Skip to content
This repository has been archived by the owner on Nov 9, 2023. It is now read-only.

User controlled redirection #25

Open
QiAnXinCodeSafe opened this issue Jul 11, 2019 · 0 comments
Open

User controlled redirection #25

QiAnXinCodeSafe opened this issue Jul 11, 2019 · 0 comments

Comments

@QiAnXinCodeSafe
Copy link

Use user-controlled values directly as redirect addresses on lines 112 and 120

codeu_project_2018/src/main/java/codeu/controller/ConversationServlet.java

Lines 102 to 120 in 0c129ab

String conversationTitle = request.getParameter("conversationTitle");
if (!conversationTitle.matches("[\\w*]*")) {
request.setAttribute("error", "Please enter only letters and numbers.");
request.getRequestDispatcher("/WEB-INF/view/conversations.jsp").forward(request, response);
return;
}
if (conversationStore.isTitleTaken(conversationTitle)) {
// conversation title is already taken, just go into that conversation instead of creating a
// new one
response.sendRedirect("/chat/" + conversationTitle);
return;
}
Conversation conversation =
new Conversation(UUID.randomUUID(), user.getId(), conversationTitle, Instant.now());
conversationStore.addConversation(conversation);
response.sendRedirect("/chat/" + conversationTitle);

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@QiAnXinCodeSafe