zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Console:

Browse Source 
- Fix update buttons
   - Don't filter parameter names starting with "nofilter_"
   - Re-allow configadvanced, news URL, and unsigned update URL if routerconsole.advanced=true
   - Re-allow plugin install if routerconsole.advanced=true or routerconsole.enablePluginInstall=true
   - Only allow whitelisted plugin signers, unless routerconsole.allowUntrustedPlugins=true
   - Re-allow clients.config changes if routerconsole.advanced=true or routerconsole.enableClientChange=true
   - More escaping
 * i2psnark: Fix add torrent form
This commit is contained in:
zzz
2014-08-03 13:58:51 +00:00
parent bf9c4b2346
commit b28eb708a4
26 changed files with 289 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateRunner.java
View File

@@ -54,6 +54,7 @@ class PluginUpdateRunner extends UpdateRunner {
private static final String XPI2P = "app.xpi2p";
private static final String ZIP = XPI2P + ".zip";
public static final String PLUGIN_DIR = PluginStarter.PLUGIN_DIR;
private static final String PROP_ALLOW_NEW_KEYS = "routerconsole.allowUntrustedPlugins";
public PluginUpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, List<URI> uris,
String appName, String oldVersion ) {
@@ -162,7 +163,7 @@ class PluginUpdateRunner extends UpdateRunner {
// ok, now we check sigs and deal with a bad sig
String pubkey = props.getProperty("key");
String signer = props.getProperty("signer");
String signer = DataHelper.stripHTML(props.getProperty("signer"));
if (pubkey == null || signer == null || pubkey.length() != 172 || signer.length() <= 0) {
f.delete();
to.delete();
@@ -179,6 +180,14 @@ class PluginUpdateRunner extends UpdateRunner {
up.addKey(e.getKey(), e.getValue());
}
// add all trusted plugin keys, so any conflicts with trusted keys
// will be discovered and rejected
Map<String, String> trustedKeys = TrustedPluginKeys.getKeys();
for (Map.Entry<String, String> e : trustedKeys.entrySet()) {
// ignore dups/bad keys
up.addKey(e.getKey(), e.getValue());
}
if (up.haveKey(pubkey)) {
// the key is already in the TrustedUpdate keyring
// verify the sig and verify that it is signed by the signer in the plugin.config file
@@ -194,7 +203,7 @@ class PluginUpdateRunner extends UpdateRunner {
statusDone("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");
return;
}
} else {
} else if (_context.getBooleanProperty(PROP_ALLOW_NEW_KEYS)) {
// add to keyring...
if(!up.addKey(pubkey, signer)) {
// bad or duplicate key
@@ -218,6 +227,14 @@ class PluginUpdateRunner extends UpdateRunner {
statusDone("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");
return;
}
} else {
// unknown key
f.delete();
to.delete();
_log.error("Untrusted plugin key \"" + pubkey + "\" for plugin signer \"" + signer + "\"");
// don't display signer, we're really checking the key not the signer name
statusDone("<b>" + _("Plugin not installed - signer is untrusted") + "</b>");
return;
}
String sudVersion = TrustedUpdate.getVersionString(f);

3
apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java
View File

@@ -57,7 +57,8 @@ public class CSSHelper extends HelperBase {
*/
public void setLang(String lang) {
// Protected with nonce in css.jsi
if (lang != null && lang.length() > 0 && lang.length() <= 6) {
if (lang != null && lang.length() >= 2 && lang.length() <= 6 &&
lang.replaceAll("[a-zA-Z_]", "").length() == 0) {
Map m = new HashMap(2);
int under = lang.indexOf('_');
if (under < 0) {

8
apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java
View File

@@ -21,8 +21,10 @@ public class ConfigAdvancedHandler extends FormHandler {
@Override
protected void processForm() {
if (_shouldSave) {
//saveChanges();
addFormError("Save disabled, edit the router.config file to make changes") ;
if (isAdvanced())
saveChanges();
else
addFormError("Save disabled, edit the router.config file to make changes") ;
} else {
// noop
}
@@ -31,7 +33,7 @@ public class ConfigAdvancedHandler extends FormHandler {
public void setShouldsave(String moo) { _shouldSave = true; }
//public void setRestart(String moo) { _forceRestart = true; }
public void setConfig(String val) {
public void setNofilter_config(String val) {
_config = val;
}

5
apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHelper.java
View File

@@ -3,6 +3,7 @@ package net.i2p.router.web;
import java.util.Map;
import java.util.TreeMap;
import net.i2p.data.DataHelper;
public class ConfigAdvancedHelper extends HelperBase {
public ConfigAdvancedHelper() {}
@@ -12,8 +13,8 @@ public class ConfigAdvancedHelper extends HelperBase {
TreeMap<String, String> sorted = new TreeMap<String, String>();
sorted.putAll(_context.router().getConfigMap());
for (Map.Entry<String, String> e : sorted.entrySet()) {
String name = e.getKey();
String val = e.getValue();
String name = DataHelper.escapeHTML(e.getKey());
String val = DataHelper.escapeHTML(e.getValue());
buf.append(name).append('=').append(val).append('\n');
}
return buf.toString();

