aboutsummaryrefslogtreecommitdiff
path: root/src/commands
diff options
context:
space:
mode:
authoriximeow <me@iximeow.net>2018-01-15 12:54:17 -0800
committerGitHub <noreply@github.com>2018-01-15 12:54:17 -0800
commitb81bbb7ea3684f7bd5eb39c3429f339a1d92721c (patch)
treed1cf1a1891d7eb1ac05da483e3638f1b0b1c815a /src/commands
parent0668cdd7d5e800d8c7e8b1c0853f8b747179356f (diff)
parent7b84985857fd9bd1756439383f1a1ae82f9bd57a (diff)
Merge pull request #7 from iximeow/escape-the-query-string
ensure all query string parameters are properly escaped
Diffstat (limited to 'src/commands')
-rw-r--r--src/commands/auth.rs28
-rw-r--r--src/commands/dm.rs7
-rw-r--r--src/commands/fav.rs4
-rw-r--r--src/commands/follow.rs5
-rw-r--r--src/commands/twete.rs33
5 files changed, 52 insertions, 25 deletions
diff --git a/src/commands/auth.rs b/src/commands/auth.rs
index 17503d5..08588dd 100644
--- a/src/commands/auth.rs
+++ b/src/commands/auth.rs
@@ -29,7 +29,14 @@ fn auth(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, dis
// callback set to oob so the user will later get a PIN.
// step 1: now present the correect oauth/authorize URL
// this is as far as auth can get (rest depends on user PIN'ing with the right thing)
- let res = queryer.raw_issue_request(::signed_api_req(&format!("{}?oauth_callback=oob", OAUTH_REQUEST_TOKEN_URL), hyper::Method::Post, &tweeter.app_key));
+ let res = queryer.raw_issue_request(
+ ::signed_api_req(
+ OAUTH_REQUEST_TOKEN_URL,
+ &vec![("oauth_callback", "oob")],
+ hyper::Method::Post,
+ &tweeter.app_key
+ )
+ );
match res {
Ok(bytes) =>
match std::str::from_utf8(&bytes) {
@@ -49,7 +56,7 @@ fn auth(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, dis
display_info.status("couldn't rebuild url".to_owned())
},
Err(e) =>
- display_info.status(format!("request token url error: {}", e))
+ display_info.status(format!("error starting auth: {}", e))
};
}
@@ -67,7 +74,15 @@ fn pin(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, disp
return;
}
- let res = queryer.raw_issue_request(::signed_api_req_with_token(&format!("{}?oauth_verifier={}", OAUTH_ACCESS_TOKEN_URL, line), hyper::Method::Post, &tweeter.app_key, &tweeter.WIP_auth.clone().unwrap()));
+ let res = queryer.raw_issue_request(
+ ::signed_api_req_with_token(
+ OAUTH_ACCESS_TOKEN_URL,
+ &vec![("oauth_verifier", &line)],
+ hyper::Method::Post,
+ &tweeter.app_key,
+ &tweeter.WIP_auth.clone().unwrap()
+ )
+ );
match res {
Ok(bytes) =>
match std::str::from_utf8(&bytes) {
@@ -97,7 +112,7 @@ fn pin(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, disp
secret: as_map["oauth_token_secret"].to_owned()
};
- match queryer.do_api_get(::ACCOUNT_SETTINGS_URL, &tweeter.app_key, &user_credential) {
+ match queryer.do_api_get_noparam(::ACCOUNT_SETTINGS_URL, &tweeter.app_key, &user_credential) {
Ok(settings) => {
let user_handle = settings["screen_name"].as_str().unwrap().to_owned();
/*
@@ -105,7 +120,8 @@ fn pin(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, disp
* largely the same logic as `look_up_user`.
