[şerver] Truncate user supplied strings to field length

1 files changed, 28 insertions, 4 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java
index 5af96eae..106773f4 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java
@@ -27,6 +27,9 @@ public class DbLecture {
 	private static final Logger LOGGER = Logger.getLogger(DbLecture.class);
 
 	public static String create(UserInfo user, LectureWrite lecture) throws SQLException {
+		if (lecture.lectureName.length() > 100) {
+			lecture.lectureName = lecture.lectureName.substring(0, 100);
+		}
 		try (MysqlConnection connection = Database.getConnection()) {
 			MysqlStatement stmt = connection.prepareStatement("INSERT INTO lecture"
 					+ " (lectureid, displayname, description, imageversionid, autoupdate,"
@@ -34,13 +37,23 @@ public class DbLecture {
 					+ "  ownerid, updaterid, runscript, nics, netrules, isexam,"
 					+ "  hasinternetaccess, caneditdefault, canadmindefault)"
 					+ "         VALUES             "
-					+ " (:lectureid, '<defunct>', '<defunct>', :imageversionid, 0,"
-					+ "  0, 0, 0, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(),"
-					+ "  :userid, :userid, NULL, NULL, NULL, 0, 0, 0, 0)");
+					+ " (:lectureid, :displayname, :description, :imageversionid, :autoupdate,"
+					+ "  :isenabled, :starttime, :endtime, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(),"
+					+ "  :userid, :userid, NULL, NULL, NULL, :isexam, :hasinternetaccess, :canedit, :canadmin)");
 			String lectureId = UUID.randomUUID().toString();
 			stmt.setString("lectureid", lectureId);
+			stmt.setString("displayname", lecture.lectureName);
+			stmt.setString("description", lecture.description);
 			stmt.setString("imageversionid", lecture.imageVersionId);
+			stmt.setBoolean("autoupdate", lecture.autoUpdate);
+			stmt.setBoolean("isenabled", lecture.isEnabled);
+			stmt.setLong("starttime", lecture.startTime);
+			stmt.setLong("endtime", lecture.endTime);
 			stmt.setString("userid", user.userId);
+			stmt.setBoolean("isexam", lecture.isExam);
+			stmt.setBoolean("hasinternetaccess", lecture.hasInternetAccess);
+			stmt.setBoolean("canedit", lecture.defaultPermissions.edit);
+			stmt.setBoolean("canadmin", lecture.defaultPermissions.admin);
 			stmt.executeUpdate();
 			update(connection, user, lectureId, lecture);
 			connection.commit();
@@ -79,7 +92,18 @@ public class DbLecture {
 
 	private static void update(MysqlConnection connection, UserInfo user, String lectureId,
 			LectureWrite lecture) throws SQLException {
-		String nicsJson = Json.serialize(lecture.nics);
+		if (lecture.lectureName.length() > 100) {
+			lecture.lectureName = lecture.lectureName.substring(0, 100);
+		}
+		String nicsJson = null;
+		if (lecture.nics != null && !lecture.nics.isEmpty()) {
+			for (;;) {
+				nicsJson = Json.serialize(lecture.nics);
+				if (nicsJson.length() < 200)
+					break;
+				lecture.nics.remove(0);
+			}
+		}
 		String netruleJson = Json.serialize(lecture.networkExceptions);
 		MysqlStatement stmt = connection.prepareStatement("UPDATE lecture SET "
 				+ " displayname = :displayname, description = :description, imageversionid = :imageversionid,"