From acc7f06e66c2787ca88b60e7e697f7ef3a7641f8 Mon Sep 17 00:00:00 2001 From: "Eric J. Bowersox" Date: Sun, 15 Apr 2001 04:23:48 +0000 Subject: [PATCH] fixed topic name in posts so that it came out right; fixed SIG welcome page so that it generates correct URL; repaired a security hole (well, not really, but a PERCEIVED security hole) regarding accounts that have been created but not yet confirmed --- .../venice/core/impl/UserContextImpl.java | 87 +++++++++++++++++++ .../venice/core/impl/VeniceEngineImpl.java | 26 +----- .../venice/servlets/format/TopicPosts.java | 9 ++ web/format/posts.jsp | 22 ++--- 4 files changed, 106 insertions(+), 38 deletions(-) diff --git a/src/com/silverwrist/venice/core/impl/UserContextImpl.java b/src/com/silverwrist/venice/core/impl/UserContextImpl.java index c803a3f..d01639e 100644 --- a/src/com/silverwrist/venice/core/impl/UserContextImpl.java +++ b/src/com/silverwrist/venice/core/impl/UserContextImpl.java @@ -216,6 +216,65 @@ class UserContextImpl implements UserContext, UserBackend } // end sendEmailConfirmation + private void autoJoinSIGs(Connection conn) throws SQLException + { + if (logger.isDebugEnabled()) + logger.debug("autoJoinSIGs (uid " + uid + ", level " + level + ")"); + + // See which SIGs we are eligible to autojoin. + Statement stmt = conn.createStatement(); + StringBuffer sql = + new StringBuffer("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember, sigs " + + "WHERE sigmember.uid = users.uid AND sigmember.sigid = sigs.sigid " + + "AND users.is_anon = 1 AND sigs.join_lvl <= "); + sql.append(level).append(';'); + if (logger.isDebugEnabled()) + logger.debug("SQL: " + sql.toString()); + ResultSet rs = stmt.executeQuery(sql.toString()); + + // Save the SIGIDs returned into temporary array lists. + ArrayList tmp_sigid = new ArrayList(); + ArrayList tmp_locked = new ArrayList(); + while (rs.next()) + { // save off the "sigid" and "locked" column pairs + tmp_sigid.add(new Integer(rs.getInt(1))); + tmp_locked.add(new Boolean(rs.getBoolean(2))); + + } // end while + + // Figure out which of those SIGs we haven't joined yet and set up to autojoin them. + sql.setLength(0); + for (int i=0; i0) + { // execute the big update + sql.append(';'); + if (logger.isDebugEnabled()) + logger.debug("SQL: " + sql.toString()); + stmt.executeUpdate(sql.toString()); + + } // end if + + } // end autoJoinSIGs + /*-------------------------------------------------------------------------------- * Implementations from interface UserContext *-------------------------------------------------------------------------------- @@ -402,6 +461,9 @@ class UserContextImpl implements UserContext, UserBackend email_verified = true; level = DefaultLevels.afterEmailVerification(); + autoJoinSIGs(conn); // EJB 4/14/2001 - handle autojoin of any SIGs we couldn't autojoin at account + // creation time + // record an audit message indicating that we verified OK ar = new AuditRecord(AuditRecord.VERIFY_OK,uid,remote_addr); @@ -1414,5 +1476,30 @@ class UserContextImpl implements UserContext, UserBackend this.last_access = last_access; } // end loadNewUser + + void autoJoinSIGs() throws DataException + { + Connection conn = null; + + try + { // get a database connection and call the internal function + conn = datapool.getConnection(); + autoJoinSIGs(conn); + + } // end try + catch (SQLException e) + { // database error - this is a DataException + logger.error("error autojoining SIGs: " + e.getMessage(),e); + throw new DataException("unable to autojoin SIGs: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end autoJoinSIGs } // end class UserContextImpl diff --git a/src/com/silverwrist/venice/core/impl/VeniceEngineImpl.java