From c150609e5d2720e4e76caaa1576431d39014e8e1 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Mon, 25 Sep 2023 08:48:13 +0000 Subject: [PATCH 1/3] mobb fix commit: 8579e4d1-8192-46d5-98d1-af6657faeac3 --- src/main/java/org/cysecurity/cspf/jvl/controller/Register.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java index afa2f83..7d00d4f 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java @@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re { Statement stmt = con.createStatement(); - stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); + stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ("+stmt.enquoteLiteral(String.valueOf(user))+",'"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')"); response.sendRedirect("index.jsp"); From 5327dab1a3719767660ecefd7b2afe7186bb1208 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Mon, 25 Sep 2023 08:48:14 +0000 Subject: [PATCH 2/3] mobb fix commit: f4ef51cd-5754-4101-9ed4-96ff133caf06 --- .../org/cysecurity/cspf/jvl/controller/UsernameCheck.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java b/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java index ab1bab7..7cf4c1e 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java @@ -6,6 +6,7 @@ package org.cysecurity.cspf.jvl.controller; +import java.sql.PreparedStatement; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; @@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where username=?"); + stmt.setString(1, user); + rs=stmt.executeQuery(); if (rs.next()) { json.put("available", "1"); From 56fecbf5b866248b7ba48fb081a038c1edd612a4 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Mon, 25 Sep 2023 08:48:15 +0000 Subject: [PATCH 3/3] mobb fix commit: 403a5e05-b3cb-4e7d-bda5-b67e05cd6418 --- .../org/cysecurity/cspf/jvl/controller/LoginValidator.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 2331d13..4a0f91d 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -6,6 +6,7 @@ package org.cysecurity.cspf.jvl.controller; +import java.sql.PreparedStatement; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; @@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where username=? and password='"+pass+"'"); + stmt.setString(1, user); + rs=stmt.executeQuery(); if(rs != null && rs.next()){ HttpSession session=request.getSession(); session.setAttribute("isLoggedIn", "1");