cato447/AbizeitungVotingSystem
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[FATAL ] SQL-Injektions werden verhindert

Browse Source 
-Es werden  nur Eingaben des Typs '[a-z]+\\.[a- z]+@adolfinum+\\.de$' an die mySQL Tabelle weiter gebeben.
This commit is contained in:
cato447
2020-11-12 22:54:10 +01:00
parent 37b45d998d
commit ad944b9616
1 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
View File

@@ -68,8 +68,9 @@ public class VotingController {
@RequestMapping("/vote") @RequestMapping("/vote")
public String VerifyName(@RequestParam String name, Model model) { public String VerifyName(@RequestParam String name, Model model) {
if (name.strip().toLowerCase().matches("[a-z]+\\.[a-z]+@adolfinum+\\.de$")) {
try { try {
Voter voter = voterRepository.findByEmail(name); Voter voter = voterRepository.findByEmail(name.toLowerCase().strip());
if (voter.getVote_status()) { if (voter.getVote_status()) {
LOGGER.warn(name + " has already voted"); LOGGER.warn(name + " has already voted");
return "errors/alreadyVoted.html"; return "errors/alreadyVoted.html";
@@ -84,6 +85,8 @@ public class VotingController {
return "errors/notRegistered.html"; return "errors/notRegistered.html";
} }
} }
return "errors/wrongEmail.html";
}
@RequestMapping("/processVote") @RequestMapping("/processVote")
public String ProcessVote(@RequestParam String name) { public String ProcessVote(@RequestParam String name) {