summaryrefslogtreecommitdiff
path: root/src/site.clj
diff options
context:
space:
mode:
Diffstat (limited to 'src/site.clj')
-rwxr-xr-xsrc/site.clj39
1 files changed, 12 insertions, 27 deletions
diff --git a/src/site.clj b/src/site.clj
index 15ac373..e7d401f 100755
--- a/src/site.clj
+++ b/src/site.clj
@@ -66,22 +66,6 @@
;; Utils
-(defn replace-in-str [s table]
- (loop [ret s
- [[char replacement] & rest] table]
- (if (nil? char)
- ret
- (recur (.replaceAll ret char replacement)
- rest))))
-
-(defn encode-html-entities [s]
- (replace-in-str s [["&" "&"]
- ["'" "'"]
- ["\"" """]
- ["<" "&lt;"]
- [">" "&gt;"]]))
-
-
(defn swap [f]
(fn [& more] (apply f (reverse more))))
@@ -148,10 +132,10 @@
(assoc d :created_on (.getTime (d :created_on))))
(defn process-message-for-output [d]
- {"nick" (encode-html-entities (d :nick))
+ {"nick" (escape-html (d :nick))
"message_id" (d :message_id)
"created_on" (.format formatter (d :created_on))
- "content" (encode-html-entities (d :content))})
+ "content" (escape-html (d :content))})
(defn new-messages [room since-ts]
(let [since-date (new Date (long since-ts))]
@@ -161,7 +145,7 @@
(defn process-user [u]
(if (non-empty-string? (u :avatar))
{"nick" (u :nick)
- "avatar" (encode-html-entities (u :avatar))}
+ "avatar" (escape-html (u :avatar))}
{"nick" (u :nick)}))
(defn prepare-user-list [room]
@@ -289,7 +273,7 @@
(doseq [a [:nick :avatar :contact :bio]]
(let [v (user-info a)]
(.setAttribute st (name a)
- (if (non-empty-string? v) (encode-html-entities v)))))
+ (if (non-empty-string? v) (escape-html v)))))
(.setAttribute st "dumps"
(to-array (map process-message-for-output dumps)))
(if (< (+ dump-offset dumps-per-page) dump-count)
@@ -525,16 +509,13 @@
(GET "/u/:nick/:offset" (profile session
(params :nick)
(params :offset)))
- (GET "/update-profile" (update-profile session params))
(GET "/login" (login session params))
(GET "/logout" (logout session))
(GET "/register" (serve-static "static" "register.html"))
- (GET "/submit-registration" (register session params))
(GET "/:room/chat" (no-cache (validated-chat session (-> request :route-params :room))))
(GET "/chat" (no-cache (validated-chat session "RoomA")))
(GET "/browser" (browser session))
(GET "/refresh" (validated-refresh session params))
- (GET "/msg" (validated-msg session params))
(GET "/log" (validated-log session "RoomA" "0" params))
(GET "/:room/log" (validated-log session
(-> request :route-params :room)
@@ -543,16 +524,20 @@
(-> request :route-params :room)
(-> request :route-params :offset)
params))
+ ;; TODO: validate POST Referrer headers for POSTs
+ (POST "/msg" (validated-msg session params))
+ (POST "/submit-registration" (register session params))
+ (POST "/update-profile" (update-profile session params))
(ANY "*" (unknown-page params)))
-(decorate pichat
- (with-mimetypes)
- (with-session {:type :memory, :expires (* 60 60)}))
-; All uploading-related actions use the with-multipart decoration.
(defroutes multipart
(POST "/upload" (upload session params)))
+(decorate pichat
+ (with-mimetypes)
+ (with-session {:type :memory, :expires (* 60 60)}))
+
(decorate multipart
(with-mimetypes)
(with-session {:type :memory, :expires (* 60 60)})
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2025-12-15 04:31:15 +0000