From e359e0788d4d9c675a88daaebda416f38e2ac03a Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sun, 7 Apr 2019 01:59:33 +0300 Subject: Tags should be unescaped before storing Test tag is Test tag --- src/main/java/com/juick/server/CommandsManager.java | 3 ++- src/main/java/com/juick/service/MessagesServiceImpl.java | 2 +- src/main/resources/templates/views/macros/tags.html | 4 ++-- src/main/resources/templates/views/partial/tags.html | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) (limited to 'src/main') diff --git a/src/main/java/com/juick/server/CommandsManager.java b/src/main/java/com/juick/server/CommandsManager.java index f6f29941..fdea0d83 100644 --- a/src/main/java/com/juick/server/CommandsManager.java +++ b/src/main/java/com/juick/server/CommandsManager.java @@ -35,6 +35,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.apache.commons.lang3.reflect.MethodUtils; import org.apache.commons.lang3.tuple.Pair; +import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; @@ -91,7 +92,7 @@ public class CommandsManager { if (strippedData.startsWith("?OTR")) { return CommandResult.fromString("?OTR Error: we are not using OTR"); } - String input = MessageUtils.stripNonSafeUrls(strippedData); + String input = StringEscapeUtils.unescapeHtml4(MessageUtils.stripNonSafeUrls(strippedData)); Optional cmd = MethodUtils.getMethodsListWithAnnotation(getClass(), UserCommand.class).stream() .filter(m -> Pattern.compile(m.getAnnotation(UserCommand.class).pattern(), m.getAnnotation(UserCommand.class).patternFlags()).matcher(input).matches()) diff --git a/src/main/java/com/juick/service/MessagesServiceImpl.java b/src/main/java/com/juick/service/MessagesServiceImpl.java index 3e09d204..2bae04e6 100644 --- a/src/main/java/com/juick/service/MessagesServiceImpl.java +++ b/src/main/java/com/juick/service/MessagesServiceImpl.java @@ -765,7 +765,7 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ return getNamedParameterJdbcTemplate().queryForList( "SELECT messages.message_id FROM messages_tags INNER JOIN messages " + - " USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " + + " ON messages.message_id = messages_tags.message_id WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " + (before > 0 ? " AND messages.message_id < :before " : StringUtils.EMPTY) + " AND messages.privacy >= :privacy ORDER BY messages.message_id DESC LIMIT 20", diff --git a/src/main/resources/templates/views/macros/tags.html b/src/main/resources/templates/views/macros/tags.html index defed8e6..08687f5a 100644 --- a/src/main/resources/templates/views/macros/tags.html +++ b/src/main/resources/templates/views/macros/tags.html @@ -1,11 +1,11 @@ {% macro tags(uname="", tagsList) %} {% for tag in tagsList %} -{{ tag | raw }} +{{ tag }} {% endfor %} {% endmacro %} {% macro allTags(baseUri, tagsList) %} {% for tag in tagsList %} -#{{ tag | raw }} +#{{ tag }} {% endfor %} {% endmacro %} \ No newline at end of file diff --git a/src/main/resources/templates/views/partial/tags.html b/src/main/resources/templates/views/partial/tags.html index 3235213e..4d05b7fb 100644 --- a/src/main/resources/templates/views/partial/tags.html +++ b/src/main/resources/templates/views/partial/tags.html @@ -1,3 +1,3 @@ {% for tag in tags %} - {{ tag | raw }} + {{ tag }} {% endfor %} \ No newline at end of file -- cgit v1.2.3