Mercurial > hg > Members > nobuyasu > jungle-network

comparison src/main/java/app/bbs/ShowMessageWithTimeStampServlet.java @ 176:ac7d1070f449

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sanitizing
author tatsuki
date Wed, 30 Jul 2014 22:17:23 +0900
parents 066f58e93a14
children 6f104ab4eb81
comparison
equal deleted inserted replaced
175:066f58e93a14 176:ac7d1070f449
42 } 42 }
43 } 43 }
44 44
45 private void printBoard(String _bname, PrintWriter _pw) throws Exception { 45 private void printBoard(String _bname, PrintWriter _pw) throws Exception {
46 _pw.write("<html><body>\n"); 46 _pw.write("<html><body>\n");
47 _pw.write("<h1>" + _bname + "</h1>\n"); 47 _pw.write("<h1>" + bbs.sanitize(_bname) + "</h1>\n");
48 _pw.write("<p>Latest renew time : " + bbs.getRenewTime(_bname) 48 _pw.write("<p>Latest renew time : " + bbs.getRenewTime(_bname)
49 + "</p>\n"); 49 + "</p>\n");
50 ; 50 ;
51 51
52 _pw.write("<form action='" + createBoardMessagePath + "' method='POST'\n"); 52 _pw.write("<form action='" + createBoardMessagePath + "' method='POST'\n");
53 _pw.write("<p>Author : <input type='text' name='author'/> <input type='hidden' name='bname' value='" + _bname + "'/> EditKey : <input type='text' name='key'/></p>\n"); 53 _pw.write("<p>Author : <input type='text' name='author'/> <input type='hidden' name='bname' value='" +bbs.sanitize( _bname) + "'/> EditKey : <input type='textarea' name='key'/></p>\n");
54 _pw.write("<p>Message<br/> <input type='textarea' name='msg'/> </p>\n"); 54 _pw.write("<p>Message<br/> <input type='textarea' name='msg'/> </p>\n");
55 _pw.write("<p><input type='submit' value='submit'/></p>\n"); 55 _pw.write("<p><input type='submit' value='submit'/></p>\n");
56 _pw.write("<small><a href=" + showMatrixPath + "?bname=" + _bname + "&uuid= >MatrixMode"+"</a></small><br>"); 56 _pw.write("<small><a href=" + showMatrixPath + "?bname=" + bbs.sanitize(_bname) + "&uuid= >MatrixMode"+"</a></small><br>");
57 57
58 for (BoardMessage msg : bbs.getMessages(_bname)) {//フォルダの表示 58 for (BoardMessage msg : bbs.getMessages(_bname)) {//フォルダの表示
59 _pw.write("<hr/>"); 59 _pw.write("<hr/>");
60 _pw.write("<p> Author <b>" + msg.getAuthor() + "</b></p>"); 60 _pw.write("<p> Author <b>" + bbs.sanitize(msg.getAuthor()) + "</b></p>");
61 _pw.write("<small><a href=" + editMessagePath + "?bname=" + _bname 61 _pw.write("<small><a href=" + editMessagePath + "?bname=" + bbs.sanitize(_bname)
62 + "&uuid=" + msg.getUUID() + ">"+ msg.getMessage() +"</a></small><br>"); 62 + "&uuid=" + msg.getUUID() + ">"+ bbs.sanitize(msg.getMessage()) +"</a></small><br>");
63 } 63 }
64 64
65 //forコメントの表示
66 _pw.write("</body></html>"); 65 _pw.write("</body></html>");
67 _pw.flush(); 66 _pw.flush();
68 } 67 }
69 } 68 }