b/src/com/silverwrist/venice/core/impl/VeniceEngineImpl.java index 24997bd..6b7c951 100644 --- a/src/com/silverwrist/venice/core/impl/VeniceEngineImpl.java +++ b/src/com/silverwrist/venice/core/impl/VeniceEngineImpl.java @@ -1029,31 +1029,6 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend if (logger.isDebugEnabled()) logger.debug("...created userprefs"); - // get the list of SIG IDs the anonymous user is a member of - rs = stmt.executeQuery("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember " - + "WHERE sigmember.uid = users.uid AND users.is_anon = 1;"); - sql.setLength(0); - while (rs.next()) - { // set up to insert into the sigmember table - if (sql.length()==0) - sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES "); - else - sql.append(", "); - sql.append("(").append(rs.getInt(1)).append(", ").append(new_uid).append(", "); - sql.append(DefaultLevels.memberSIG()).append(", ").append(rs.getInt(2)).append(")"); - - } // end while - - if (sql.length()>0) - { // execute the big update - sql.append(';'); - stmt.executeUpdate(sql.toString()); - - } // end if - - if (logger.isDebugEnabled()) - logger.debug("...loaded default SIG memberships"); - // get the sidebox configuration for this user rs = stmt.executeQuery("SELECT sideboxes.boxid, sideboxes.sequence, sideboxes.param FROM sideboxes, " + "users WHERE sideboxes.uid = users.uid AND users.is_anon = 1;"); @@ -1144,6 +1119,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend // create a new context for the user (they're now effectively logged in) UserContextImpl rc = new UserContextImpl(this,datapool); rc.loadNewUser(remote_addr,new_uid,DefaultLevels.newUser(),username,confirm_num,created,created); + rc.autoJoinSIGs(); // EJB 4/14/2001 if (logger.isDebugEnabled()) logger.debug("...created new user context"); return rc; diff --git a/src/com/silverwrist/venice/servlets/format/TopicPosts.java b/src/com/silverwrist/venice/servlets/format/TopicPosts.java index fd3c7df..031e342 100644 --- a/src/com/silverwrist/venice/servlets/format/TopicPosts.java +++ b/src/com/silverwrist/venice/servlets/format/TopicPosts.java @@ -405,4 +405,13 @@ public class TopicPosts implements JSPRender } // end getNumPostsPerPage + public boolean displayAttachmentInNewWindow(TopicMessageContext msg) + { + if (!(msg.hasAttachment())) + return false; + String type = msg.getAttachmentType(); + return (type.startsWith("text/") || type.startsWith("image/")); + + } // end displayAttachmentInNewWindow + } // end class TopicPosts diff --git a/web/format/posts.jsp b/web/format/posts.jsp index ffbd496..55768b0 100644 --- a/web/format/posts.jsp +++ b/web/format/posts.jsp @@ -26,18 +26,13 @@ RenderData rdat = RenderConfig.createRenderData(application,request,response); %> <% if (rdat.useHTMLComments()) { %><% } %> -<% - String tmp; - if (data.isTopicArchived()) - tmp = "(Archived) "; - else if (data.isTopicFrozen()) - tmp = "(Frozen) "; - else - tmp = ""; - rdat.writeContentHeader(out,data.getTopicName(),tmp + data.getTotalMessages() + " Total; " - + data.getNewMessages() + " New; Last: " - + rdat.formatDateForDisplay(data.getLastUpdate())); -%> +<%= rdat.getStdFontTag("#3333AA",5) %><%= data.getTopicName() %>   +<%= rdat.getStdFontTag("#3333AA",3) %> + <% if (data.isTopicArchived()) { %>(Archived)<% } else if (data.isTopicFrozen()) { %>(Frozen)<% } %> + <%= data.getTotalMessages() %> Total; <%= data.getNewMessages() %> New; + Last: <%= rdat.formatDateForDisplay(data.getLastUpdate()) %> + +
@@ -176,7 +171,8 @@ ) <% if (msg.hasAttachment()) { %> " + <% if (data.displayAttachmentInNewWindow(msg)) { %>TARGET="_blank"<% } %> >" ALT="(Attachment <%= msg.getAttachmentFilename() %> - <%= msg.getAttachmentLength() %> bytes)" WIDTH=16 HEIGHT=16 BORDER=0>