From 34da94d887ae7be134d17c4bc9e101a8c198b300 Mon Sep 17 00:00:00 2001 From: Ugnich Anton Date: Mon, 20 Feb 2012 21:38:29 +0700 Subject: Bugfixes --- src/java/com/juick/http/www/Blogs.java | 36 ++++++++++++++++++------ src/java/com/juick/http/www/Login.java | 4 +-- src/java/com/juick/http/www/Main.java | 2 +- src/java/com/juick/http/www/NewMessage.java | 12 ++++++-- src/java/com/juick/http/www/PageTemplates.java | 13 ++++++--- src/java/com/juick/http/www/UserThread.java | 38 ++++++++++++++++++++------ 6 files changed, 79 insertions(+), 26 deletions(-) (limited to 'src/java/com/juick/http/www') diff --git a/src/java/com/juick/http/www/Blogs.java b/src/java/com/juick/http/www/Blogs.java index 1e212b7a..a1cfdeb0 100644 --- a/src/java/com/juick/http/www/Blogs.java +++ b/src/java/com/juick/http/www/Blogs.java @@ -83,17 +83,37 @@ public class Blogs { mids = MessagesQueries.getAll(sql, paramBefore); } } else if (paramShow.equals("my")) { - title = rb.getString("My feed"); - mids = MessagesQueries.getMyFeed(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("My feed"); + mids = MessagesQueries.getMyFeed(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("private")) { - title = rb.getString("Private"); - mids = MessagesQueries.getPrivate(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("Private"); + mids = MessagesQueries.getPrivate(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("incoming")) { - title = rb.getString("Incoming"); - mids = MessagesQueries.getIncoming(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("Incoming"); + mids = MessagesQueries.getIncoming(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("recommended")) { - title = rb.getString("Recommended"); - mids = MessagesQueries.getRecommended(sql, visitor.UID, paramBefore); + if (visitor != null) { + title = rb.getString("Recommended"); + mids = MessagesQueries.getRecommended(sql, visitor.UID, paramBefore); + } else { + response.sendError(404); + return; + } } else if (paramShow.equals("top")) { title = rb.getString("Popular"); mids = MessagesQueries.getPopular(sql, paramBefore); diff --git a/src/java/com/juick/http/www/Login.java b/src/java/com/juick/http/www/Login.java index 1baf6e43..0006f9d0 100644 --- a/src/java/com/juick/http/www/Login.java +++ b/src/java/com/juick/http/www/Login.java @@ -73,7 +73,7 @@ public class Login { if (com.juick.server.UserQueries.getUIDbyHash(sql, hash) > 0) { Cookie c = new Cookie("hash", hash); c.setDomain(".juick.com"); - c.setMaxAge(0); + c.setMaxAge(365 * 24 * 60 * 60); response.addCookie(c); response.sendRedirect("/"); @@ -95,7 +95,7 @@ public class Login { String hash = com.juick.server.UserQueries.getHashByUID(sql, uid); Cookie c = new Cookie("hash", hash); c.setDomain(".juick.com"); - c.setMaxAge(0); + c.setMaxAge(365 * 24 * 60 * 60); response.addCookie(c); String referer = request.getHeader("Referer"); diff --git a/src/java/com/juick/http/www/Main.java b/src/java/com/juick/http/www/Main.java index b7f95a4a..910a554f 100644 --- a/src/java/com/juick/http/www/Main.java +++ b/src/java/com/juick/http/www/Main.java @@ -149,7 +149,7 @@ public class Main extends HttpServlet implements XmppListener { //TODO settings } else if (uri.matches("^/\\d+$")) { rootRedirects.doGetPostID(sql, request, response); - } else if (uri.matches("^/[^/]$")) { + } else if (uri.matches("^/[^/]+$")) { rootRedirects.doGetUsername(sql, request, response); } else if (uri.matches("^/.+/.*")) { String uriparts[] = uri.split("/"); diff --git a/src/java/com/juick/http/www/NewMessage.java b/src/java/com/juick/http/www/NewMessage.java index 1beacf62..d35af8f3 100644 --- a/src/java/com/juick/http/www/NewMessage.java +++ b/src/java/com/juick/http/www/NewMessage.java @@ -54,10 +54,18 @@ public class NewMessage { out.println("
"); out.println("
"); out.println("

" + rbnm.getString("Location") + ": " + rbnm.getString("Clear") + "

"); - out.println("

