From 7b84985857fd9bd1756439383f1a1ae82f9bd57a Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 15 Jan 2018 12:21:27 -0800 Subject: ensure all query string parameters are properly escaped also un-escape html-encoded characters in DMs also distinguish errors in auth commands --- src/tw/mod.rs | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'src/tw') diff --git a/src/tw/mod.rs b/src/tw/mod.rs index 9a14b11..63b8f07 100644 --- a/src/tw/mod.rs +++ b/src/tw/mod.rs @@ -571,10 +571,10 @@ impl TwitterProfile { } } pub fn get_settings(&self, queryer: &mut ::Queryer, app_key: &Credential) -> Result { - queryer.do_api_get(::ACCOUNT_SETTINGS_URL, app_key, &self.creds) + queryer.do_api_get_noparam(::ACCOUNT_SETTINGS_URL, app_key, &self.creds) } pub fn get_followers(&self, queryer: &mut ::Queryer, app_key: &Credential) -> Result { - queryer.do_api_get(::GET_FOLLOWER_IDS_URL, app_key, &self.creds) + queryer.do_api_get_noparam(::GET_FOLLOWER_IDS_URL, app_key, &self.creds) } pub fn set_following(&mut self, user_ids: Vec) -> (Vec, Vec) { let uid_set = user_ids.into_iter().collect::>(); @@ -1096,17 +1096,15 @@ impl TwitterCache { } fn look_up_user(&mut self, id: &str, queryer: &mut ::Queryer) -> Result { - let url = &format!("{}?user_id={}", ::USER_LOOKUP_URL, id); match self.current_profile() { - Some(ref user_profile) => queryer.do_api_get(url, &self.app_key, &user_profile.creds), + Some(ref user_profile) => queryer.do_api_get(::USER_LOOKUP_URL, &vec![("user_id", id)], &self.app_key, &user_profile.creds), None => Err("No authorized user to conduct lookup".to_owned()) } } fn look_up_tweet(&mut self, id: &str, queryer: &mut ::Queryer) -> Result { - let url = &format!("{}&id={}", ::TWEET_LOOKUP_URL, id); match self.current_profile() { - Some(ref user_profile) => queryer.do_api_get(url, &self.app_key, &user_profile.creds), + Some(ref user_profile) => queryer.do_api_get(::TWEET_LOOKUP_URL, &vec![("id", id)], &self.app_key, &user_profile.creds), None => Err("No authorized user to conduct lookup".to_owned()) } } @@ -1202,7 +1200,10 @@ fn handle_twitter_dm( // show DM tweeter.cache_api_user(structure["direct_message"]["recipient"].clone()); tweeter.cache_api_user(structure["direct_message"]["sender"].clone()); - let dm_text = structure["direct_message"]["text"].as_str().unwrap().to_string(); + let dm_text = structure["direct_message"]["text"].as_str().unwrap().to_string() + .replace("&", "&") + .replace(">", ">") + .replace("<", "<"); let to = structure["direct_message"]["recipient_id_str"].as_str().unwrap().to_string(); let from = structure["direct_message"]["sender_id_str"].as_str().unwrap().to_string(); display_info.recv(display::Infos::DM(dm_text, from, to)); -- cgit v1.1