From fd3b2e951400bf69ca9394d752118b6a3c039516 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 20 Jan 2017 14:10:46 +0300 Subject: juick-server: database tags should not be escaped now --- .../java/com/juick/www/controllers/Discover.java | 138 --------------------- .../main/java/com/juick/www/controllers/Tags.java | 134 ++++++++++++++++++++ 2 files changed, 134 insertions(+), 138 deletions(-) delete mode 100644 juick-www/src/main/java/com/juick/www/controllers/Discover.java create mode 100644 juick-www/src/main/java/com/juick/www/controllers/Tags.java (limited to 'juick-www/src/main') diff --git a/juick-www/src/main/java/com/juick/www/controllers/Discover.java b/juick-www/src/main/java/com/juick/www/controllers/Discover.java deleted file mode 100644 index e5d17501..00000000 --- a/juick-www/src/main/java/com/juick/www/controllers/Discover.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Juick - * Copyright (C) 2008-2011, Ugnich Anton - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package com.juick.www.controllers; - -import com.juick.service.AdsService; -import com.juick.service.MessagesService; -import com.juick.service.TagService; -import com.juick.www.Utils; -import com.juick.www.WebApp; -import org.apache.commons.lang3.CharEncoding; -import org.apache.commons.lang3.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.net.URLDecoder; -import java.net.URLEncoder; -import java.util.List; - -/** - * - * @author Ugnich Anton - */ -@Controller -public class Discover { - @Inject - WebApp webApp; - @Inject - MessagesService messagesService; - @Inject - TagService tagService; - @Inject - AdsService adsService; - @Inject - PageTemplates templates; - - @RequestMapping(value = "/tag/{tagName}", method = RequestMethod.GET) - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { - com.juick.User visitor = webApp.getVisitorUser(request, response); - - String paramTagStr = URLDecoder.decode(request.getRequestURI().substring(5), CharEncoding.UTF_8); - com.juick.Tag paramTag = tagService.getTag(paramTagStr, false); - if (paramTag == null) { - response.sendError(HttpServletResponse.SC_NOT_FOUND); - return; - } else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) { - com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID); - String url = "/tag/" + URLEncoder.encode(synTag.getName(), CharEncoding.UTF_8); - if (request.getQueryString() != null) { - url += "?" + request.getQueryString(); - } - Utils.sendPermanentRedirect(response, url); - return; - } else if (!paramTag.getName().equals(paramTagStr)) { - String url = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8); - if (request.getQueryString() != null) { - url += "?" + request.getQueryString(); - } - Utils.sendPermanentRedirect(response, url); - return; - } - - int paramBefore = 0; - String paramBeforeStr = request.getParameter("before"); - if (paramBeforeStr != null) { - try { - paramBefore = Integer.parseInt(paramBeforeStr); - } catch (NumberFormatException e) { - } - } - - int visitor_uid = visitor.getUid(); - - String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName()); - List mids = messagesService.getTag(paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20); - - response.setContentType("text/html; charset=UTF-8"); - try (PrintWriter out = response.getWriter()) { - String head = StringUtils.EMPTY; - if (tagService.getTagNoIndex(paramTag.TID)) { - head = ""; - } else if (paramBefore > 0 || mids.size() < 5) { - head = ""; - } - templates.pageHead(out, visitor, title, head); - templates.pageNavigation(out, visitor, null); - - out.println("
"); - - if (mids.size() > 0) { - int vuid = visitor.getUid(); - int ad_mid = adsService.getAdMid(vuid); - if (ad_mid > 0 && mids.indexOf(ad_mid) == -1) { - mids.add(0, ad_mid); - adsService.logAdMid(vuid, ad_mid); - } else { - ad_mid = 0; - } - - templates.printMessages(out, null, mids, visitor, visitor_uid == 0 ? 2 : 3, ad_mid); - } - - if (mids.size() >= 20) { - String nextpage = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8) + "?before=" + mids.get(mids.size() - 1); - out.println("

