AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Jetty: Fix quote in header line tripping XSS filter (ticket #2215)

Browse Source
This commit is contained in:
zzz
2018-04-14 13:25:25 +00:00
parent 941db3aeeb
commit d12b531c54
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
View File

@@ -24,7 +24,7 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
// Same as above but with backslash for file paths
private static final String WIN_PATTERN = "^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n\\\\]*$";
private static final Pattern parameterValuePattern = Pattern.compile(SystemVersion.isWindows() ? WIN_PATTERN : NON_WIN_PATTERN);
private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ \"]*$");
private static final String NOFILTER = "nofilter_";
public XSSRequestWrapper(HttpServletRequest servletRequest) {