package mircoders.servlet;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.GregorianCalendar;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import mir.entity.adapter.EntityAdapter;
-import mir.entity.adapter.EntityAdapterModel;
-import mir.entity.adapter.EntityIteratorAdapter;
import mir.entity.adapter.EntityAdapterEngine;
+import mir.entity.adapter.EntityAdapterModel;
import mir.generator.Generator;
import mir.log.LoggerWrapper;
import mir.misc.StringUtil;
import mir.servlet.ServletModule;
import mir.servlet.ServletModuleExc;
import mir.servlet.ServletModuleFailure;
-import mir.util.HTTPRequestParser;
-import mir.util.JDBCStringRoutines;
-import mir.util.SQLQueryBuilder;
-import mir.util.StringRoutines;
-import mir.util.URLBuilder;
+import mir.util.*;
import mircoders.entity.EntityContent;
import mircoders.entity.EntityUsers;
import mircoders.global.MirGlobal;
import mircoders.storage.DatabaseContent;
import mircoders.storage.DatabaseContentToTopics;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.*;
+
/**
* Article admin interface code
*/
public void attach(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc {
String mediaIdParam = aRequest.getParameter("mid");
String articleId = aRequest.getParameter("articleid");
-
if (articleId == null || mediaIdParam==null)
throw new ServletModuleExc("smod content :: attach :: articleid/mid missing");
-
+ // check if mediaIdParam and articleid are correct integers
+ try
+ {
+ Integer.parseInt(mediaIdParam);
+ Integer.parseInt(articleId);
+ }
+ catch(NumberFormatException e)
+ {
+ throw new ServletModuleExc("smod content :: attach :: invalid articleid/mid");
+ }
+
if (!MirGlobal.accessControl().article().mayEditArticle(ServletHelper.getUser(aRequest), articleId))
throw new ServletModuleExc("Article has been locked");
if (articleId == null)
throw new ServletModuleExc("ServletModuleContent.listchildren: article_id not set!");
- returnList(aRequest, aResponse, "to_content = " + articleId, "webdb_create desc", 0, null);
+ returnList(aRequest, aResponse, "to_content = " + articleId, "webdb_create desc", 0);
}
catch (Throwable e) {
throw new ServletModuleFailure(e);