From 9a9832cb77689f3dc0630310d87a424df87bc3f3 Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 21 Nov 2015 17:39:10 +0000 Subject: [PATCH] Console: Fix escaping of plugin description on /configclients (ticket #1711) --- .../src/net/i2p/router/web/ConfigClientsHelper.java | 11 ++++++----- history.txt | 5 ++++- router/java/src/net/i2p/router/RouterVersion.java | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java index 86d064853..de4e85f8b 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java @@ -151,7 +151,7 @@ public class ConfigClientsHelper extends HelperBase { //"webConsole".equals(ca.clientName) || "Web console".equals(ca.clientName), false, RouterConsoleRunner.class.getName().equals(ca.className), // description - ca.className + ((ca.args != null) ? " " + ca.args : ""), + DataHelper.escapeHTML(ca.className + ((ca.args != null) ? " " + ca.args : "")), // edit allowEdit && (""+cur).equals(_edit), // show edit button, show update button @@ -212,7 +212,7 @@ public class ConfigClientsHelper extends HelperBase { boolean isRunning = WebAppStarter.isWebAppRunning(app); renderForm(buf, app, app, !"addressbook".equals(app), "true".equals(val), RouterConsoleRunner.ROUTERCONSOLE.equals(app), - RouterConsoleRunner.ROUTERCONSOLE.equals(app), app + ".war", + RouterConsoleRunner.ROUTERCONSOLE.equals(app), DataHelper.escapeHTML(app + ".war"), false, false, false, isRunning, false, !isRunning); } } @@ -316,14 +316,15 @@ public class ConfigClientsHelper extends HelperBase { /** * Misnamed, renders a single line in a table for a single client/webapp/plugin. * - * ro trumps edit and showEditButton + * @param name will be escaped here + * @param ro trumps edit and showEditButton + * @param escapedDesc description, must be HTML escaped, except for plugins */ private void renderForm(StringBuilder buf, String index, String name, boolean urlify, - boolean enabled, boolean ro, boolean preventDisable, String desc, boolean edit, + boolean enabled, boolean ro, boolean preventDisable, String escapedDesc, boolean edit, boolean showEditButton, boolean showUpdateButton, boolean showStopButton, boolean showDeleteButton, boolean showStartButton) { String escapedName = DataHelper.escapeHTML(name); - String escapedDesc = DataHelper.escapeHTML(desc); buf.append(""); if (urlify && enabled) { String link = "/"; diff --git a/history.txt b/history.txt index 8fe684b69..d8ac9f187 100644 --- a/history.txt +++ b/history.txt @@ -1,3 +1,6 @@ +2015-11-21 zzz + * Console: Fix escaping of plugin description on /configclients (ticket #1711) + * 2015-11-19 0.9.23 released 2015-11-19 str4d @@ -9,7 +12,7 @@ * Translation updates 2015-11-13 zab - * Interrupt() when cancelling scheduled tasks + * Interrupt() when cancelling scheduled tasks (tickets #1694, #1705) 2015-11-13 zzz * Console: Fix lifetime participating bandwidth display (ticket #1706) diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index a411b0099..87e5bffca 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 0; + public final static long BUILD = 1; /** for example "-test" */ public final static String EXTRA = "";