cato447/AbizeitungVotingSystem
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[FATAL ] SQL-Injektions werden verhindert

Browse Source 
-Es werden  nur Eingaben des Typs '[a-z]+\\.[a- z]+@adolfinum+\\.de$' an die mySQL Tabelle weiter gebeben.
This commit is contained in:
cato447
2020-11-12 22:54:10 +01:00
parent 37b45d998d
commit ad944b9616
1 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
View File

@@ -68,21 +68,24 @@ public class VotingController {
@RequestMapping("/vote")
public String VerifyName(@RequestParam String name, Model model) {
try {
Voter voter = voterRepository.findByEmail(name);
if (voter.getVote_status()) {
LOGGER.warn(name + " has already voted");
return "errors/alreadyVoted.html";
} else {
List<Candidate> candidates = candidateRepository.findAll();
model.addAttribute("candidates", candidates);
LOGGER.info(name + " is voting now");
return "voting.html";
if (name.strip().toLowerCase().matches("[a-z]+\\.[a-z]+@adolfinum+\\.de$")) {
try {
Voter voter = voterRepository.findByEmail(name.toLowerCase().strip());
if (voter.getVote_status()) {
LOGGER.warn(name + " has already voted");
return "errors/alreadyVoted.html";
} else {
List<Candidate> candidates = candidateRepository.findAll();
model.addAttribute("candidates", candidates);
LOGGER.info(name + " is voting now");
return "voting.html";
}
} catch (Exception e) {
LOGGER.error(name + " is not allowed to vote");
return "errors/notRegistered.html";
}
} catch (Exception e) {
LOGGER.error(name + " is not allowed to vote");
return "errors/notRegistered.html";
}
return "errors/wrongEmail.html";
}
@RequestMapping("/processVote")