* Console:

- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files

apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java

@@ -57,7 +57,7 @@ public class CSSHelper extends HelperBase {
      */
     public void setLang(String lang) {
         // Protected with nonce in css.jsi
-        if (lang != null && lang.length() > 0) {
+        if (lang != null && lang.length() > 0 && lang.length() <= 6) {
             Map m = new HashMap(2);
             int under = lang.indexOf('_');
             if (under < 0) {
@@ -105,9 +105,9 @@ public class CSSHelper extends HelperBase {
         try {
             if (Integer.parseInt(r) < MIN_REFRESH)
                 r = "" + MIN_REFRESH;
+            _context.router().saveConfig(PROP_REFRESH, r);
         } catch (Exception e) {
         }
-        _context.router().saveConfig(PROP_REFRESH, r);
     }
 
     /** @return refresh time in seconds, as a string */
@@ -117,6 +117,7 @@ public class CSSHelper extends HelperBase {
             if (Integer.parseInt(r) < MIN_REFRESH)
                 r = "" + MIN_REFRESH;
         } catch (Exception e) {
+            r = "" + MIN_REFRESH;
         }
         return r;
     }

apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java

@@ -21,7 +21,8 @@ public class ConfigAdvancedHandler extends FormHandler {
     @Override
     protected void processForm() {
         if (_shouldSave) {
-            saveChanges();
+            //saveChanges();
+            addFormError("Save disabled, edit the router.config file to make changes") ;
         } else {
             // noop
         }

apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java

@@ -54,7 +54,8 @@ public class ConfigClientsHandler extends FormHandler {
             return;
         }
         if (_action.equals(_("Install Plugin"))) {
-            installPlugin();
+            //installPlugin();
+            addFormError("Plugin installation disabled");
             return;
         }
         if (_action.equals(_("Update All Installed Plugins"))) {

apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java

@@ -173,10 +173,11 @@ public class ConfigUpdateHandler extends FormHandler {
                 _newsThroughProxy = false;
             String oldURL = ConfigUpdateHelper.getNewsURL(_context);
             if ( (oldURL == null) || (!_newsURL.equals(oldURL)) ) {
-                changes.put(PROP_NEWS_URL, _newsURL);
+                //changes.put(PROP_NEWS_URL, _newsURL);
                 // this invalidates the news
-                changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
-                addFormNotice(_("Updating news URL to {0}", _newsURL));
+                //changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
+                //addFormNotice(_("Updating news URL to {0}", _newsURL));
+                addFormError("Changing news URL disabled");
             }
         }
         
@@ -240,8 +241,9 @@ public class ConfigUpdateHandler extends FormHandler {
         if ( (_zipURL != null) && (_zipURL.length() > 0) ) {
             String oldURL = _context.router().getConfigSetting(PROP_ZIP_URL);
             if ( (oldURL == null) || (!_zipURL.equals(oldURL)) ) {
-                changes.put(PROP_ZIP_URL, _zipURL);
-                addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
+                //changes.put(PROP_ZIP_URL, _zipURL);
+                //addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
+                addFormError("Changing unsigned update URL disabled");
             }
         }
         

apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java

@@ -5,6 +5,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import net.i2p.data.DataHelper;
 import net.i2p.router.RouterContext;
 import net.i2p.util.Log;
 
@@ -50,8 +51,8 @@ public abstract class FormHandler {
         }
     }
 
-    public void setNonce(String val) { _nonce = val; }
-    public void setAction(String val) { _action = val; }
+    public void setNonce(String val) { _nonce = DataHelper.stripHTML(val); }
+    public void setAction(String val) { _action = DataHelper.stripHTML(val); }
 
     /**
      * For many forms, it's easiest just to put all the parameters here.

apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java

@@ -818,19 +818,19 @@ public class SummaryHelper extends HelperBase {
     /* below here is stuff we need to get from summarynoframe.jsp to SummaryBarRenderer */
 
     private String _action;
-    public void setAction(String s) { _action = s; }
+    public void setAction(String s) { _action = DataHelper.stripHTML(s); }
     public String getAction() { return _action; }
 
     private String _consoleNonce;
-    public void setConsoleNonce(String s) { _consoleNonce = s; }
+    public void setConsoleNonce(String s) { _consoleNonce = DataHelper.stripHTML(s); }
     public String getConsoleNonce() { return _consoleNonce; }
 
     private String _updateNonce;
-    public void setUpdateNonce(String s) { _updateNonce = s; }
+    public void setUpdateNonce(String s) { _updateNonce = DataHelper.stripHTML(s); }
     public String getUpdateNonce() { return _updateNonce; }
 
     private String _requestURI;
-    public void setRequestURI(String s) { _requestURI = s; }
+    public void setRequestURI(String s) { _requestURI = DataHelper.stripHTML(s); }
 
