upd: use a more strict pattern for handling forms

[gigi.git] / src / org / cacert / gigi / pages / PasswordResetPage.java

diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java
index 45abb59c8978ba1d29c5b844217cface94673124..4ac3b188ab10ffac60adf4e859835a11193b797a 100644 (file)
--- a/src/org/cacert/gigi/pages/PasswordResetPage.java
+++ b/src/org/cacert/gigi/pages/PasswordResetPage.java
@@ -17,6 +17,7 @@ import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.MailTemplate;
 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.HTMLEncoder;
 import org.cacert.gigi.util.RandomToken;
 import org.cacert.gigi.util.ServerConstants;
 
@@ -58,7 +59,7 @@ public class PasswordResetPage extends Page {
         }
 
         @Override
-        public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+        public boolean submit(HttpServletRequest req) throws GigiApiException {
             try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) {
                 passwordReset.setInt(1, HOUR_MAX);
                 passwordReset.execute();
@@ -88,14 +89,13 @@ public class PasswordResetPage extends Page {
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
-        try {
-            form.submit(resp.getWriter(), req);
-            resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful."));
+        PrintWriter w = resp.getWriter();
+        if (form.submitProtected(w, req)) {
+            w.println("<div class='alert alert-success'>");
+            w.println(HTMLEncoder.encodeHTML(getLanguage(req).getTranslation("Password reset successful.")));
+            w.println("</div>");
             return;
-        } catch (GigiApiException e) {
-            e.format(resp.getWriter(), getLanguage(req));
         }
-        form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
     }
 
     @Override
@@ -114,7 +114,7 @@ public class PasswordResetPage extends Page {
 
     private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ"));
 
-    public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
+    public static void initPasswordResetProcess(User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
         String ptok = RandomToken.generateToken(32);
         int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword);
         try {
@@ -126,7 +126,6 @@ public class PasswordResetPage extends Page {
             vars.put("hour_max", HOUR_MAX);
 
             passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail());
-            out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
         } catch (IOException e) {
             e.printStackTrace();
         }