Merge branch 'main' of https://github.com/Schlaumeier5/student-database into v1.0.1

Schlaumeier5 · Schlaumeier5 · commit 0d77db6fac87 · 2025-09-22T16:14:53.000+02:00
diff --git a/src/main/java/de/igslandstuhl/database/server/webserver/handlers/PostRequestHandler.java b/src/main/java/de/igslandstuhl/database/server/webserver/handlers/PostRequestHandler.java
@@ -169,7 +169,9 @@ public static <T extends APIObject> PostResponse handleObjectAction(APIPostReque
     public static void registerHandlers() {
         HttpHandler.registerPostRequestHandler("/login", AccessLevel.PUBLIC, (rq) -> {
             String username = prepare(rq.getString("username"), false);
-            String password = prepare(rq.getString("password"), false);
+            // Do not sanitize / url-decode password to allow special characters like %
+            // This is safe as we calculate the hash value anyways
+            String password = rq.getString("password");
             // Check login credentials in the database
             if (Server.getInstance().isValidUser(username, password)) {
                 SessionManager manager = Server.getInstance().getWebServer().getSessionManager();
@@ -332,7 +334,7 @@ public static void registerHandlers() {
         HttpHandler.registerPostRequestHandler("/grade-list", AccessLevel.PUBLIC, (rq) -> {
             return PostResponse.ok(JSONUtils.toJSON(rq.getSubject().getGrades()), ContentType.JSON, rq);
         });
-        HttpHandler.registerPostRequestHandler("/topic-list", AccessLevel.ADMIN, (rq) -> {
+        HttpHandler.registerPostRequestHandler("/topic-list", AccessLevel.STUDENT, (rq) -> {
             return PostResponse.ok(JSONUtils.toJSON(rq.getSubject().getTopics(rq.getInt("grade"))), ContentType.JSON, rq);
         });
         HttpHandler.registerPostRequestHandler("/class-subjects", AccessLevel.ADMIN, (rq) -> {
diff --git a/src/main/resources/js/admin/build_teacher.js b/src/main/resources/js/admin/build_teacher.js
@@ -82,7 +82,7 @@ async function onClassChange(event) {
 }
 async function populateSubjectStudentList(event) {
   const subjectSelect = document.getElementById('subjectSelect');
-  const classSelect = document.getElementById('classSelect');
+  const classSelect = document.getElementById('classSelectSubject');
   const selectedClassId = classSelect.value;
 
   if (!selectedClassId) {

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ async function onClassChange(event) {`
`82`	`82`	`}`
`83`	`83`	`async function populateSubjectStudentList(event) {`
`84`	`84`	`const subjectSelect = document.getElementById('subjectSelect');`
`85`		`- const classSelect = document.getElementById('classSelect');`
	`85`	`+ const classSelect = document.getElementById('classSelectSubject');`
`86`	`86`	`const selectedClassId = classSelect.value;`
`87`	`87`
`88`	`88`	`if (!selectedClassId) {`