Check if the ObjectIds are valid.
This commit is contained in:
Las Zenow
parent
d0f6b83423
commit
41258ee863
5 changed files with 38 additions and 15 deletions
13
admin.go
13
admin.go
|
|
@ -48,7 +48,7 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
|||
var isNew bool
|
||||
ids := strings.Split(mux.Vars(r)["ids"], "/")
|
||||
for _, idStr := range ids {
|
||||
if idStr == "" {
|
||||
if !bson.IsObjectIdHex(idStr) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
@ -79,11 +79,12 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
|||
}
|
||||
|
||||
func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||
if sess.User == "" {
|
||||
idStr := mux.Vars(r)["id"]
|
||||
if sess.User == "" || !bson.IsObjectIdHex(idStr) {
|
||||
notFound(w)
|
||||
return
|
||||
}
|
||||
id := bson.ObjectIdHex(mux.Vars(r)["id"])
|
||||
id := bson.ObjectIdHex(idStr)
|
||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||
if err != nil {
|
||||
notFound(w)
|
||||
|
|
@ -107,12 +108,12 @@ func cleanEmptyStr(s []string) []string {
|
|||
}
|
||||
|
||||
func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||
if sess.User == "" {
|
||||
idStr := mux.Vars(r)["id"]
|
||||
if sess.User == "" || !bson.IsObjectIdHex(idStr) {
|
||||
notFound(w)
|
||||
return
|
||||
}
|
||||
|
||||
idStr := mux.Vars(r)["id"]
|
||||
id := bson.ObjectIdHex(idStr)
|
||||
title := r.FormValue("title")
|
||||
publisher := r.FormValue("publisher")
|
||||
|
|
@ -210,7 +211,7 @@ func storeHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
|||
var titles []string
|
||||
ids := strings.Split(mux.Vars(r)["ids"], "/")
|
||||
for _, idStr := range ids {
|
||||
if idStr == "" {
|
||||
if !bson.IsObjectIdHex(idStr) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
|||
4
cover.go
4
cover.go
|
|
@ -23,6 +23,10 @@ import (
|
|||
|
||||
func coverHandler(w http.ResponseWriter, r *http.Request) {
|
||||
vars := mux.Vars(r)
|
||||
if !bson.IsObjectIdHex(vars["id"]) {
|
||||
notFound(w)
|
||||
return
|
||||
}
|
||||
id := bson.ObjectIdHex(vars["id"])
|
||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||
if err != nil || len(books) == 0 {
|
||||
|
|
|
|||
|
|
@ -172,6 +172,9 @@ func readHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
|||
func openReadEpub(w http.ResponseWriter, r *http.Request, sess *Session) (*epubgo.Epub, Book) {
|
||||
var book Book
|
||||
id := mux.Vars(r)["id"]
|
||||
if !bson.IsObjectIdHex(id) {
|
||||
return nil, book
|
||||
}
|
||||
books, _, err := db.GetBooks(bson.M{"_id": bson.ObjectIdHex(id)})
|
||||
if err != nil || len(books) == 0 {
|
||||
return nil, book
|
||||
|
|
@ -194,7 +197,7 @@ func contentHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
|||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
file := vars["file"]
|
||||
if file == "" {
|
||||
if file == "" || !bson.IsObjectIdHex(id) {
|
||||
notFound(w)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
15
stats.go
15
stats.go
|
|
@ -60,18 +60,21 @@ func appendMuxVars(vars map[string]string, stats map[string]interface{}) {
|
|||
for key, value := range vars {
|
||||
switch {
|
||||
case key == "id":
|
||||
stats["id"] = bson.ObjectIdHex(value)
|
||||
if bson.IsObjectIdHex(value) {
|
||||
stats["id"] = bson.ObjectIdHex(value)
|
||||
}
|
||||
case key == "ids":
|
||||
var objectIds []bson.ObjectId
|
||||
ids := strings.Split(value, "/")
|
||||
for _, id := range ids {
|
||||
if id == "" {
|
||||
continue
|
||||
if bson.IsObjectIdHex(value) {
|
||||
objectIds = append(objectIds, bson.ObjectIdHex(id))
|
||||
}
|
||||
objectIds = append(objectIds, bson.ObjectIdHex(id))
|
||||
}
|
||||
stats["ids"] = objectIds
|
||||
stats["id"] = objectIds[0]
|
||||
if len(objectIds) > 0 {
|
||||
stats["ids"] = objectIds
|
||||
stats["id"] = objectIds[0]
|
||||
}
|
||||
default:
|
||||
stats[key] = value
|
||||
}
|
||||
|
|
|
|||
16
trantor.go
16
trantor.go
|
|
@ -48,9 +48,15 @@ type bookData struct {
|
|||
}
|
||||
|
||||
func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||
idStr := mux.Vars(r)["id"]
|
||||
if !bson.IsObjectIdHex(idStr) {
|
||||
notFound(w)
|
||||
return
|
||||
}
|
||||
|
||||
var data bookData
|
||||
data.S = GetStatus(w, r)
|
||||
id := bson.ObjectIdHex(mux.Vars(r)["id"])
|
||||
id := bson.ObjectIdHex(idStr)
|
||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||
if err != nil || len(books) == 0 {
|
||||
notFound(w)
|
||||
|
|
@ -62,7 +68,13 @@ func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
|||
}
|
||||
|
||||
func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||
id := bson.ObjectIdHex(mux.Vars(r)["id"])
|
||||
idStr := mux.Vars(r)["id"]
|
||||
if !bson.IsObjectIdHex(idStr) {
|
||||
notFound(w)
|
||||
return
|
||||
}
|
||||
|
||||
id := bson.ObjectIdHex(idStr)
|
||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||
if err != nil || len(books) == 0 {
|
||||
notFound(w)
|
||||
|
|
|
|||
Reference in a new issue