Opened 10 years ago

Closed 10 years ago

#368 closed defect (fixed)

Insufficient filename filtering in I2PSnarkServlet

Reported by: John Doo Owned by: zzz
Priority: minor Milestone: 0.8.4
Component: apps/i2psnark Version: 0.8
Keywords: Cc:
Parent Tickets: Sensitive: no


I've noticed that in org.klomp.snark.web.I2PSnarkServlet the filename of a .torrent metainfo file downloaded via the static class FetchAndAdd? isn't as thoroughly filtered for illegal characters as it is done in the Storage class.
Therefore I suggest to extract the method Storage.filterName(String) to a helper class and use it in both Storage and I2PSnarkServlet.
In I2PSnarkServlet FetchAndAdd? I suggest replacing

name = DataHelper?.stripHTML(name);
name = name.replace('/', '_');

name = name.replace('`', '_');

by a single invocation of filterName:
name = HelperClass?.filterName(name);

Sincerely Yours
John Doo


Change History (2)

comment:1 Changed 10 years ago by zzz

Milestone: 0.8.4
Owner: set to zzz
Status: newaccepted

Yeah, thanks, I saw that too, and I've already done exactly that fix. It's in my dhtsnark branch with all the magnet changes, it will be in 0.8.4.

comment:2 Changed 10 years ago by zzz

Resolution: fixed
Status: acceptedclosed
Note: See TracTickets for help on using tickets.