aboutsummaryrefslogtreecommitdiff
path: root/src/tw
diff options
context:
space:
mode:
authoriximeow <me@iximeow.net>2018-01-15 12:21:27 -0800
committeriximeow <me@iximeow.net>2018-01-15 12:24:15 -0800
commit7b84985857fd9bd1756439383f1a1ae82f9bd57a (patch)
treed1cf1a1891d7eb1ac05da483e3638f1b0b1c815a /src/tw
parent935c78ce7d2aaabca269d81cff3459cef1084fbc (diff)
ensure all query string parameters are properly escaped
also un-escape html-encoded characters in DMs also distinguish errors in auth commands
Diffstat (limited to 'src/tw')
-rw-r--r--src/tw/mod.rs15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/tw/mod.rs b/src/tw/mod.rs
index 9a14b11..63b8f07 100644
--- a/src/tw/mod.rs
+++ b/src/tw/mod.rs
@@ -571,10 +571,10 @@ impl TwitterProfile {
}
}
pub fn get_settings(&self, queryer: &mut ::Queryer, app_key: &Credential) -> Result<serde_json::Value, String> {
- queryer.do_api_get(::ACCOUNT_SETTINGS_URL, app_key, &self.creds)
+ queryer.do_api_get_noparam(::ACCOUNT_SETTINGS_URL, app_key, &self.creds)
}
pub fn get_followers(&self, queryer: &mut ::Queryer, app_key: &Credential) -> Result<serde_json::Value, String> {
- queryer.do_api_get(::GET_FOLLOWER_IDS_URL, app_key, &self.creds)
+ queryer.do_api_get_noparam(::GET_FOLLOWER_IDS_URL, app_key, &self.creds)
}
pub fn set_following(&mut self, user_ids: Vec<String>) -> (Vec<String>, Vec<String>) {
let uid_set = user_ids.into_iter().collect::<HashSet<String>>();
@@ -1096,17 +1096,15 @@ impl TwitterCache {
}
fn look_up_user(&mut self, id: &str, queryer: &mut ::Queryer) -> Result<serde_json::Value, String> {
- let url = &format!("{}?user_id={}", ::USER_LOOKUP_URL, id);
match self.current_profile() {
- Some(ref user_profile) => queryer.do_api_get(url, &self.app_key, &user_profile.creds),
+ Some(ref user_profile) => queryer.do_api_get(::USER_LOOKUP_URL, &vec![("user_id", id)], &self.app_key, &user_profile.creds),
None => Err("No authorized user to conduct lookup".to_owned())
}
}
fn look_up_tweet(&mut self, id: &str, queryer: &mut ::Queryer) -> Result<serde_json::Value, String> {
- let url = &format!("{}&id={}", ::TWEET_LOOKUP_URL, id);
match self.current_profile() {
- Some(ref user_profile) => queryer.do_api_get(url, &self.app_key, &user_profile.creds),
+ Some(ref user_profile) => queryer.do_api_get(::TWEET_LOOKUP_URL, &vec![("id", id)], &self.app_key, &user_profile.creds),
None => Err("No authorized user to conduct lookup".to_owned())
}
}
@@ -1202,7 +1200,10 @@ fn handle_twitter_dm(
// show DM
tweeter.cache_api_user(structure["direct_message"]["recipient"].clone());
tweeter.cache_api_user(structure["direct_message"]["sender"].clone());
- let dm_text = structure["direct_message"]["text"].as_str().unwrap().to_string();
+ let dm_text = structure["direct_message"]["text"].as_str().unwrap().to_string()
+ .replace("&amp;", "&")
+ .replace("&gt;", ">")
+ .replace("&lt;", "<");
let to = structure["direct_message"]["recipient_id_str"].as_str().unwrap().to_string();
let from = structure["direct_message"]["sender_id_str"].as_str().unwrap().to_string();
display_info.recv(display::Infos::DM(dm_text, from, to));