add: prevent supporters from modifying their own accounts via support

[gigi.git] / src / org / cacert / gigi / pages / OneFormPage.java

diff --git a/src/org/cacert/gigi/pages/OneFormPage.java b/src/org/cacert/gigi/pages/OneFormPage.java
index 6afee7097a26d9cd876edb6d5a38d8134456e2ce..cfcc1983167675cffe15ff5a53218426e0c31ce8 100644 (file)
--- a/src/org/cacert/gigi/pages/OneFormPage.java
+++ b/src/org/cacert/gigi/pages/OneFormPage.java
@@ -9,7 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.output.template.Form;
 
-public class OneFormPage extends Page {
+public abstract class OneFormPage extends Page {
 
     Class<? extends Form> c;
 
@@ -20,10 +20,9 @@ public class OneFormPage extends Page {
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        try {
-            Form.getForm(req, c).submit(resp.getWriter(), req);
-        } catch (GigiApiException e) {
-            e.format(resp.getWriter(), getLanguage(req));
+        Form form = Form.getForm(req, c);
+        if (form.submitProtected(resp.getWriter(), req)) {
+            resp.sendRedirect(getSuccessPath(form));
         }
     }
 
@@ -32,8 +31,10 @@ public class OneFormPage extends Page {
         try {
             c.getConstructor(HttpServletRequest.class).newInstance(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
         } catch (ReflectiveOperationException e) {
-            new GigiApiException(e.getMessage()).format(resp.getWriter(), getLanguage(req));
+            new GigiApiException().format(resp.getWriter(), getLanguage(req));
         }
     }
 
+    public abstract String getSuccessPath(Form f);
+
 }