From ad944b96168f257fa30c743d56ad072445976b00 Mon Sep 17 00:00:00 2001
From: cato447 <simon@bussmann.es>
Date: Thu, 12 Nov 2020 22:54:10 +0100
Subject: [PATCH] [FATAL ] SQL-Injektions werden verhindert

-Es werden  nur Eingaben des Typs '[a-z]+\\.[a- z]+@adolfinum+\\.de$' an die mySQL Tabelle weiter gebeben.
---
 .../controller/VotingController.java          | 29 ++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java b/src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
index d321c27..ed14fd3 100644
--- a/src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
+++ b/src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
@@ -68,21 +68,24 @@ public class VotingController {
 
     @RequestMapping("/vote")
     public String VerifyName(@RequestParam String name, Model model) {
-        try {
-            Voter voter = voterRepository.findByEmail(name);
-            if (voter.getVote_status()) {
-                LOGGER.warn(name + " has already voted");
-                return "errors/alreadyVoted.html";
-            } else {
-                List<Candidate> candidates = candidateRepository.findAll();
-                model.addAttribute("candidates", candidates);
-                LOGGER.info(name + " is voting now");
-                return "voting.html";
+        if (name.strip().toLowerCase().matches("[a-z]+\\.[a-z]+@adolfinum+\\.de$")) {
+            try {
+                Voter voter = voterRepository.findByEmail(name.toLowerCase().strip());
+                if (voter.getVote_status()) {
+                    LOGGER.warn(name + " has already voted");
+                    return "errors/alreadyVoted.html";
+                } else {
+                    List<Candidate> candidates = candidateRepository.findAll();
+                    model.addAttribute("candidates", candidates);
+                    LOGGER.info(name + " is voting now");
+                    return "voting.html";
+                }
+            } catch (Exception e) {
+                LOGGER.error(name + " is not allowed to vote");
+                return "errors/notRegistered.html";
             }
-        } catch (Exception e) {
-            LOGGER.error(name + " is not allowed to vote");
-            return "errors/notRegistered.html";
         }
+        return "errors/wrongEmail.html";
     }
 
     @RequestMapping("/processVote")