aboutsummaryrefslogtreecommitdiff
path: root/src/java
diff options
context:
space:
mode:
Diffstat (limited to 'src/java')
-rw-r--r--src/java/com/juick/api/Main.java13
-rw-r--r--src/java/com/juick/api/PM.java2
2 files changed, 8 insertions, 7 deletions
diff --git a/src/java/com/juick/api/Main.java b/src/java/com/juick/api/Main.java
index 38716282..9e0b8523 100644
--- a/src/java/com/juick/api/Main.java
+++ b/src/java/com/juick/api/Main.java
@@ -29,6 +29,7 @@ import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;
import javax.servlet.ServletException;
+import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -39,6 +40,7 @@ import javax.servlet.http.HttpServletResponse;
* @author Ugnich Anton
*/
@WebServlet(name = "Main", urlPatterns = {"/"})
+@MultipartConfig
public class Main extends HttpServlet implements Stream.StreamListener {
Connection sql;
@@ -186,16 +188,15 @@ public class Main extends HttpServlet implements Stream.StreamListener {
if (vuid == 0) {
vuid = Utils.getVisitorQueryStringUID(sql, request);
}
-
+ if (vuid == 0) {
+ response.sendError(401);
+ return;
+ }
String uri = request.getRequestURI();
if (uri.equals("/post")) {
} else if (uri.equals("/pm")) {
- if (vuid > 0) {
- pm.doPostPM(request, response, xmpp, vuid);
- } else {
- response.sendError(401);
- }
+ pm.doPostPM(request, response, xmpp, vuid);
} else {
response.sendError(405);
}
diff --git a/src/java/com/juick/api/PM.java b/src/java/com/juick/api/PM.java
index d279d9e3..2722526d 100644
--- a/src/java/com/juick/api/PM.java
+++ b/src/java/com/juick/api/PM.java
@@ -59,7 +59,7 @@ public class PM {
return;
}
- if (UserQueries.isInBL(sql, uid, vuid) || UserQueries.isInBL(sql, vuid, uid)) {
+ if (UserQueries.isInBLAny(sql, uid, vuid)) {
response.sendError(403);
return;
}