diff options
author | iximeow <me@iximeow.net> | 2018-01-15 12:54:17 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-15 12:54:17 -0800 |
commit | b81bbb7ea3684f7bd5eb39c3429f339a1d92721c (patch) | |
tree | d1cf1a1891d7eb1ac05da483e3638f1b0b1c815a /src/tw | |
parent | 0668cdd7d5e800d8c7e8b1c0853f8b747179356f (diff) | |
parent | 7b84985857fd9bd1756439383f1a1ae82f9bd57a (diff) |
Merge pull request #7 from iximeow/escape-the-query-string
ensure all query string parameters are properly escaped
Diffstat (limited to 'src/tw')
-rw-r--r-- | src/tw/mod.rs | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/tw/mod.rs b/src/tw/mod.rs index 9a14b11..63b8f07 100644 --- a/src/tw/mod.rs +++ b/src/tw/mod.rs @@ -571,10 +571,10 @@ impl TwitterProfile { } } pub fn get_settings(&self, queryer: &mut ::Queryer, app_key: &Credential) -> Result<serde_json::Value, String> { - queryer.do_api_get(::ACCOUNT_SETTINGS_URL, app_key, &self.creds) + queryer.do_api_get_noparam(::ACCOUNT_SETTINGS_URL, app_key, &self.creds) } pub fn get_followers(&self, queryer: &mut ::Queryer, app_key: &Credential) -> Result<serde_json::Value, String> { - queryer.do_api_get(::GET_FOLLOWER_IDS_URL, app_key, &self.creds) + queryer.do_api_get_noparam(::GET_FOLLOWER_IDS_URL, app_key, &self.creds) } pub fn set_following(&mut self, user_ids: Vec<String>) -> (Vec<String>, Vec<String>) { let uid_set = user_ids.into_iter().collect::<HashSet<String>>(); @@ -1096,17 +1096,15 @@ impl TwitterCache { } fn look_up_user(&mut self, id: &str, queryer: &mut ::Queryer) -> Result<serde_json::Value, String> { - let url = &format!("{}?user_id={}", ::USER_LOOKUP_URL, id); match self.current_profile() { - Some(ref user_profile) => queryer.do_api_get(url, &self.app_key, &user_profile.creds), + Some(ref user_profile) => queryer.do_api_get(::USER_LOOKUP_URL, &vec![("user_id", id)], &self.app_key, &user_profile.creds), None => Err("No authorized user to conduct lookup".to_owned()) } } fn look_up_tweet(&mut self, id: &str, queryer: &mut ::Queryer) -> Result<serde_json::Value, String> { - let url = &format!("{}&id={}", ::TWEET_LOOKUP_URL, id); match self.current_profile() { - Some(ref user_profile) => queryer.do_api_get(url, &self.app_key, &user_profile.creds), + Some(ref user_profile) => queryer.do_api_get(::TWEET_LOOKUP_URL, &vec![("id", id)], &self.app_key, &user_profile.creds), None => Err("No authorized user to conduct lookup".to_owned()) } } @@ -1202,7 +1200,10 @@ fn handle_twitter_dm( // show DM tweeter.cache_api_user(structure["direct_message"]["recipient"].clone()); tweeter.cache_api_user(structure["direct_message"]["sender"].clone()); - let dm_text = structure["direct_message"]["text"].as_str().unwrap().to_string(); + let dm_text = structure["direct_message"]["text"].as_str().unwrap().to_string() + .replace("&", "&") + .replace(">", ">") + .replace("<", "<"); let to = structure["direct_message"]["recipient_id_str"].as_str().unwrap().to_string(); let from = structure["direct_message"]["sender_id_str"].as_str().unwrap().to_string(); display_info.recv(display::Infos::DM(dm_text, from, to)); |