Changeset b28eb70 for apps/jetty


Ignore:
Timestamp:
Aug 3, 2014 1:58:51 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
2d2348f
Parents:
bf9c4b23
Message:
  • Console:
    • Fix update buttons
    • Don't filter parameter names starting with "nofilter_"
    • Re-allow configadvanced, news URL, and unsigned update URL if routerconsole.advanced=true
    • Re-allow plugin install if routerconsole.advanced=true or routerconsole.enablePluginInstall=true
    • Only allow whitelisted plugin signers, unless routerconsole.allowUntrustedPlugins=true
    • Re-allow clients.config changes if routerconsole.advanced=true or routerconsole.enableClientChange=true
    • More escaping
  • i2psnark: Fix add torrent form
File:
1 edited

Legend:

Unmodified
Added
Removed
  • apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java

    rbf9c4b23 rb28eb70  
    2222    private static final Pattern parameterValuePattern = Pattern.compile("^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$");
    2323    private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
     24    private static final String NOFILTER = "nofilter_";
    2425
    2526    public XSSRequestWrapper(HttpServletRequest servletRequest) {
     
    2728    }
    2829
     30    /**
     31     *  Parameter names starting with "nofilter_" will not be filtered.
     32     */
    2933    @Override
    3034    public String[] getParameterValues(String parameter) {
    3135        String[] values = super.getParameterValues(parameter);
     36        if (parameter.startsWith(NOFILTER))
     37            return values;
    3238
    3339        if (values == null) {
     
    5965    }
    6066
     67    /**
     68     *  Parameter names starting with "nofilter_" will not be filtered.
     69     */
    6170    @Override
    6271    public String getParameter(String parameter) {
    6372        String value = super.getParameter(parameter);
     73        if (parameter.startsWith(NOFILTER))
     74            return value;
    6475        String rv = stripXSS(value, parameterValuePattern);
    6576        if (value != null && rv == null) {
     
    7081    }
    7182
     83    /**
     84     *  Parameter names starting with "nofilter_" will not be filtered.
     85     */
    7286    @Override
    7387    public Map getParameterMap() {
Note: See TracChangeset for help on using the changeset viewer.