Check if the ObjectIds are valid.
This commit is contained in:
Las Zenow
parent
d0f6b83423
commit
41258ee863
5 changed files with 38 additions and 15 deletions
13
admin.go
13
admin.go
|
|
@ -48,7 +48,7 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
var isNew bool
|
var isNew bool
|
||||||
ids := strings.Split(mux.Vars(r)["ids"], "/")
|
ids := strings.Split(mux.Vars(r)["ids"], "/")
|
||||||
for _, idStr := range ids {
|
for _, idStr := range ids {
|
||||||
if idStr == "" {
|
if !bson.IsObjectIdHex(idStr) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -79,11 +79,12 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
if sess.User == "" {
|
idStr := mux.Vars(r)["id"]
|
||||||
|
if sess.User == "" || !bson.IsObjectIdHex(idStr) {
|
||||||
notFound(w)
|
notFound(w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
id := bson.ObjectIdHex(mux.Vars(r)["id"])
|
id := bson.ObjectIdHex(idStr)
|
||||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
notFound(w)
|
notFound(w)
|
||||||
|
|
@ -107,12 +108,12 @@ func cleanEmptyStr(s []string) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
if sess.User == "" {
|
idStr := mux.Vars(r)["id"]
|
||||||
|
if sess.User == "" || !bson.IsObjectIdHex(idStr) {
|
||||||
notFound(w)
|
notFound(w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
idStr := mux.Vars(r)["id"]
|
|
||||||
id := bson.ObjectIdHex(idStr)
|
id := bson.ObjectIdHex(idStr)
|
||||||
title := r.FormValue("title")
|
title := r.FormValue("title")
|
||||||
publisher := r.FormValue("publisher")
|
publisher := r.FormValue("publisher")
|
||||||
|
|
@ -210,7 +211,7 @@ func storeHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
var titles []string
|
var titles []string
|
||||||
ids := strings.Split(mux.Vars(r)["ids"], "/")
|
ids := strings.Split(mux.Vars(r)["ids"], "/")
|
||||||
for _, idStr := range ids {
|
for _, idStr := range ids {
|
||||||
if idStr == "" {
|
if !bson.IsObjectIdHex(idStr) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
4
cover.go
4
cover.go
|
|
@ -23,6 +23,10 @@ import (
|
||||||
|
|
||||||
func coverHandler(w http.ResponseWriter, r *http.Request) {
|
func coverHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
vars := mux.Vars(r)
|
vars := mux.Vars(r)
|
||||||
|
if !bson.IsObjectIdHex(vars["id"]) {
|
||||||
|
notFound(w)
|
||||||
|
return
|
||||||
|
}
|
||||||
id := bson.ObjectIdHex(vars["id"])
|
id := bson.ObjectIdHex(vars["id"])
|
||||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||||
if err != nil || len(books) == 0 {
|
if err != nil || len(books) == 0 {
|
||||||
|
|
|
||||||
|
|
@ -172,6 +172,9 @@ func readHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
func openReadEpub(w http.ResponseWriter, r *http.Request, sess *Session) (*epubgo.Epub, Book) {
|
func openReadEpub(w http.ResponseWriter, r *http.Request, sess *Session) (*epubgo.Epub, Book) {
|
||||||
var book Book
|
var book Book
|
||||||
id := mux.Vars(r)["id"]
|
id := mux.Vars(r)["id"]
|
||||||
|
if !bson.IsObjectIdHex(id) {
|
||||||
|
return nil, book
|
||||||
|
}
|
||||||
books, _, err := db.GetBooks(bson.M{"_id": bson.ObjectIdHex(id)})
|
books, _, err := db.GetBooks(bson.M{"_id": bson.ObjectIdHex(id)})
|
||||||
if err != nil || len(books) == 0 {
|
if err != nil || len(books) == 0 {
|
||||||
return nil, book
|
return nil, book
|
||||||
|
|
@ -194,7 +197,7 @@ func contentHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
vars := mux.Vars(r)
|
vars := mux.Vars(r)
|
||||||
id := vars["id"]
|
id := vars["id"]
|
||||||
file := vars["file"]
|
file := vars["file"]
|
||||||
if file == "" {
|
if file == "" || !bson.IsObjectIdHex(id) {
|
||||||
notFound(w)
|
notFound(w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
15
stats.go
15
stats.go
|
|
@ -60,18 +60,21 @@ func appendMuxVars(vars map[string]string, stats map[string]interface{}) {
|
||||||
for key, value := range vars {
|
for key, value := range vars {
|
||||||
switch {
|
switch {
|
||||||
case key == "id":
|
case key == "id":
|
||||||
stats["id"] = bson.ObjectIdHex(value)
|
if bson.IsObjectIdHex(value) {
|
||||||
|
stats["id"] = bson.ObjectIdHex(value)
|
||||||
|
}
|
||||||
case key == "ids":
|
case key == "ids":
|
||||||
var objectIds []bson.ObjectId
|
var objectIds []bson.ObjectId
|
||||||
ids := strings.Split(value, "/")
|
ids := strings.Split(value, "/")
|
||||||
for _, id := range ids {
|
for _, id := range ids {
|
||||||
if id == "" {
|
if bson.IsObjectIdHex(value) {
|
||||||
continue
|
objectIds = append(objectIds, bson.ObjectIdHex(id))
|
||||||
}
|
}
|
||||||
objectIds = append(objectIds, bson.ObjectIdHex(id))
|
|
||||||
}
|
}
|
||||||
stats["ids"] = objectIds
|
if len(objectIds) > 0 {
|
||||||
stats["id"] = objectIds[0]
|
stats["ids"] = objectIds
|
||||||
|
stats["id"] = objectIds[0]
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
stats[key] = value
|
stats[key] = value
|
||||||
}
|
}
|
||||||
|
|
|
||||||
16
trantor.go
16
trantor.go
|
|
@ -48,9 +48,15 @@ type bookData struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
|
idStr := mux.Vars(r)["id"]
|
||||||
|
if !bson.IsObjectIdHex(idStr) {
|
||||||
|
notFound(w)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var data bookData
|
var data bookData
|
||||||
data.S = GetStatus(w, r)
|
data.S = GetStatus(w, r)
|
||||||
id := bson.ObjectIdHex(mux.Vars(r)["id"])
|
id := bson.ObjectIdHex(idStr)
|
||||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||||
if err != nil || len(books) == 0 {
|
if err != nil || len(books) == 0 {
|
||||||
notFound(w)
|
notFound(w)
|
||||||
|
|
@ -62,7 +68,13 @@ func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
|
||||||
id := bson.ObjectIdHex(mux.Vars(r)["id"])
|
idStr := mux.Vars(r)["id"]
|
||||||
|
if !bson.IsObjectIdHex(idStr) {
|
||||||
|
notFound(w)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
id := bson.ObjectIdHex(idStr)
|
||||||
books, _, err := db.GetBooks(bson.M{"_id": id})
|
books, _, err := db.GetBooks(bson.M{"_id": id})
|
||||||
if err != nil || len(books) == 0 {
|
if err != nil || len(books) == 0 {
|
||||||
notFound(w)
|
notFound(w)
|
||||||
|
|
|
||||||
Reference in a new issue