X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FMailCertificates.java;h=2fa6ac097e249b35628bf23312c2f5c5302ecdaf;hb=3eecb2d9825692b4af04ea96372fd03de54809f1;hp=6eae585a2c787cee2ab2691712e58346713feffc;hpb=e9336bb2781a287a5542179208a869acd17c9a5a;p=gigi.git diff --git a/src/org/cacert/gigi/pages/account/MailCertificates.java b/src/org/cacert/gigi/pages/account/MailCertificates.java index 6eae585a..2fa6ac09 100644 --- a/src/org/cacert/gigi/pages/account/MailCertificates.java +++ b/src/org/cacert/gigi/pages/account/MailCertificates.java @@ -27,15 +27,17 @@ public class MailCertificates extends Page { } @Override - public void doGet(HttpServletRequest req, HttpServletResponse resp) - throws IOException { + public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { PrintWriter out = resp.getWriter(); String pi = req.getPathInfo().substring(PATH.length()); if (pi.length() != 0) { pi = pi.substring(1); int id = Integer.parseInt(pi); Certificate c = new Certificate(id); - // TODO check ownership + if (LoginPage.getUser(req).getId() != c.getOwnerId()) { + out.println(translate(req, "You do not own this certificate.")); + return; + } out.println("
");
 			try {
 				out.print(c.cert());
@@ -51,10 +53,8 @@ public class MailCertificates extends Page {
 		HashMap vars = new HashMap();
 		User us = LoginPage.getUser(req);
 		try {
-			PreparedStatement ps = DatabaseConnection
-					.getInstance()
-					.prepare(
-							"SELECT `id`, `CN`, `serial`, `revoked`, `expire`, `disablelogin` FROM `emailcerts` WHERE `memid`=?");
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+				"SELECT `id`, `CN`, `serial`, `revoked`, `expire`, `disablelogin` FROM `emailcerts` WHERE `memid`=?");
 			ps.setInt(1, us.getId());
 			ResultSet rs = ps.executeQuery();
 			vars.put("mailcerts", rs);