X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FMailCertificates.java;h=2fa6ac097e249b35628bf23312c2f5c5302ecdaf;hb=3eecb2d9825692b4af04ea96372fd03de54809f1;hp=6eae585a2c787cee2ab2691712e58346713feffc;hpb=e9336bb2781a287a5542179208a869acd17c9a5a;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/MailCertificates.java b/src/org/cacert/gigi/pages/account/MailCertificates.java index 6eae585a..2fa6ac09 100644 --- a/src/org/cacert/gigi/pages/account/MailCertificates.java +++ b/src/org/cacert/gigi/pages/account/MailCertificates.java @@ -27,15 +27,17 @@ public class MailCertificates extends Page { } @Override - public void doGet(HttpServletRequest req, HttpServletResponse resp) - throws IOException { + public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { PrintWriter out = resp.getWriter(); String pi = req.getPathInfo().substring(PATH.length()); if (pi.length() != 0) { pi = pi.substring(1); int id = Integer.parseInt(pi); Certificate c = new Certificate(id); - // TODO check ownership + if (LoginPage.getUser(req).getId() != c.getOwnerId()) { + out.println(translate(req, "You do not own this certificate.")); + return; + } out.println("
"); try { out.print(c.cert()); @@ -51,10 +53,8 @@ public class MailCertificates extends Page { HashMapvars = new HashMap (); User us = LoginPage.getUser(req); try { - PreparedStatement ps = DatabaseConnection - .getInstance() - .prepare( - "SELECT `id`, `CN`, `serial`, `revoked`, `expire`, `disablelogin` FROM `emailcerts` WHERE `memid`=?"); + PreparedStatement ps = DatabaseConnection.getInstance().prepare( + "SELECT `id`, `CN`, `serial`, `revoked`, `expire`, `disablelogin` FROM `emailcerts` WHERE `memid`=?"); ps.setInt(1, us.getId()); ResultSet rs = ps.executeQuery(); vars.put("mailcerts", rs);