From 3e87cc6a73fbfc165f81d5f7a3d7d1f76e7feb9a Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Wed, 1 Nov 2017 01:57:08 +0300 Subject: www: /post should not throw if img or attach is present --- .../com/juick/www/configuration/WebSecurityConfig.java | 2 +- .../main/java/com/juick/www/controllers/Messages.java | 15 +++++++++++---- .../main/java/com/juick/www/controllers/NewMessage.java | 16 +++++----------- 3 files changed, 17 insertions(+), 16 deletions(-) (limited to 'juick-www/src/main/java/com/juick') diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 3dc7bc76..231c6e2e 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -72,7 +72,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class); http .authorizeRequests() - .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated() + .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment").authenticated() .anyRequest().permitAll() .and() .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) diff --git a/juick-www/src/main/java/com/juick/www/controllers/Messages.java b/juick-www/src/main/java/com/juick/www/controllers/Messages.java index 7c96705f..75e81b94 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/Messages.java +++ b/juick-www/src/main/java/com/juick/www/controllers/Messages.java @@ -542,8 +542,16 @@ public class Messages { headers += ""; } String cardType = StringUtils.isNotEmpty(msg.getAttachmentType()) ? "summary_large_image" : "summary"; - String msgImage = StringUtils.isNotEmpty(msg.getAttachmentType()) ? msg.getAttachment().getMedium().getUrl() - : "https://i.juick.com/a/" + msg.getUser().getUid() + ".png"; + if (StringUtils.isNotEmpty(msg.getAttachmentType())) { + // additional check in case of broken images + if (msg.getAttachment() != null) { + String msgImage = msg.getAttachment().getMedium().getUrl(); + headers += ""; + } + } else { + String msgImage ="https://i.juick.com/a/" + msg.getUser().getUid() + ".png"; + headers += ""; + } model.addAttribute("ogtype", "article"); String cardDescription = StringEscapeUtils.escapeHtml4(PlainTextFormatter.formatTwitterCard(msg)); headers += "\n" + @@ -551,8 +559,7 @@ public class Messages { "\n" + "\n" + "\n" + - "\n" + - ""; + "\n"; String twitterName = crosspostService.getTwitterName(msg.getUser().getUid()); if (StringUtils.isNotEmpty(twitterName)) { headers += "\n"; diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java index 2de6a2ad..2b411523 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java +++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java @@ -91,14 +91,11 @@ public class NewMessage { @PostMapping("/post") public String postResult(@RequestParam(required = false) String img, - @RequestParam String body, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, @RequestParam(required = false, name = "tags") String tagsStr, @RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.getUid() == 0) { - throw new HttpForbiddenException(); - } - if (body == null || body.length() < 1 || body.length() > 4096) { + if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) { throw new HttpBadRequestException(); } body = body.replace("\r", StringUtils.EMPTY); @@ -107,7 +104,7 @@ public class NewMessage { String attachmentFName = HttpUtils.receiveMultiPartFile(attach, webApp.getTmpDir()); - if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) { + if (StringUtils.isBlank(attachmentFName) && StringUtils.isNotBlank(img)) { try { URL imgUrl = new URL(img); attachmentFName = HttpUtils.downloadImage(imgUrl, webApp.getTmpDir()); @@ -200,13 +197,10 @@ public class NewMessage { public String doPostComment( @RequestParam(required = false, defaultValue = "0") Integer mid, @RequestParam(required = false, defaultValue = "0") Integer rid, - @RequestParam String body, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.getUid() == 0) { - throw new HttpForbiddenException(); - } if (mid == 0) { throw new HttpBadRequestException(); } @@ -223,7 +217,7 @@ public class NewMessage { } } - if (body.length() < 1 || body.length() > 4096) { + if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img)) { throw new HttpBadRequestException(); } body = body.replace("\r", StringUtils.EMPTY); -- cgit v1.2.3