138
apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
View File

@@ -49,17 +49,28 @@ public class ConfigClientsHandler extends FormHandler {
saveWebAppChanges();
return;
}
boolean pluginsEnabled = PluginStarter.pluginsEnabled(_context);
if (_action.equals(_("Save Plugin Configuration"))) {
savePluginChanges();
if (pluginsEnabled)
savePluginChanges();
else
addFormError("Plugins disabled");
return;
}
if (_action.equals(_("Install Plugin"))) {
//installPlugin();
addFormError("Plugin installation disabled");
if (pluginsEnabled &&
(_context.getBooleanProperty(ConfigClientsHelper.PROP_ENABLE_PLUGIN_INSTALL) ||
isAdvanced()))
installPlugin();
else
addFormError("Plugins disabled");
return;
}
if (_action.equals(_("Update All Installed Plugins"))) {
updateAllPlugins();
if (pluginsEnabled)
updateAllPlugins();
else
addFormError("Plugins disabled");
return;
}
// value
@@ -73,10 +84,14 @@ public class ConfigClientsHandler extends FormHandler {
startClient(appnum);
} else {
List<String> plugins = PluginStarter.getPlugins();
if (plugins.contains(app))
startPlugin(app);
else
if (plugins.contains(app)) {
if (pluginsEnabled)
startPlugin(app);
else
addFormError("Plugins disabled");
} else {
startWebApp(app);
}
}
return;
}
@@ -90,7 +105,7 @@ public class ConfigClientsHandler extends FormHandler {
} catch (NumberFormatException nfe) {}
if (appnum >= 0) {
deleteClient(appnum);
} else {
} else if (pluginsEnabled) {
try {
PluginStarter.stopPlugin(_context, app);
} catch (ClassNotFoundException cnfe) {
@@ -108,6 +123,8 @@ public class ConfigClientsHandler extends FormHandler {
addFormError(_("Error deleting plugin {0}", app) + ": " + e);
_log.error("Error deleting plugin " + app, e);
}
} else {
addFormError("Plugins disabled");
}
return;
}
@@ -126,8 +143,12 @@ public class ConfigClientsHandler extends FormHandler {
List<String> plugins = PluginStarter.getPlugins();
if (plugins.contains(app)) {
try {
PluginStarter.stopPlugin(_context, app);
addFormNotice(_("Stopped plugin {0}", app));
if (pluginsEnabled) {
PluginStarter.stopPlugin(_context, app);
addFormNotice(_("Stopped plugin {0}", app));
} else {
addFormError("Plugins disabled");
}
} catch (Throwable e) {
addFormError(_("Error stopping plugin {0}", app) + ": " + e);
_log.error("Error stopping plugin " + app, e);
@@ -142,15 +163,23 @@ public class ConfigClientsHandler extends FormHandler {
// value
if (_action.startsWith("Update ")) {
String app = _action.substring(7);
updatePlugin(app);
if (pluginsEnabled) {
String app = _action.substring(7);
updatePlugin(app);
} else {
addFormError("Plugins disabled");
}
return;
}
// value
if (_action.startsWith("Check ")) {
String app = _action.substring(6);
checkPlugin(app);
if (pluginsEnabled) {
String app = _action.substring(6);
checkPlugin(app);
} else {
addFormError("Plugins disabled");
}
return;
}
@@ -168,10 +197,14 @@ public class ConfigClientsHandler extends FormHandler {
startClient(appnum);
} else {
List<String> plugins = PluginStarter.getPlugins();
if (plugins.contains(app))
startPlugin(app);
else
if (plugins.contains(app)) {
if (pluginsEnabled)
startPlugin(app);
else
addFormError("Plugins disabled");
} else {
startWebApp(app);
}
}
} else {
//addFormError(_("Unsupported") + ' ' + _action + '.');
@@ -187,45 +220,46 @@ public class ConfigClientsHandler extends FormHandler {
if (! (RouterConsoleRunner.class.getName().equals(ca.className)))
ca.disabled = val == null;
// edit of an existing entry
// disabled
/****
String desc = getJettyString("desc" + cur);
if (desc != null) {
int spc = desc.indexOf(" ");
String clss = desc;
String args = null;
if (spc >= 0) {
clss = desc.substring(0, spc);
args = desc.substring(spc + 1);
if (_context.getBooleanProperty(ConfigClientsHelper.PROP_ENABLE_CLIENT_CHANGE) ||
isAdvanced()) {
String desc = getJettyString("desc" + cur);
if (desc != null) {
int spc = desc.indexOf(" ");
String clss = desc;
String args = null;
if (spc >= 0) {
clss = desc.substring(0, spc);
args = desc.substring(spc + 1);
}
ca.className = clss;
ca.args = args;
ca.clientName = getJettyString("name" + cur);
}
ca.className = clss;
ca.args = args;
ca.clientName = getJettyString("name" + cur);
}
****/
}
// disabled
/****
int newClient = clients.size();
String newDesc = getJettyString("desc" + newClient);
if (newDesc != null && newDesc.trim().length() > 0) {
// new entry
int spc = newDesc.indexOf(" ");
String clss = newDesc;
String args = null;
if (spc >= 0) {
clss = newDesc.substring(0, spc);
args = newDesc.substring(spc + 1);
// new client
if (_context.getBooleanProperty(ConfigClientsHelper.PROP_ENABLE_CLIENT_CHANGE) ||
isAdvanced()) {
int newClient = clients.size();
String newDesc = getJettyString("desc" + newClient);
if (newDesc != null && newDesc.trim().length() > 0) {
// new entry
int spc = newDesc.indexOf(" ");
String clss = newDesc;
String args = null;
if (spc >= 0) {
clss = newDesc.substring(0, spc);
args = newDesc.substring(spc + 1);
}
String name = getJettyString("name" + newClient);
if (name == null || name.trim().length() <= 0) name = "new client";
ClientAppConfig ca = new ClientAppConfig(clss, name, args, 2*60*1000,
_settings.get(newClient + ".enabled") != null);
clients.add(ca);
addFormNotice(_("New client added") + ": " + name + " (" + clss + ").");
}
String name = getJettyString("name" + newClient);
if (name == null || name.trim().length() <= 0) name = "new client";
ClientAppConfig ca = new ClientAppConfig(clss, name, args, 2*60*1000,
_settings.get(newClient + ".enabled") != null);
clients.add(ca);
addFormNotice(_("New client added") + ": " + name + " (" + clss + ").");
}
****/
ClientAppConfig.writeClientAppConfig(_context, clients);
addFormNotice(_("Client configuration saved successfully"));
@@ -330,7 +364,7 @@ public class ConfigClientsHandler extends FormHandler {
File path = new File(_context.getBaseDir(), "webapps");
path = new File(path, app + ".war");
WebAppStarter.startWebApp(_context, s, app, path.getAbsolutePath());
addFormNotice(_("WebApp") + " <a href=\"/" + app + "/\">" + _(app) + "</a> " + _("started") + '.');
addFormNoticeNoEscape(_("WebApp") + " <a href=\"/" + app + "/\">" + _(app) + "</a> " + _("started") + '.');
} catch (Throwable e) {
addFormError(_("Failed to start") + ' ' + _(app) + " " + e + '.');
_log.error("Failed to start webapp " + app, e);
@@ -440,7 +474,7 @@ public class ConfigClientsHandler extends FormHandler {
if (intfc != null)
changes.put(ClientManagerFacadeImpl.PROP_CLIENT_HOST, intfc);
String user = getJettyString("user");
String pw = getJettyString("pw");
String pw = getJettyString("nofilter_pw");
if (user != null && pw != null && user.length() > 0 && pw.length() > 0) {
ConsolePasswordManager mgr = new ConsolePasswordManager(_context);
mgr.saveHash(ConfigClientsHelper.PROP_AUTH, user, pw);

