From d6a3c8b24c3e74473d1000b8ed87abbc75d4293f Mon Sep 17 00:00:00 2001
From: Zlatin Balevsky <zlatinb@gmail.com>
Date: Sat, 7 Dec 2019 13:04:31 +0000
Subject: [PATCH] re-add zzz's changes to FilesServlet

---
 .../java/com/muwire/webui/FilesServlet.java    | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/webui/src/main/java/com/muwire/webui/FilesServlet.java b/webui/src/main/java/com/muwire/webui/FilesServlet.java
index 3fd3ca73..b52ed05e 100644
--- a/webui/src/main/java/com/muwire/webui/FilesServlet.java
+++ b/webui/src/main/java/com/muwire/webui/FilesServlet.java
@@ -102,15 +102,31 @@ public class FilesServlet extends HttpServlet {
     @Override
     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String action = req.getParameter("action");
+        if (action == null) {
+            resp.sendError(403,"Bad param");
+            return;
+        }
         if (action.equals("share")) {
             String file = req.getParameter("file");
+            if (file == null) {
+                resp.sendError(403, "Bad param");
+                return;
+            }
             fileManager.share(file);
             resp.sendRedirect("/MuWire/Files.jsp");
         } else if (action.equals("unshare")) {
             String pathElements = req.getParameter("path");
+            if (pathElements == null) {
+                resp.sendError(403,"Bad param");
+                return;
+            }
             File current = null;
-            for (String element : pathElements.split(",")) {
+            for (String element : DataHelper.split(pathElements,",")) {
                 element = Util.unescapeHTMLinXML(Base64.decodeToString(element));
+                if (element == null) {
+                    resp.sendError(403,"Bad param");
+                    return;
+                }
                 if (current == null)
                     current = new File(element);
                 else