diff options
Diffstat (limited to 'src/java')
-rw-r--r-- | src/java/com/juick/api/Main.java | 13 | ||||
-rw-r--r-- | src/java/com/juick/api/PM.java | 2 |
2 files changed, 8 insertions, 7 deletions
diff --git a/src/java/com/juick/api/Main.java b/src/java/com/juick/api/Main.java index 38716282..9e0b8523 100644 --- a/src/java/com/juick/api/Main.java +++ b/src/java/com/juick/api/Main.java @@ -29,6 +29,7 @@ import java.sql.DriverManager; import java.sql.SQLException; import java.util.Properties; import javax.servlet.ServletException; +import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -39,6 +40,7 @@ import javax.servlet.http.HttpServletResponse; * @author Ugnich Anton */ @WebServlet(name = "Main", urlPatterns = {"/"}) +@MultipartConfig public class Main extends HttpServlet implements Stream.StreamListener { Connection sql; @@ -186,16 +188,15 @@ public class Main extends HttpServlet implements Stream.StreamListener { if (vuid == 0) { vuid = Utils.getVisitorQueryStringUID(sql, request); } - + if (vuid == 0) { + response.sendError(401); + return; + } String uri = request.getRequestURI(); if (uri.equals("/post")) { } else if (uri.equals("/pm")) { - if (vuid > 0) { - pm.doPostPM(request, response, xmpp, vuid); - } else { - response.sendError(401); - } + pm.doPostPM(request, response, xmpp, vuid); } else { response.sendError(405); } diff --git a/src/java/com/juick/api/PM.java b/src/java/com/juick/api/PM.java index d279d9e3..2722526d 100644 --- a/src/java/com/juick/api/PM.java +++ b/src/java/com/juick/api/PM.java @@ -59,7 +59,7 @@ public class PM { return; } - if (UserQueries.isInBL(sql, uid, vuid) || UserQueries.isInBL(sql, vuid, uid)) { + if (UserQueries.isInBLAny(sql, uid, vuid)) { response.sendError(403); return; } |