Читать дальше →

"); - } - - out.println("
"); - - templates.pageHomeColumn(out, visitor); - - templates.pageFooter(request, out, visitor, true); - - templates.pageEnd(out); - } - } -} diff --git a/juick-www/src/main/java/com/juick/www/controllers/Tags.java b/juick-www/src/main/java/com/juick/www/controllers/Tags.java new file mode 100644 index 00000000..ee95d08c --- /dev/null +++ b/juick-www/src/main/java/com/juick/www/controllers/Tags.java @@ -0,0 +1,134 @@ +/* + * Juick + * Copyright (C) 2008-2011, Ugnich Anton + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package com.juick.www.controllers; + +import com.juick.service.AdsService; +import com.juick.service.MessagesService; +import com.juick.service.TagService; +import com.juick.www.Utils; +import com.juick.www.WebApp; +import org.apache.commons.lang3.CharEncoding; +import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; + +import javax.inject.Inject; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.net.URLDecoder; +import java.net.URLEncoder; +import java.util.List; + +/** + * + * @author Ugnich Anton + */ +@Controller +public class Tags { + @Inject + WebApp webApp; + @Inject + MessagesService messagesService; + @Inject + TagService tagService; + @Inject + AdsService adsService; + @Inject + PageTemplates templates; + + @RequestMapping(value = "/tag/{tagName}", method = RequestMethod.GET) + protected void doGet(HttpServletRequest request, + @PathVariable String tagName, + @RequestParam(required = false, defaultValue = "0") int before, + HttpServletResponse response) throws IOException { + com.juick.User visitor = webApp.getVisitorUser(request, response); + + String paramTagStr = URLDecoder.decode(StringEscapeUtils.unescapeHtml4(tagName), CharEncoding.UTF_8); + com.juick.Tag paramTag = tagService.getTag(paramTagStr, false); + if (paramTag == null) { + response.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) { + com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID); + String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(synTag.getName()), CharEncoding.UTF_8); + if (request.getQueryString() != null) { + url += "?" + request.getQueryString(); + } + Utils.sendPermanentRedirect(response, url); + return; + } else if (!paramTag.getName().equals(paramTagStr)) { + String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(paramTag.getName()), CharEncoding.UTF_8); + if (request.getQueryString() != null) { + url += "?" + request.getQueryString(); + } + Utils.sendPermanentRedirect(response, url); + return; + } + + int visitor_uid = visitor.getUid(); + + String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName()); + List mids = messagesService.getTag(paramTag.TID, visitor_uid, before, (visitor_uid == 0) ? 40 : 20); + + response.setContentType("text/html; charset=UTF-8"); + try (PrintWriter out = response.getWriter()) { + String head = StringUtils.EMPTY; + if (tagService.getTagNoIndex(paramTag.TID)) { + head = ""; + } else if (before > 0 || mids.size() < 5) { + head = ""; + } + templates.pageHead(out, visitor, title, head); + templates.pageNavigation(out, visitor, null); + + out.println("
"); + + if (mids.size() > 0) { + int vuid = visitor.getUid(); + int ad_mid = adsService.getAdMid(vuid); + if (ad_mid > 0 && mids.indexOf(ad_mid) == -1) { + mids.add(0, ad_mid); + adsService.logAdMid(vuid, ad_mid); + } else { + ad_mid = 0; + } + + templates.printMessages(out, null, mids, visitor, visitor_uid == 0 ? 2 : 3, ad_mid); + } + + if (mids.size() >= 20) { + String nextpage = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8) + "?before=" + mids.get(mids.size() - 1); + out.println("

Читать дальше →

"); + } + + out.println("
"); + + templates.pageHomeColumn(out, visitor); + + templates.pageFooter(request, out, visitor, true); + + templates.pageEnd(out); + } + } +} -- cgit v1.2.3