diff options
author | Simon Rettberg | 2015-08-04 17:58:49 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-08-04 17:58:49 +0200 |
commit | fd3f993153723514e0019bc722b58155b255c92a (patch) | |
tree | ed3d9eddee97c77316a2eb4363d2e5b42ab8cb46 /dozentenmodulserver/src/main/java/org | |
parent | [client] Fix TransferTask initiating a huge amount of connections (diff) | |
download | tutor-module-fd3f993153723514e0019bc722b58155b255c92a.tar.gz tutor-module-fd3f993153723514e0019bc722b58155b255c92a.tar.xz tutor-module-fd3f993153723514e0019bc722b58155b255c92a.zip |
[şerver] Truncate user supplied strings to field length
Diffstat (limited to 'dozentenmodulserver/src/main/java/org')
4 files changed, 47 insertions, 13 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java index a296ad87..f9a22429 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java @@ -193,6 +193,9 @@ public class DbImage { * @throws SQLException */ public static String createImage(UserInfo user, String imageName) throws SQLException { + if (imageName.length() > 100) { + imageName = imageName.substring(0, 100); + } try (MysqlConnection connection = Database.getConnection()) { MysqlStatement stmt = connection.prepareStatement("INSERT INTO imagebase" + " (imagebaseid, displayname, createtime, updatetime, ownerid, updaterid, sharemode," @@ -215,16 +218,10 @@ public class DbImage { public static void updateImageMetadata(UserInfo user, String imageBaseId, ImageBaseWrite image) throws SQLException { + if (image.imageName.length() > 100) { + image.imageName = image.imageName.substring(0, 100); + } try (MysqlConnection connection = Database.getConnection()) { - /* - 1: string imageName, - 2: string description, - 3: i32 osId, - 4: bool isTemplate, - 5: ImagePermissions defaultPermissions, - 6: ShareMode shareMode, - 7: optional UUID ownerId, - */ MysqlStatement stmt = connection.prepareStatement("UPDATE imagebase" + " SET displayname = :imagename, description = :description," + " osid = :osid, virtid = :virtid, istemplate = :istemplate, canlinkdefault = :canlink," diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java index 5af96eae..106773f4 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java @@ -27,6 +27,9 @@ public class DbLecture { private static final Logger LOGGER = Logger.getLogger(DbLecture.class); public static String create(UserInfo user, LectureWrite lecture) throws SQLException { + if (lecture.lectureName.length() > 100) { + lecture.lectureName = lecture.lectureName.substring(0, 100); + } try (MysqlConnection connection = Database.getConnection()) { MysqlStatement stmt = connection.prepareStatement("INSERT INTO lecture" + " (lectureid, displayname, description, imageversionid, autoupdate," @@ -34,13 +37,23 @@ public class DbLecture { + " ownerid, updaterid, runscript, nics, netrules, isexam," + " hasinternetaccess, caneditdefault, canadmindefault)" + " VALUES " - + " (:lectureid, '<defunct>', '<defunct>', :imageversionid, 0," - + " 0, 0, 0, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()," - + " :userid, :userid, NULL, NULL, NULL, 0, 0, 0, 0)"); + + " (:lectureid, :displayname, :description, :imageversionid, :autoupdate," + + " :isenabled, :starttime, :endtime, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()," + + " :userid, :userid, NULL, NULL, NULL, :isexam, :hasinternetaccess, :canedit, :canadmin)"); String lectureId = UUID.randomUUID().toString(); stmt.setString("lectureid", lectureId); + stmt.setString("displayname", lecture.lectureName); + stmt.setString("description", lecture.description); stmt.setString("imageversionid", lecture.imageVersionId); + stmt.setBoolean("autoupdate", lecture.autoUpdate); + stmt.setBoolean("isenabled", lecture.isEnabled); + stmt.setLong("starttime", lecture.startTime); + stmt.setLong("endtime", lecture.endTime); stmt.setString("userid", user.userId); + stmt.setBoolean("isexam", lecture.isExam); + stmt.setBoolean("hasinternetaccess", lecture.hasInternetAccess); + stmt.setBoolean("canedit", lecture.defaultPermissions.edit); + stmt.setBoolean("canadmin", lecture.defaultPermissions.admin); stmt.executeUpdate(); update(connection, user, lectureId, lecture); connection.commit(); @@ -79,7 +92,18 @@ public class DbLecture { private static void update(MysqlConnection connection, UserInfo user, String lectureId, LectureWrite lecture) throws SQLException { - String nicsJson = Json.serialize(lecture.nics); + if (lecture.lectureName.length() > 100) { + lecture.lectureName = lecture.lectureName.substring(0, 100); + } + String nicsJson = null; + if (lecture.nics != null && !lecture.nics.isEmpty()) { + for (;;) { + nicsJson = Json.serialize(lecture.nics); + if (nicsJson.length() < 200) + break; + lecture.nics.remove(0); + } + } String netruleJson = Json.serialize(lecture.networkExceptions); MysqlStatement stmt = connection.prepareStatement("UPDATE lecture SET " + " displayname = :displayname, description = :description, imageversionid = :imageversionid," diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java index 451b3217..886f08ec 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java @@ -77,6 +77,16 @@ public class DbUser { * @throws SQLException */ public static void writeUserOnLogin(UserInfo ui) throws SQLException { + // TODO: Ugly hardcode solution - should be queried from DB, with a nice helper class + if (ui.firstName.length() > 50) { + ui.firstName = ui.firstName.substring(0, 50); + } + if (ui.lastName.length() > 50) { + ui.lastName = ui.lastName.substring(0, 50); + } + if (ui.eMail.length() > 50) { + ui.eMail = ui.eMail.substring(0, 50); + } try (MysqlConnection connection = Database.getConnection()) { MysqlStatement stmt = connection.prepareStatement("INSERT INTO user" + " (userid, firstname, lastname, email, organizationid, lastlogin, canlogin, issuperuser)" diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/fileserv/ActiveUpload.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/fileserv/ActiveUpload.java index f2b95aaa..e7841ccd 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/fileserv/ActiveUpload.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/fileserv/ActiveUpload.java @@ -233,6 +233,9 @@ public class ActiveUpload implements HashCheckCallback { state = TransferState.ERROR; return; } + if (relPath.length() > 200) { + LOGGER.error("Generated file name is >200 chars. DB will not like it"); + } // Execute rename boolean ret = false; |