Started work on Post page, finally making ButtonPresents vulnerable to XSS
This commit is contained in:
parent
bab80b2a74
commit
d25a0536ba
|
@ -16,6 +16,7 @@ import buttondevteam.presents.hello.effects.HelloParticle;
|
|||
import buttondevteam.presents.hello.effects.HelloSound;
|
||||
import buttondevteam.presents.hello.pages.HelloDataPage;
|
||||
import buttondevteam.presents.hello.pages.HelloLocationPage;
|
||||
import buttondevteam.presents.hello.pages.HelloPOSTPage;
|
||||
import buttondevteam.presents.hello.pages.HelloPlayersPage;
|
||||
import buttondevteam.presents.hello.pages.HelloWorldPage;
|
||||
|
||||
|
@ -39,5 +40,6 @@ public class HelloComponent extends Component{
|
|||
this.addPage(plugin, new HelloDataPage());
|
||||
this.addPage(plugin, new HelloPlayersPage(plugin));
|
||||
this.addPage(plugin, new HelloLocationPage(plugin));
|
||||
this.addPage(plugin, new HelloPOSTPage(plugin));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
package buttondevteam.presents.hello.pages;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.bukkit.plugin.java.JavaPlugin;
|
||||
|
||||
import com.sun.net.httpserver.HttpExchange;
|
||||
|
||||
import buttondevteam.website.io.Response;
|
||||
import buttondevteam.website.page.Page;
|
||||
|
||||
public class HelloPOSTPage extends Page {
|
||||
JavaPlugin plugin;
|
||||
String saveFilePath = "hello.pages.hellopostpage.saved";
|
||||
public HelloPOSTPage(JavaPlugin plugin) {
|
||||
this.plugin = plugin;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String GetName() {
|
||||
return "ali/hello/post";
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response handlePage(HttpExchange exchange) {
|
||||
String responseString = "";
|
||||
if(exchange.getRequestMethod() == "post"){
|
||||
int c;
|
||||
try {
|
||||
while((c = exchange.getRequestBody().read()) != -1){
|
||||
responseString += (char) c;
|
||||
}
|
||||
} catch (IOException e) {
|
||||
responseString += "Error! Reading message failed";
|
||||
return new Response(200, responseString, exchange);
|
||||
|
||||
}
|
||||
plugin.getConfig().set(saveFilePath, responseString);
|
||||
plugin.saveConfig();
|
||||
}else{
|
||||
responseString += plugin.getConfig().getString(saveFilePath);
|
||||
}
|
||||
return new Response(200, responseString, exchange);
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue