From 110f5f505610cd80c22a25341491a89ff7c31203 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Mon, 25 Sep 2023 08:59:00 +0000 Subject: [PATCH 1/3] mobb fix commit: 5df069df-4559-4af4-9460-f7242f0c1ae7 --- src/main/java/org/cysecurity/cspf/jvl/controller/Register.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java index afa2f83..af0a269 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java @@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re { Statement stmt = con.createStatement(); - stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); + stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,"+stmt.enquoteLiteral(String.valueOf(secret))+")"); stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')"); response.sendRedirect("index.jsp"); From c3b822c4b361749249ae20600abb5d0d9ecca437 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Mon, 25 Sep 2023 08:59:01 +0000 Subject: [PATCH 2/3] mobb fix commit: f4ef51cd-5754-4101-9ed4-96ff133caf06 --- .../org/cysecurity/cspf/jvl/controller/UsernameCheck.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java b/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java index ab1bab7..7cf4c1e 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java @@ -6,6 +6,7 @@ package org.cysecurity.cspf.jvl.controller; +import java.sql.PreparedStatement; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; @@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where username=?"); + stmt.setString(1, user); + rs=stmt.executeQuery(); if (rs.next()) { json.put("available", "1"); From 802357ddefa3b2fcd123708cade0f92d9e5ddd22 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Mon, 25 Sep 2023 08:59:01 +0000 Subject: [PATCH 3/3] mobb fix commit: 403a5e05-b3cb-4e7d-bda5-b67e05cd6418 --- .../org/cysecurity/cspf/jvl/controller/LoginValidator.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 2331d13..4a0f91d 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -6,6 +6,7 @@ package org.cysecurity.cspf.jvl.controller; +import java.sql.PreparedStatement; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; @@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where username=? and password='"+pass+"'"); + stmt.setString(1, user); + rs=stmt.executeQuery(); if(rs != null && rs.next()){ HttpSession session=request.getSession(); session.setAttribute("isLoggedIn", "1");