Changeset 6753d23


Ignore:
Timestamp:
Jul 26, 2014 3:09:40 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
1603353
Parents:
ca5755b0
Message:

Add filtering for getParameterMap()
Don't return null entries in getParameterValues() array
Log in getParameterValues() too
static

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java

    rca5755b0 r6753d23  
    11package net.i2p.servlet.filters;
    22
     3import java.util.Collections;
     4import java.util.Enumeration;
     5import java.util.HashMap;
     6import java.util.Map;
    37import java.util.regex.Pattern;
    48
     
    3337        int count = values.length;
    3438        String[] encodedValues = new String[count];
     39        int good = 0;
    3540        for (int i = 0; i < count; i++) {
    36             encodedValues[i] = stripXSS(values[i], parameterValuePattern);
     41            String value = values[i];
     42            String v2 = stripXSS(value, parameterValuePattern);
     43            if (v2 != null) {
     44                encodedValues[good++] = v2;
     45            } else if (value != null) {
     46                Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
     47                log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped param \"" + parameter + "\" : \"" + value + '"');
     48            }
    3749        }
    38 
     50        if (good <= 0)
     51            return null;
     52        if (good < count) {
     53            // shrink array
     54            String[] rv = new String[good];
     55            System.arraycopy(encodedValues, 0, rv, 0, good);
     56            encodedValues = rv;
     57        }
    3958        return encodedValues;
    4059    }
     
    5271
    5372    @Override
     73    public Map getParameterMap() {
     74        Map rv = new HashMap();
     75        for (Enumeration keys = getParameterNames(); keys.hasMoreElements(); ) {
     76             String k = (String) keys.nextElement();
     77             String[] v = getParameterValues(k);
     78             if (v != null)
     79                 rv.put(k, v);
     80        }
     81        return Collections.unmodifiableMap(rv);
     82    }
     83
     84    @Override
    5485    public String getHeader(String name) {
    5586        String value = super.getHeader(name);
     
    6293    }
    6394
    64     private String stripXSS(String value, Pattern whitelistPattern) {
     95    private static String stripXSS(String value, Pattern whitelistPattern) {
    6596        if (value != null) {
    6697            // NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
  • router/java/src/net/i2p/router/RouterVersion.java

    rca5755b0 r6753d23  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 23;
     21    public final static long BUILD = 24;
    2222
    2323    /** for example "-test" */
Note: See TracChangeset for help on using the changeset viewer.