From f67950b14ab016e93cca92d9b918a255728d58fd Mon Sep 17 00:00:00 2001
From: Sasha Sherstnev <a.sherstnev@dundee.ac.uk>
Date: Mon, 2 Dec 2013 14:48:59 +0000
Subject: [PATCH] Add additional checks of input parameters from html forms

---
 server/compbio/controllers/IPDataController.java   |   25 ++++++++++++++++----
 server/compbio/controllers/SequenceController.java |   25 ++++++++++++++++----
 2 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/server/compbio/controllers/IPDataController.java b/server/compbio/controllers/IPDataController.java
index c95a6cd..7a7e298 100644
--- a/server/compbio/controllers/IPDataController.java
+++ b/server/compbio/controllers/IPDataController.java
@@ -31,9 +31,24 @@ public class IPDataController {
 	}
 	
 	@RequestMapping(value = "/ip/stat/querycounter", method = RequestMethod.GET)
-	public String findIPwithCounter(@RequestParam("JobCounter") int counter, Map<String, Object> model) {
-		
-		if (counter < 1) {
+	public String findIPwithCounter(@RequestParam("JobCounter") String counter, Map<String, Object> model) {
+
+		if (counter.equals("")) {
+			model.put("error", "The value must not be empty");
+			model.put("value", counter);
+			return "queryIPStatistics";
+		}
+	
+		int realcounter;
+		try {
+			realcounter = Integer.parseInt(counter.trim());
+		} catch (NumberFormatException e) {
+			model.put("error", "The value must be an integer number");
+			model.put("value", counter);
+			return "queryIPStatistics";
+		}
+
+		if (realcounter < 1) {
 			model.put("error", "The value must be greater than 0");
 			model.put("value", counter);
 			return "queryIPStatistics";
@@ -41,7 +56,7 @@ public class IPDataController {
 
 		final long startTime = System.currentTimeMillis();
 		CassandraRequester cr = new CassandraRequester();
-		List<DataBase> r = cr.readIpByCounter(counter);
+		List<DataBase> r = cr.readIpByCounter(realcounter);
  		model.put("results", r);
 		model.put("njobs", 0);
 		if (null != r) {
@@ -49,7 +64,7 @@ public class IPDataController {
 		}
  		final long endTime = System.currentTimeMillis();
 		model.put("timeExecution", (endTime - startTime));
-		model.put("counter", counter);
+		model.put("counter", realcounter);
 		return "reportIPstatistics";
 	}
 
diff --git a/server/compbio/controllers/SequenceController.java b/server/compbio/controllers/SequenceController.java
index d4afbdc..8e5bc29 100644
--- a/server/compbio/controllers/SequenceController.java
+++ b/server/compbio/controllers/SequenceController.java
@@ -55,17 +55,32 @@ public class SequenceController {
 	}
 
 	@RequestMapping(value = "/sequence/querycounter", method = RequestMethod.GET)
-	public String countSequences(@RequestParam("counterJob") int counter, Map<String, Object> model) {
+	public String countSequences(@RequestParam("counterJob") String counter, Map<String, Object> model) {
 		final long startTime = System.currentTimeMillis();
 
-		if (counter < 1) {
+		if (counter.equals("")) {
+			model.put("error", "The value must not be empty");
+			model.put("value", counter);
+			return "queryIPStatistics";
+		}
+
+		int realcounter;
+		try {
+			realcounter = Integer.parseInt(counter.trim());
+		} catch (NumberFormatException e) {
+			model.put("error", "The value must be an integer number");
+			model.put("value", counter);
+			return "queryIPStatistics";
+		}
+
+		if (realcounter < 1) {
 			model.put("error", "The value must be greater than 0");
 			model.put("value", counter);
-			return "queryProteinSequenceCounter";
+			return "queryIPStatistics";
 		}
 
 		CassandraRequester cr = new CassandraRequester();
-		List<DataBase> r = cr.readProteinByCounter(counter);
+		List<DataBase> r = cr.readProteinByCounter(realcounter);
 		model.put("results", r);
 		model.put("njobs", 0);
 		if (null != r) {
@@ -73,7 +88,7 @@ public class SequenceController {
 		}
 		final long endTime = System.currentTimeMillis();
 		model.put("timeExecution", (endTime - startTime));
-		model.put("counter", counter);
+		model.put("counter", realcounter);
 		return "reportProteinSequencesCounter";
 	}
 
-- 
1.7.10.2