Changeset 9a9832c


Ignore:
Timestamp:
Nov 21, 2015 5:39:10 PM (5 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
1215a70
Parents:
9efb3c8
Message:

Console: Fix escaping of plugin description on /configclients (ticket #1711)

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java

    r9efb3c8 r9a9832c  
    152152                       false, RouterConsoleRunner.class.getName().equals(ca.className),
    153153                       // description
    154                        ca.className + ((ca.args != null) ? " " + ca.args : ""),
     154                       DataHelper.escapeHTML(ca.className + ((ca.args != null) ? " " + ca.args : "")),
    155155                       // edit
    156156                       allowEdit && (""+cur).equals(_edit),
     
    213213                renderForm(buf, app, app, !"addressbook".equals(app),
    214214                           "true".equals(val), RouterConsoleRunner.ROUTERCONSOLE.equals(app),
    215                            RouterConsoleRunner.ROUTERCONSOLE.equals(app), app + ".war",
     215                           RouterConsoleRunner.ROUTERCONSOLE.equals(app), DataHelper.escapeHTML(app + ".war"),
    216216                           false, false, false, isRunning, false, !isRunning);
    217217            }
     
    317317     *  Misnamed, renders a single line in a table for a single client/webapp/plugin.
    318318     *
    319      *  ro trumps edit and showEditButton
     319     *  @param name will be escaped here
     320     *  @param ro trumps edit and showEditButton
     321     *  @param escapedDesc description, must be HTML escaped, except for plugins
    320322     */
    321323    private void renderForm(StringBuilder buf, String index, String name, boolean urlify,
    322                             boolean enabled, boolean ro, boolean preventDisable, String desc, boolean edit,
     324                            boolean enabled, boolean ro, boolean preventDisable, String escapedDesc, boolean edit,
    323325                            boolean showEditButton, boolean showUpdateButton, boolean showStopButton,
    324326                            boolean showDeleteButton, boolean showStartButton) {
    325327        String escapedName = DataHelper.escapeHTML(name);
    326         String escapedDesc = DataHelper.escapeHTML(desc);
    327328        buf.append("<tr><td class=\"mediumtags\" align=\"right\" width=\"25%\">");
    328329        if (urlify && enabled) {
  • history.txt

    r9efb3c8 r9a9832c  
     12015-11-21 zzz
     2  * Console: Fix escaping of plugin description on /configclients (ticket #1711)
     3
    14* 2015-11-19 0.9.23 released
    25
     
    1013
    11142015-11-13 zab
    12  * Interrupt() when cancelling scheduled tasks
     15 * Interrupt() when cancelling scheduled tasks (tickets #1694, #1705)
    1316
    14172015-11-13 zzz
  • router/java/src/net/i2p/router/RouterVersion.java

    r9efb3c8 r9a9832c  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 0;
     21    public final static long BUILD = 1;
    2222
    2323    /** for example "-test" */
Note: See TracChangeset for help on using the changeset viewer.