     /**
      * @return non-null; "/home" if (strangely) not set by jsp

apps/routerconsole/jsp/configadvanced.jsp

@@ -24,13 +24,19 @@
 <%@include file="formhandler.jsi" %>
  <div class="configure">
  <div class="wideload">
+<!--
  <form action="" method="POST">
  <input type="hidden" name="nonce" value="<%=pageNonce%>" >
  <input type="hidden" name="action" value="blah" >
+-->
  <h3><%=intl._("Advanced I2P Configuration")%></h3>
- <textarea rows="32" cols="60" name="config" wrap="off" spellcheck="false"><jsp:getProperty name="advancedhelper" property="settings" /></textarea><br><hr>
+ <textarea rows="32" cols="60" name="config" wrap="off" spellcheck="false" readonly="readonly"><jsp:getProperty name="advancedhelper" property="settings" /></textarea><br><hr>
+<!--
       <div class="formaction">
         <input type="reset" class="cancel" value="<%=intl._("Cancel")%>" >
         <input type="submit" name="shouldsave" class="accept" value="<%=intl._("Save changes")%>" >
  <br><b><%=intl._("NOTE")%>:</b> <%=intl._("Some changes may require a restart to take effect.")%>
- </div></form></div></div></div></body></html>
+ </div></form>
+-->
+To make changes, edit the router.config file.
+</div></div></div></body></html>

apps/routerconsole/jsp/configclients.jsp

@@ -117,6 +117,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
  <input type="submit" name="action" class="accept" value="<%=intl._("Save Plugin Configuration")%>" />
 </div></form></div>
 
+<!--
 <h3><a name="plugin"></a><%=intl._("Plugin Installation")%></h3><p>
  <%=intl._("Look for available plugins on {0}.", "<a href=\"http://plugins.i2p\">plugins.i2p</a>")%>
  <%=intl._("To install a plugin, enter the download URL:")%>
@@ -132,5 +133,6 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
 </div><hr><div class="formaction">
  <input type="submit" name="action" class="reload" value="<%=intl._("Update All Installed Plugins")%>" />
  </div></form></div>
+-->
 <% } %>
 </div></div></body></html>

apps/routerconsole/jsp/configupdate.jsp

@@ -41,7 +41,7 @@
             <% } %></td></tr>
         <tr><td colspan="2"><br></td></tr>
         <tr><td class="mediumtags" align="right"><b><%=intl._("News URL")%>:</b></td>
-          <td><input type="text" size="60" name="newsURL" value="<jsp:getProperty name="updatehelper" property="newsURL" />"></td>
+          <td><input type="text" size="60" name="newsURL" readonly="readonly" value="<jsp:getProperty name="updatehelper" property="newsURL" />"></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Refresh frequency")%>:</b>
           <td><jsp:getProperty name="updatehelper" property="refreshFrequencySelectBox" /></td></tr>
     <% if (updatehelper.canInstall()) { %>
@@ -65,10 +65,12 @@
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Trusted keys")%>:</b></td>
           <td><textarea cols="60" rows="6" name="trustedKeys" wrap="off" spellcheck="false"><jsp:getProperty name="updatehelper" property="trustedKeys" /></textarea></td></tr>
       <% }   // if isAdvanced %>
+<!--
         <tr><td id="unsignedbuild" class="mediumtags" align="right"><b><%=intl._("Update with unsigned development builds?")%></b></td>
           <td><jsp:getProperty name="updatehelper" property="updateUnsigned" /></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Unsigned Build URL")%>:</b></td>
           <td><input type="text" size="60" name="zipURL" value="<jsp:getProperty name="updatehelper" property="zipURL" />"></td></tr>
+-->
     <% } else { %>
         <tr><td class="mediumtags" align="center" colspan="2"><b><%=intl._("Updates will be dispatched via your package manager.")%></b></td></tr>
     <% }   // if canInstall %>

apps/routerconsole/jsp/css.jsi

@@ -30,8 +30,11 @@
 <link rel="icon" href="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/favicon.ico">
 <%
    // clickjacking
-   if (intl.shouldSendXFrame())
+   if (intl.shouldSendXFrame()) {
       response.setHeader("X-Frame-Options", "SAMEORIGIN");
+      response.setHeader("Content-Security-Policy", "default-src 'self'");
+      response.setHeader("X-XSS-Protection", "1; mode=block");
+   }
 
    String conNonceParam = request.getParameter("consoleNonce");
    if (intl.getNonce().equals(conNonceParam)) {

apps/routerconsole/jsp/summaryframe.jsp

@@ -22,12 +22,13 @@
                            "Shutdown immediately".equals(action) || "Restart immediately".equals(action);
     if (!shutdownSoon) {
         if (d == null || "".equals(d)) {
-            d = intl.getRefresh();
+            // set below
         } else {
             d = net.i2p.data.DataHelper.stripHTML(d);  // XSS
             intl.setRefresh(d);
             intl.setDisableRefresh(d);
         }
+        d = intl.getRefresh();
         // we probably don't get here if d == "0" since caught in summary.jsi, but just
         // to be sure...
         if (!intl.getDisableRefresh()) {
@@ -46,7 +47,7 @@
             long delay = 60;
             try { delay = Long.parseLong(d); } catch (NumberFormatException nfe) {}
             if (delay*1000 < timeleft + 5000)
-                out.print("<meta http-equiv=\"refresh\" content=\"" + d + ";url=/summaryframe.jsp\" >\n");
+                out.print("<meta http-equiv=\"refresh\" content=\"" + delay + ";url=/summaryframe.jsp\" >\n");
             else
                 shutdownSoon = true;
         }

apps/routerconsole/jsp/viewstat.jsp

@@ -84,9 +84,11 @@ if ( !rendered && ((rs != null) || fakeBw) ) {
  *  a huge load for a page full of graphs if there's a problem
  */
 if (!rendered) {
-    if (stat != null)
+    if (stat != null) {
+        stat = net.i2p.data.DataHelper.stripHTML(stat);
         response.sendError(403, "The stat " + stat + " is not available, it must be enabled for graphing on the stats configuration page.");
-    else
+    } else {
         response.sendError(403, "No stat specified");
+    }
 }
 %>