zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Console:

Browse Source 
- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files
This commit is contained in:
zzz
2014-07-26 09:32:26 +00:00
parent e9c8748c0b
commit af575d6c95
32 changed files with 124 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java
View File

@@ -173,10 +173,11 @@ public class ConfigUpdateHandler extends FormHandler {
_newsThroughProxy = false;
String oldURL = ConfigUpdateHelper.getNewsURL(_context);
if ( (oldURL == null) || (!_newsURL.equals(oldURL)) ) {
changes.put(PROP_NEWS_URL, _newsURL);
//changes.put(PROP_NEWS_URL, _newsURL);
// this invalidates the news
changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
addFormNotice(_("Updating news URL to {0}", _newsURL));
//changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
//addFormNotice(_("Updating news URL to {0}", _newsURL));
addFormError("Changing news URL disabled");
}
}
@@ -240,8 +241,9 @@ public class ConfigUpdateHandler extends FormHandler {
if ( (_zipURL != null) && (_zipURL.length() > 0) ) {
String oldURL = _context.router().getConfigSetting(PROP_ZIP_URL);
if ( (oldURL == null) || (!_zipURL.equals(oldURL)) ) {
changes.put(PROP_ZIP_URL, _zipURL);
addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
//changes.put(PROP_ZIP_URL, _zipURL);
//addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
addFormError("Changing unsigned update URL disabled");
}
}