X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fnet%2Fpterodactylus%2Fsone%2Fweb%2Fajax%2FEditAlbumAjaxPage.java;h=0e72ea5738af58e996913b487efe139f9fb7e9cf;hb=a88e930a23b550dae75116d7759924d760941776;hp=53f04664f5a84976b8338cf9b2efd4648d896cb0;hpb=4f92a116596bf5d42c5b8beadb5df2bc8149e809;p=Sone.git diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/EditAlbumAjaxPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/EditAlbumAjaxPage.java index 53f0466..0e72ea5 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/EditAlbumAjaxPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/EditAlbumAjaxPage.java @@ -1,5 +1,5 @@ /* - * Sone - EditAlbumAjaxPage.java - Copyright © 2011 David Roden + * Sone - EditAlbumAjaxPage.java - Copyright © 2011–2012 David Roden * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,6 +18,7 @@ package net.pterodactylus.sone.web.ajax; import net.pterodactylus.sone.data.Album; +import net.pterodactylus.sone.text.TextFilter; import net.pterodactylus.sone.web.WebInterface; import net.pterodactylus.sone.web.page.FreenetRequest; import net.pterodactylus.util.json.JsonObject; @@ -53,7 +54,7 @@ public class EditAlbumAjaxPage extends JsonPage { if (album == null) { return createErrorJsonObject("invalid-album-id"); } - if (!webInterface.getCore().isLocalSone(album.getSone())) { + if (!album.getSone().isLocal()) { return createErrorJsonObject("not-authorized"); } if ("true".equals(request.getHttpRequest().getParam("moveLeft"))) { @@ -68,7 +69,7 @@ public class EditAlbumAjaxPage extends JsonPage { } String title = request.getHttpRequest().getParam("title").trim(); String description = request.getHttpRequest().getParam("description").trim(); - album.setTitle(title).setDescription(description); + album.setTitle(title).setDescription(TextFilter.filter(request.getHttpRequest().getHeader("host"), description)); webInterface.getCore().touchConfiguration(); return createSuccessJsonObject().put("albumId", album.getId()).put("title", album.getTitle()).put("description", album.getDescription()); }