From 95ac207e5dd5566490571fda7229b754a2bbe7ac Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 24 Oct 2016 14:06:17 +0300 Subject: ws: fix injections --- .../main/java/com/juick/ws/s2s/ConnectionIn.java | 2 +- .../src/main/java/com/juick/ws/s2s/JuickBot.java | 42 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) (limited to 'juick-ws/src/main/java/com/juick/ws/s2s') diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java index a57623c4..d1d69dd0 100644 --- a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java +++ b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java @@ -88,7 +88,7 @@ public class ConnectionIn extends Connection implements Runnable { c.sendDialbackVerify(streamID, dbKey); } else { c = new ConnectionOut(xmpp, dfrom, streamID, dbKey); - xmpp.executorService.submit(c); + xmpp.service.submit(c); } } else { throw new HostUnknownException("STREAM FROM " + dfrom + " " + streamID + " INVALID TO " + to); diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/JuickBot.java b/juick-ws/src/main/java/com/juick/ws/s2s/JuickBot.java index 14c63b59..659b7ecd 100644 --- a/juick-ws/src/main/java/com/juick/ws/s2s/JuickBot.java +++ b/juick-ws/src/main/java/com/juick/ws/s2s/JuickBot.java @@ -75,7 +75,7 @@ public class JuickBot { } else if (p.type.equals(Presence.Type.probe)) { int uid_to = 0; if (!toJuick) { - uid_to = UserQueries.getUIDbyName(xmpp.getSql(), username); + uid_to = UserQueries.getUIDbyName(xmpp.jdbc, username); } if (toJuick || uid_to > 0) { @@ -98,9 +98,9 @@ public class JuickBot { if (toJuick) { canSubscribe = true; } else { - int uid_to = UserQueries.getUIDbyName(xmpp.getSql(), username); + int uid_to = UserQueries.getUIDbyName(xmpp.jdbc, username); if (uid_to > 0) { - PMQueries.addPMinRoster(xmpp.getSql(), uid_to, p.from.Bare()); + PMQueries.addPMinRoster(xmpp.jdbc, uid_to, p.from.Bare()); canSubscribe = true; } } @@ -124,9 +124,9 @@ public class JuickBot { } } else if (p.type.equals(Presence.Type.unsubscribe)) { if (!toJuick) { - int uid_to = UserQueries.getUIDbyName(xmpp.getSql(), username); + int uid_to = UserQueries.getUIDbyName(xmpp.jdbc, username); if (uid_to > 0) { - PMQueries.removePMinRoster(xmpp.getSql(), uid_to, p.from.Bare()); + PMQueries.removePMinRoster(xmpp.jdbc, uid_to, p.from.Bare()); } } @@ -146,9 +146,9 @@ public class JuickBot { User user_from = null; String signuphash = ""; - user_from = UserQueries.getUserByJID(xmpp.getSql(), msg.from.Bare()); + user_from = UserQueries.getUserByJID(xmpp.jdbc, msg.from.Bare()); if (user_from == null) { - signuphash = UserQueries.getSignUpHashByJID(xmpp.getSql(), msg.from.Bare()); + signuphash = UserQueries.getSignUpHashByJID(xmpp.jdbc, msg.from.Bare()); } if (user_from == null) { @@ -166,7 +166,7 @@ public class JuickBot { return incomingMessageJuick(user_from, msg); } - int uid_to = UserQueries.getUIDbyName(xmpp.getSql(), username); + int uid_to = UserQueries.getUIDbyName(xmpp.jdbc, username); if (uid_to == 0) { Message reply = new Message(msg.to, msg.from, Message.Type.error); @@ -177,8 +177,8 @@ public class JuickBot { } boolean success = false; - if (!UserQueries.isInBLAny(xmpp.getSql(), uid_to, user_from.getUID())) { - success = PMQueries.createPM(xmpp.getSql(), user_from.getUID(), uid_to, msg.body); + if (!UserQueries.isInBLAny(xmpp.jdbc, uid_to, user_from.getUID())) { + success = PMQueries.createPM(xmpp.jdbc, user_from.getUID(), uid_to, msg.body); } if (success) { @@ -196,12 +196,12 @@ public class JuickBot { List jids; boolean inroster = false; - jids = UserQueries.getJIDsbyUID(xmpp.getSql(), uid_to); + jids = UserQueries.getJIDsbyUID(xmpp.jdbc, uid_to); for (String jid : jids) { Message mm = new Message(); mm.to = new JID(jid); mm.type = Message.Type.chat; - inroster = PMQueries.havePMinRoster(xmpp.getSql(), user_from.getUID(), jid); + inroster = PMQueries.havePMinRoster(xmpp.jdbc, user_from.getUID(), jid); if (inroster) { mm.from = new JID(jmsg.getUser().getUName(), "juick.com", "Juick"); mm.body = msg.body; @@ -277,7 +277,7 @@ public class JuickBot { private void commandLogin(Message m, User user_from) throws Exception { Message reply = new Message(JuickJID, m.from, Message.Type.chat); - reply.body = "http://juick.com/login?" + UserQueries.getHashByUID(xmpp.getSql(), user_from.getUID()); + reply.body = "http://juick.com/login?" + UserQueries.getHashByUID(xmpp.jdbc, user_from.getUID()); xmpp.sendOut(reply); } @@ -289,15 +289,15 @@ public class JuickBot { boolean haveInRoster = false; if (user_to.indexOf('@') > 0) { - uid_to = UserQueries.getUIDbyJID(xmpp.getSql(), user_to); + uid_to = UserQueries.getUIDbyJID(xmpp.jdbc, user_to); } else { - uid_to = UserQueries.getUIDbyName(xmpp.getSql(), user_to); + uid_to = UserQueries.getUIDbyName(xmpp.jdbc, user_to); } if (uid_to > 0) { - if (!UserQueries.isInBLAny(xmpp.getSql(), uid_to, user_from.getUID())) { - if (PMQueries.createPM(xmpp.getSql(), user_from.getUID(), uid_to, body)) { - jids_to = UserQueries.getJIDsbyUID(xmpp.getSql(), uid_to); + if (!UserQueries.isInBLAny(xmpp.jdbc, uid_to, user_from.getUID())) { + if (PMQueries.createPM(xmpp.jdbc, user_from.getUID(), uid_to, body)) { + jids_to = UserQueries.getJIDsbyUID(xmpp.jdbc, uid_to); ret = 200; } else { ret = 500; @@ -326,7 +326,7 @@ public class JuickBot { Message mm = new Message(); mm.to = new JID(jid); mm.type = Message.Type.chat; - haveInRoster = PMQueries.havePMinRoster(xmpp.getSql(), user_from.getUID(), jid); + haveInRoster = PMQueries.havePMinRoster(xmpp.jdbc, user_from.getUID(), jid); if (haveInRoster) { mm.from = new JID(user_from.getUName(), "juick.com", "Juick"); mm.body = body; @@ -350,8 +350,8 @@ public class JuickBot { } private void commandBLShow(Message m, User user_from) throws Exception { - List blusers = UserQueries.getUserBLUsers(xmpp.getSql(), user_from.getUID()); - List bltags = TagQueries.getUserBLTags(xmpp.getSql(), user_from.getUID()); + List blusers = UserQueries.getUserBLUsers(xmpp.jdbc, user_from.getUID()); + List bltags = TagQueries.getUserBLTags(xmpp.jdbc, user_from.getUID()); String txt = ""; if (bltags.size() > 0) { -- cgit v1.2.3