Revize 36927924
Přidáno uživatelem Pavel Fidranský před více než 6 roky(ů)
| sources/src/main/java/cz/zcu/kiv/offscreen/servlets/api/RemoveDiagram.java | ||
|---|---|---|
| 1 | 1 |
package cz.zcu.kiv.offscreen.servlets.api; |
| 2 | 2 |
|
| 3 |
import com.google.common.base.Strings; |
|
| 3 | 4 |
import cz.zcu.kiv.offscreen.servlets.BaseServlet; |
| 4 | 5 |
import cz.zcu.kiv.offscreen.user.DB; |
| 5 | 6 |
import cz.zcu.kiv.offscreen.user.Diagram; |
| ... | ... | |
| 17 | 18 |
return; |
| 18 | 19 |
} |
| 19 | 20 |
|
| 20 |
if (request.getParameter("diagram_id") == null) {
|
|
| 21 |
int loggedUserId = getUserId(request); |
|
| 22 |
|
|
| 23 |
String diagramId = request.getParameter("diagram_id");
|
|
| 24 |
|
|
| 25 |
if (Strings.isNullOrEmpty(diagramId)) {
|
|
| 21 | 26 |
response.sendError(HttpServletResponse.SC_BAD_REQUEST); |
| 22 | 27 |
return; |
| 23 | 28 |
} |
| 24 | 29 |
|
| 25 |
int loggedUserId = getUserId(request); |
|
| 26 |
|
|
| 27 |
Integer diagramId = Integer.parseInt(request.getParameter("diagram_id"));
|
|
| 28 | 30 |
DB db = new DB(getServletContext()); |
| 29 |
Diagram diagram = new Diagram(db, diagramId);
|
|
| 31 |
Diagram diagram = new Diagram(db, Integer.parseInt(diagramId));
|
|
| 30 | 32 |
|
| 31 | 33 |
if (diagram.getUserId() != loggedUserId) {
|
| 32 | 34 |
response.sendError(HttpServletResponse.SC_UNAUTHORIZED); |
| sources/src/main/java/cz/zcu/kiv/offscreen/servlets/api/SaveDiagram.java | ||
|---|---|---|
| 21 | 21 |
return; |
| 22 | 22 |
} |
| 23 | 23 |
|
| 24 |
request.setCharacterEncoding("UTF-8");
|
|
| 25 |
|
|
| 24 | 26 |
int loggedUserId = getUserId(request); |
| 25 | 27 |
|
| 26 |
request.setCharacterEncoding("UTF-8");
|
|
| 28 |
String diagramId = request.getParameter("diagram_id");
|
|
| 27 | 29 |
String name = request.getParameter("name");
|
| 28 | 30 |
String graphJson = request.getParameter("graph_json");
|
| 29 | 31 |
String isPublic = StringUtils.defaultIfBlank(request.getParameter("public"), "0");
|
| ... | ... | |
| 37 | 39 |
DB db = new DB(getServletContext()); |
| 38 | 40 |
Diagram diagram; |
| 39 | 41 |
|
| 40 |
if (request.getParameter("diagram_id") == null) {
|
|
| 42 |
if (Strings.isNullOrEmpty(diagramId)) {
|
|
| 41 | 43 |
// new diagram |
| 42 | 44 |
diagram = new Diagram(db); |
| 43 | 45 |
|
| 44 | 46 |
} else {
|
| 45 | 47 |
// diagram exists |
| 46 |
Integer diagramId = Integer.parseInt(request.getParameter("diagram_id"));
|
|
| 47 |
diagram = new Diagram(db, diagramId); |
|
| 48 |
diagram = new Diagram(db, Integer.parseInt(diagramId)); |
|
| 48 | 49 |
|
| 49 | 50 |
// user is not owner of the diagram |
| 50 | 51 |
if (loggedUserId != diagram.getUserId()) {
|
Také k dispozici: Unified diff
SaveDiagram and RemoveDiagram servlets validate diagram_id parameter for both null and empty string