*/
let looked_up_user = queryer.do_api_get(
- &format!("{}?screen_name={}", ::USER_LOOKUP_URL, user_handle),
+ ::USER_LOOKUP_URL,
+ &vec![("screen_name", &user_handle)],
&tweeter.app_key,
&user_credential
).and_then(|json| tw::user::User::from_json(json));
@@ -136,6 +152,6 @@ fn pin(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, disp
display_info.status("couldn't rebuild url".to_owned())
},
Err(e) =>
- display_info.status(format!("request token url error: {}", e))
+ display_info.status(format!("pin submission error: {}", e))
};
}
diff --git a/src/commands/dm.rs b/src/commands/dm.rs
index 95f65b7..f6fcbfd 100644
--- a/src/commands/dm.rs
+++ b/src/commands/dm.rs
@@ -42,7 +42,12 @@ fn dm(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, displ
let encoded = ::url_encode(dm_text);
let result = match tweeter.current_profile() {
Some(user_profile) => {
- queryer.do_api_post(&format!("{}?text={}&screen_name={}", DM_CREATE_URL, encoded, normalized_handle), &tweeter.app_key, &user_profile.creds)
+ queryer.do_api_post(
+ DM_CREATE_URL,
+ &vec![("text", &encoded), ("screen_name", &normalized_handle)],
+ &tweeter.app_key,
+ &user_profile.creds
+ )
},
None => Err("No logged in user to DM as".to_owned())
};
diff --git a/src/commands/fav.rs b/src/commands/fav.rs
index 02ec7dd..d853a0d 100644
--- a/src/commands/fav.rs
+++ b/src/commands/fav.rs
@@ -23,7 +23,7 @@ fn unfav(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, di
Ok(twid) => {
if let Some(twete) = tweeter.retrieve_tweet(&twid) {
let result = match tweeter.current_profile() {
- Some(user_profile) => queryer.do_api_post(&format!("{}?id={}", UNFAV_TWEET_URL, twete.id), &tweeter.app_key, &user_profile.creds),
+ Some(user_profile) => queryer.do_api_post(UNFAV_TWEET_URL, &vec![("id", &twete.id)], &tweeter.app_key, &user_profile.creds),
None => Err("No logged in user to unfav from".to_owned())
};
match result {
@@ -55,7 +55,7 @@ fn fav(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, disp
// tweeter.to_twitter_tweet_id(twid)...
if let Some(twete) = tweeter.retrieve_tweet(&twid) {
let result = match tweeter.current_profile() {
- Some(user_profile) => queryer.do_api_post(&format!("{}?id={}", FAV_TWEET_URL, twete.id), &tweeter.app_key, &user_profile.creds),
+ Some(user_profile) => queryer.do_api_post(FAV_TWEET_URL, &vec![("id", &twete.id)], &tweeter.app_key, &user_profile.creds),
None => Err("No logged in user to fav from".to_owned())
};
match result {
diff --git a/src/commands/follow.rs b/src/commands/follow.rs
index bc767d5..cd046c6 100644
--- a/src/commands/follow.rs
+++ b/src/commands/follow.rs
@@ -19,7 +19,7 @@ fn unfl(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, dis
let screen_name = line.trim();
let result = match tweeter.current_profile() {
Some(user_profile) => {
- queryer.do_api_post(&format!("{}?screen_name={}", FOLLOW_URL, screen_name), &tweeter.app_key, &user_profile.creds)
+ queryer.do_api_post(FOLLOW_URL, &vec![("screen_name", &screen_name)], &tweeter.app_key, &user_profile.creds)
},
None => Err("No logged in user to unfollow from".to_owned())
};
@@ -45,7 +45,8 @@ fn fl(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, displ
format!(
"fl resp: {:?}",
queryer.do_api_post(
- &format!("{}?screen_name={}", UNFOLLOW_URL, screen_name),
+ UNFOLLOW_URL,
+ &vec![("screen_name", &screen_name)],
&tweeter.app_key,
&user_profile.creds
)
