From 3e87cc6a73fbfc165f81d5f7a3d7d1f76e7feb9a Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 1 Nov 2017 01:57:08 +0300
Subject: www: /post should not throw if img or attach is present
---
.../com/juick/www/configuration/WebSecurityConfig.java | 2 +-
.../main/java/com/juick/www/controllers/Messages.java | 15 +++++++++++----
.../main/java/com/juick/www/controllers/NewMessage.java | 16 +++++-----------
3 files changed, 17 insertions(+), 16 deletions(-)
(limited to 'juick-www/src/main/java/com/juick')
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 3dc7bc76..231c6e2e 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -72,7 +72,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
- .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated()
+ .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment").authenticated()
.anyRequest().permitAll()
.and()
.anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Messages.java b/juick-www/src/main/java/com/juick/www/controllers/Messages.java
index 7c96705f..75e81b94 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Messages.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Messages.java
@@ -542,8 +542,16 @@ public class Messages {
headers += "";
}
String cardType = StringUtils.isNotEmpty(msg.getAttachmentType()) ? "summary_large_image" : "summary";
- String msgImage = StringUtils.isNotEmpty(msg.getAttachmentType()) ? msg.getAttachment().getMedium().getUrl()
- : "https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ if (StringUtils.isNotEmpty(msg.getAttachmentType())) {
+ // additional check in case of broken images
+ if (msg.getAttachment() != null) {
+ String msgImage = msg.getAttachment().getMedium().getUrl();
+ headers += "";
+ }
+ } else {
+ String msgImage ="https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ headers += "";
+ }
model.addAttribute("ogtype", "article");
String cardDescription = StringEscapeUtils.escapeHtml4(PlainTextFormatter.formatTwitterCard(msg));
headers += "\n" +
@@ -551,8 +559,7 @@ public class Messages {
"\n" +
"\n" +
"\n" +
- "\n" +
- "";
+ "\n";
String twitterName = crosspostService.getTwitterName(msg.getUser().getUid());
if (StringUtils.isNotEmpty(twitterName)) {
headers += "\n";
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
index 2de6a2ad..2b411523 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
@@ -91,14 +91,11 @@ public class NewMessage {
@PostMapping("/post")
public String postResult(@RequestParam(required = false) String img,
- @RequestParam String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@RequestParam(required = false, name = "tags") String tagsStr,
@RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.getUid() == 0) {
- throw new HttpForbiddenException();
- }
- if (body == null || body.length() < 1 || body.length() > 4096) {
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
throw new HttpBadRequestException();
}
body = body.replace("\r", StringUtils.EMPTY);
@@ -107,7 +104,7 @@ public class NewMessage {
String attachmentFName = HttpUtils.receiveMultiPartFile(attach, webApp.getTmpDir());
- if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) {
+ if (StringUtils.isBlank(attachmentFName) && StringUtils.isNotBlank(img)) {
try {
URL imgUrl = new URL(img);
attachmentFName = HttpUtils.downloadImage(imgUrl, webApp.getTmpDir());
@@ -200,13 +197,10 @@ public class NewMessage {
public String doPostComment(
@RequestParam(required = false, defaultValue = "0") Integer mid,
@RequestParam(required = false, defaultValue = "0") Integer rid,
- @RequestParam String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@RequestParam(required = false) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.getUid() == 0) {
- throw new HttpForbiddenException();
- }
if (mid == 0) {
throw new HttpBadRequestException();
}
@@ -223,7 +217,7 @@ public class NewMessage {
}
}
- if (body.length() < 1 || body.length() > 4096) {
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img)) {
throw new HttpBadRequestException();
}
body = body.replace("\r", StringUtils.EMPTY);
--
cgit v1.2.3