" + rbnm.getString("Attachment") + ": " + rbnm.getString("or") + " " + rbnm.getString("from webcam") + "
"); + out.println("

" + rbnm.getString("Attachment") + ": " + rbnm.getString("or") + " " + rbnm.getString("from webcam") + "
"); out.println("" + rbnm.getString("Photo_JPG") + "
" + rbnm.getString("Webcam photo") + " — " + rbnm.getString("Clear") + "

"); out.println("
"); - out.println("


"); + + String body = request.getParameter("body"); + if (body != null && body.length() < 4096) { + body = Utils.encodeHTML(body); + } else { + body = ""; + } + out.println("


"); + out.println("" + "" + "

"); out.println("
"); out.println("
"); diff --git a/src/java/com/juick/http/www/PageTemplates.java b/src/java/com/juick/http/www/PageTemplates.java index 4997f778..b7b2f536 100644 --- a/src/java/com/juick/http/www/PageTemplates.java +++ b/src/java/com/juick/http/www/PageTemplates.java @@ -62,7 +62,7 @@ public class PageTemplates { public static void pageNavigation(PrintWriter out, Locale loc, com.juick.User user) { ResourceBundle rb = ResourceBundle.getBundle("Global", loc); out.println("
"); - out.println("
\"Juick\"/
"); + out.println("
\"Juick\"/
"); out.println("
    "); out.println("
  • " + rb.getString("Blogs") + "
  • "); // out.println("
  • " + rb.getString("Chats") + "
  • "); @@ -324,9 +324,12 @@ public class PageTemplates { // lat // lon + boolean cancomment = true; + tags = (tags != null) ? formatTags(tags) : ""; if (rs.getInt(5) == 1) { tags += " *readonly"; + cancomment = false; } switch (rs.getInt(6)) { case 2: @@ -361,7 +364,9 @@ public class PageTemplates { out.println("
    \""
    "); out.println(" "); out.println("
    @" + uname + ":" + tags + "
    "); out.println("
    " + txt + "
    "); @@ -372,9 +377,9 @@ public class PageTemplates { repliesby = "..."; } out.println("
    " + formatReplies(rs.getInt(10), locale) + " " + rb.getString("(replies) by") + " " + repliesby + "
    "); - } else { + } else if (cancomment) { out.println("
    "); - out.println("
    "); + out.println("
    "); out.println("
    "); } out.println(" "); diff --git a/src/java/com/juick/http/www/UserThread.java b/src/java/com/juick/http/www/UserThread.java index eb3adfad..406698bf 100644 --- a/src/java/com/juick/http/www/UserThread.java +++ b/src/java/com/juick/http/www/UserThread.java @@ -17,6 +17,7 @@ */ package com.juick.http.www; +import com.juick.server.MessagesQueries; import com.juick.server.UserQueries; import java.io.IOException; import java.io.PrintWriter; @@ -41,6 +42,11 @@ public class UserThread { com.juick.User visitor = Utils.getVisitorUser(sql, request); Locale locale = request.getLocale(); + if (!MessagesQueries.canViewThread(sql, MID, visitor != null ? visitor.UID : 0)) { + response.sendError(403); + return; + } + boolean listview = false; String paramView = request.getParameter("view"); if (paramView != null) { @@ -65,6 +71,7 @@ public class UserThread { PageTemplates.pageNavigation(out, locale, visitor); PageTemplates.pageUserTitle(out, sql, locale, user, visitor); + out.println("
    "); out.println("
    "); @@ -105,9 +112,12 @@ public class UserThread { // lat // lon + boolean cancomment = true; + tags = (tags != null) ? PageTemplates.formatTags(tags) : ""; if (rs.getInt(5) == 1) { tags += " *readonly"; + cancomment = false; } switch (rs.getInt(6)) { case 2: @@ -139,14 +149,18 @@ public class UserThread { out.println("
    \""
    "); out.println(" "); out.println("
    @" + uname + ":" + tags + "
    "); out.println("
    " + txt + "
    "); - out.println("
    "); - out.println("
    "); - out.println("
    "); + if (cancomment) { + out.println("
    "); + out.println("
    "); + out.println("
    "); + } out.println(" "); out.println("
"); @@ -259,8 +273,9 @@ public class UserThread { } } out.println("
\""
"); - out.println("
" + PageTemplates.formatDate(msg.MinutesAgo, msg.TimestampString, locale) + "