}
} catch (IOException e) {