[FATAL ] SQL-Injektions werden verhindert

-Es werden nur Eingaben des Typs '[a-z]+\\.[a- z]+@adolfinum+\\.de$' an die mySQL Tabelle weiter gebeben.
2020-11-12 22:54:10 +01:00
parent 37b45d998d
commit ad944b9616
1 changed files with 16 additions and 13 deletions
--- a/src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
+++ b/src/main/java/com/github/cato447/AbizeitungVotingSystem/controller/VotingController.java
@@ -68,8 +68,9 @@ public class VotingController {

    @RequestMapping("/vote")
    public String VerifyName(@RequestParam String name, Model model) {
+        if (name.strip().toLowerCase().matches("[a-z]+\\.[a-z]+@adolfinum+\\.de$")) {
            try {
-            Voter voter = voterRepository.findByEmail(name);
+                Voter voter = voterRepository.findByEmail(name.toLowerCase().strip());
                if (voter.getVote_status()) {
                    LOGGER.warn(name + " has already voted");
                    return "errors/alreadyVoted.html";
@@ -84,6 +85,8 @@ public class VotingController {
                return "errors/notRegistered.html";
            }
        }
+        return "errors/wrongEmail.html";
+    }

    @RequestMapping("/processVote")
    public String ProcessVote(@RequestParam String name) {