diff --git a/src/commands/twete.rs b/src/commands/twete.rs
index 450c225..eded0db 100644
--- a/src/commands/twete.rs
+++ b/src/commands/twete.rs
@@ -24,7 +24,7 @@ fn del(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, disp
// TODO this really converts twid to a TweetId::Twitter
if let Some(twitter_id) = tweeter.retrieve_tweet(&twid).map(|x| x.id.to_owned()) {
let result = match tweeter.current_profile() {
- Some(user_profile) => queryer.do_api_post(&format!("{}/{}.json", DEL_TWEET_URL, twitter_id), &tweeter.app_key, &user_profile.creds),
+ Some(user_profile) => queryer.do_api_post_noparam(&format!("{}/{}.json", DEL_TWEET_URL, twitter_id), &tweeter.app_key, &user_profile.creds),
None => Err("No logged in user to delete as".to_owned())
};
match result {
@@ -61,9 +61,13 @@ fn twete(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, di
}
pub fn send_twete(text: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, display_info: &mut DisplayInfo) {
- let substituted = ::url_encode(&text);
let result = match tweeter.current_profile() {
- Some(user_profile) => queryer.do_api_post(&format!("{}?status={}", CREATE_TWEET_URL, substituted), &tweeter.app_key, &user_profile.creds),
+ Some(user_profile) => queryer.do_api_post(
+ CREATE_TWEET_URL,
+ &vec![("status", &text)],
+ &tweeter.app_key,
+ &user_profile.creds
+ ),
None => Err("No logged in user to tweet as".to_owned())
};
match result {
@@ -202,7 +206,12 @@ pub fn send_reply(text: String, twid: TweetId, tweeter: &mut tw::TwitterCache, q
let substituted = ::url_encode(&text);
let result = match tweeter.current_profile() {
Some(user_profile) => {
- queryer.do_api_post(&format!("{}?status={}&in_reply_to_status_id={}", CREATE_TWEET_URL, substituted, twete.id), &tweeter.app_key, &user_creds)
+ queryer.do_api_post(
+ CREATE_TWEET_URL,
+ &vec![("status", &text), ("in_reply_to_status_id", &twete.id)],
+ &tweeter.app_key,
+ &user_creds
+ )
},
None => Err("No logged in user to tweet as".to_owned())
};
@@ -234,22 +243,18 @@ fn quote(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer, di
match maybe_id {
Ok(twid) => {
if let Some(twete) = tweeter.retrieve_tweet(&twid).map(|x| x.clone()) { // TODO: no clone when this stops taking &mut self
- let substituted = ::url_encode(reply);
- let attachment_url = ::url_encode(
+ let attachment_url =
&format!(
"https://www.twitter.com/{}/status/{}",
tweeter.retrieve_user(&twete.author_id).unwrap().handle, // TODO: for now this is ok ish, if we got the tweet we have the author
twete.id
- )
- );
+ );
let result = match tweeter.current_profile() {
Some(user_profile) => {
queryer.do_api_post(
- &format!("{}?status={}&attachment_url={}",
- CREATE_TWEET_URL,
- substituted,
- attachment_url
- ),
+ CREATE_TWEET_URL,
+ &vec![("status", reply), ("attachment_url", attachment_url)],
+
&tweeter.app_key,
&user_profile.creds
)
@@ -291,7 +296,7 @@ fn retwete(line: String, tweeter: &mut tw::TwitterCache, queryer: &mut Queryer,
if let Some(twitter_id) = tweeter.retrieve_tweet(&twid).map(|x| x.id.to_owned()) {
let result = match tweeter.current_profile() {
Some(user_profile) => {
- queryer.do_api_post(&format!("{}/{}.json", RT_TWEET_URL, twitter_id), &tweeter.app_key, &user_profile.creds)
+ queryer.do_api_post_noparam(&format!("{}/{}.json", RT_TWEET_URL, twitter_id), &tweeter.app_key, &user_profile.creds)
},
None => Err("No logged in user to retweet as".to_owned())
};