idk/muwire
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sanitize integer and file input

Browse Source
This commit is contained in:
Zlatin Balevsky
2019-12-15 15:13:44 +00:00
parent 4ab4785539
commit 3363b99675
1 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
webui/src/main/java/com/muwire/webui/ConfigurationServlet.java
View File

@@ -51,24 +51,24 @@ public class ConfigurationServlet extends HttpServlet {
core.getMuOptions().setBrowseFiles(false);
}
private void update(String name, String value) {
private void update(String name, String value) throws Exception {
switch(name) {
case "allowUntrusted" : core.getMuOptions().setAllowUntrusted(false); break;
case "searchExtraHop" : core.getMuOptions().setSearchExtraHop(true); break;
case "allowTrustLists": core.getMuOptions().setAllowTrustLists(true); break;
case "trustListInterval" : core.getMuOptions().setTrustListInterval(Integer.parseInt(value)); break;
case "downloadRetryInterval" : core.getMuOptions().setDownloadRetryInterval(Integer.parseInt(value)); break;
case "trustListInterval" : core.getMuOptions().setTrustListInterval(getPositiveInteger(value)); break;
case "downloadRetryInterval" : core.getMuOptions().setDownloadRetryInterval(getPositiveInteger(value)); break;
case "totalUploadSlots" : core.getMuOptions().setTotalUploadSlots(Integer.parseInt(value)); break;
case "uploadSlotsPerUser" : core.getMuOptions().setUploadSlotsPerUser(Integer.parseInt(value)); break;
case "downloadLocation" : core.getMuOptions().setDownloadLocation(new File(value)); break;
case "incompleteLocation" : core.getMuOptions().setIncompleteLocation(new File(value)); break;
case "downloadLocation" : core.getMuOptions().setDownloadLocation(getDirectory(value)); break;
case "incompleteLocation" : core.getMuOptions().setIncompleteLocation(getDirectory(value)); break;
case "shareDownloadedFiles" : core.getMuOptions().setShareDownloadedFiles(true); break;
case "shareHiddenFiles" : core.getMuOptions().setShareHiddenFiles(true); break;
case "searchComments" : core.getMuOptions().setSearchComments(true); break;
case "browseFiles" : core.getMuOptions().setBrowseFiles(true); break;
case "speedSmoothSeconds" : core.getMuOptions().setSpeedSmoothSeconds(Integer.parseInt(value)); break;
case "inBw" : core.getMuOptions().setInBw(Integer.parseInt(value)); break;
case "outBw" : core.getMuOptions().setOutBw(Integer.parseInt(value)); break;
case "speedSmoothSeconds" : core.getMuOptions().setSpeedSmoothSeconds(getPositiveInteger(value)); break;
case "inBw" : core.getMuOptions().setInBw(getPositiveInteger(value)); break;
case "outBw" : core.getMuOptions().setOutBw(getPositiveInteger(value)); break;
case "inbound.length" : core.getI2pOptions().setProperty(name, value); break;
case "inbound.quantity" : core.getI2pOptions().setProperty(name, value); break;
case "outbound.length" : core.getI2pOptions().setProperty(name, value); break;
@@ -76,6 +76,24 @@ public class ConfigurationServlet extends HttpServlet {
// TODO: ui settings
}
}
private static int getPositiveInteger(String s) throws Exception {
int rv = Integer.parseInt(s);
if (rv <= 0)
throw new Exception(s + " is negative");
return rv;
}
private static File getDirectory(String s) throws Exception {
File f = new File(s);
if (!f.exists())
throw new Exception(s + " does not exist");
if (!f.isDirectory())
throw new Exception(s + " is not a directory");
if (!f.canWrite())
throw new Exception(s + " cannot be written to");
return f;
}
@Override
public void init(ServletConfig config) throws ServletException {