Opened 4 years ago

Closed 4 years ago

#1569 closed defect (fixed)

Unable to add large URL at /confighome

Reported by: djjeshk Owned by:
Priority: minor Milestone: 0.9.20
Component: apps/console Version: 0.9.19
Keywords: Cc:
Parent Tickets:

Description

I2P version: 0.9.19-18
Java version: Oracle Corporation 1.8.0_45 (Java(TM) SE Runtime Environment 1.8.0_45-b14)
Wrapper version: 3.5.25
Server version: 8.1.17.v20150415
Servlet version: Jasper JSP 2.1 Engine
Platform: Windows 7 x86 6.1
Processor: Core 2 (45nm) (core2)
Jbigi: Locally optimized library jbigi-windows-core2.dll loaded from file
Encoding: Cp1257
Charset: windows-1257

If I try to add an entry http://trac.i2p2.i2p/query?status=accepted&status=assigned&status=closed&status=infoneeded&status=infoneeded_new&status=needs_work&status=new&status=reopened&status=started&status=testing&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&col=component&col=version&col=resolution&col=time&col=changetime&col=parents&col=reporter&col=keywords&col=cc&report=10&desc=1&order=changetime with name All I2P tickets
it shows error No URL entered

Logs:

15.9.5 21:09:07 WARN [ Jetty-12304] vlet.filters.XSSRequestWrapper: URL "/confighome.jsp" Stripped param "url" : "http://trac.i2p2.i2p/query?status=accepted&status=assigned&status=closed&status=infoneeded&status=infoneeded_new&status=needs_work&status=new&status=reopened&status=started&status=testing&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&col=component&col=version&col=resolution&col=time&col=changetime&col=parents&col=reporter&col=keywords&col=cc&report=10&desc=1&order=changetime"

Subtickets

Change History (2)

comment:1 Changed 4 years ago by zzz

  • Component changed from unspecified to apps/console

caught in the XSS filter

comment:2 Changed 4 years ago by zzz

  • Milestone changed from undecided to 0.9.20
  • Resolution set to fixed
  • Status changed from new to closed

bypass filter, fix escaping, truncate long URLs in display
in 977d6b14e14001ec1d7c1419588cb5641881c154 to be 0.9.19-22-rc

Note: See TracTickets for help on using tickets.