Skip to content

Commit 0d77db6

Browse files
committed
Merge branch 'main' of https://github.com/Schlaumeier5/student-database into v1.0.1
2 parents eb538a9 + 39e17a7 commit 0d77db6

File tree

2 files changed

+5
-3
lines changed

2 files changed

+5
-3
lines changed

src/main/java/de/igslandstuhl/database/server/webserver/handlers/PostRequestHandler.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,9 @@ public static <T extends APIObject> PostResponse handleObjectAction(APIPostReque
169169
public static void registerHandlers() {
170170
HttpHandler.registerPostRequestHandler("/login", AccessLevel.PUBLIC, (rq) -> {
171171
String username = prepare(rq.getString("username"), false);
172-
String password = prepare(rq.getString("password"), false);
172+
// Do not sanitize / url-decode password to allow special characters like %
173+
// This is safe as we calculate the hash value anyways
174+
String password = rq.getString("password");
173175
// Check login credentials in the database
174176
if (Server.getInstance().isValidUser(username, password)) {
175177
SessionManager manager = Server.getInstance().getWebServer().getSessionManager();
@@ -332,7 +334,7 @@ public static void registerHandlers() {
332334
HttpHandler.registerPostRequestHandler("/grade-list", AccessLevel.PUBLIC, (rq) -> {
333335
return PostResponse.ok(JSONUtils.toJSON(rq.getSubject().getGrades()), ContentType.JSON, rq);
334336
});
335-
HttpHandler.registerPostRequestHandler("/topic-list", AccessLevel.ADMIN, (rq) -> {
337+
HttpHandler.registerPostRequestHandler("/topic-list", AccessLevel.STUDENT, (rq) -> {
336338
return PostResponse.ok(JSONUtils.toJSON(rq.getSubject().getTopics(rq.getInt("grade"))), ContentType.JSON, rq);
337339
});
338340
HttpHandler.registerPostRequestHandler("/class-subjects", AccessLevel.ADMIN, (rq) -> {

src/main/resources/js/admin/build_teacher.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ async function onClassChange(event) {
8282
}
8383
async function populateSubjectStudentList(event) {
8484
const subjectSelect = document.getElementById('subjectSelect');
85-
const classSelect = document.getElementById('classSelect');
85+
const classSelect = document.getElementById('classSelectSubject');
8686
const selectedClassId = classSelect.value;
8787

8888
if (!selectedClassId) {

0 commit comments

Comments
 (0)