32
apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java
View File

@@ -26,9 +26,22 @@ public class ConfigClientsHelper extends HelperBase {
public static final String PROP_ENABLE_SSL = "i2cp.SSL";
/** from ClientMessageEventListener */
public static final String PROP_AUTH = "i2cp.auth";
public static final String PROP_ENABLE_CLIENT_CHANGE = "routerconsole.enableClientChange";
public static final String PROP_ENABLE_PLUGIN_INSTALL = "routerconsole.enablePluginInstall";
public ConfigClientsHelper() {}
/** @since 0.9.14.1 */
public boolean isClientChangeEnabled() {
return _context.getBooleanProperty(PROP_ENABLE_CLIENT_CHANGE) || isAdvanced();
}
/** @since 0.9.14.1 */
public boolean isPluginInstallEnabled() {
return PluginStarter.pluginsEnabled(_context) &&
(_context.getBooleanProperty(PROP_ENABLE_PLUGIN_INSTALL) || isAdvanced());
}
/** @since 0.8.3 */
public String getPort() {
return _context.getProperty(ClientManagerFacadeImpl.PROP_CLIENT_PORT,
@@ -96,6 +109,7 @@ public class ConfigClientsHelper extends HelperBase {
.append(_("Control")).append("</th><th align=\"left\">")
.append(_("Class and arguments")).append("</th></tr>\n");
boolean allowEdit = isClientChangeEnabled();
List<ClientAppConfig> clients = ClientAppConfig.getClientApps(_context);
for (int cur = 0; cur < clients.size(); cur++) {
ClientAppConfig ca = clients.get(cur);
@@ -117,19 +131,21 @@ public class ConfigClientsHelper extends HelperBase {
// dangerous, but allow editing the console args too
//"webConsole".equals(ca.clientName) || "Web console".equals(ca.clientName),
false, RouterConsoleRunner.class.getName().equals(ca.className),
// description, edit
ca.className + ((ca.args != null) ? " " + ca.args : ""), /* (""+cur).equals(_edit) */ false,
// description
ca.className + ((ca.args != null) ? " " + ca.args : ""),
// edit
allowEdit && (""+cur).equals(_edit),
// show edit button, show update button
// Don't allow edit if it's running, or else we would lose the "handle" to the ClientApp to stop it.
/* !showStop */ false, false,
allowEdit && !showStop, false,
// show stop button
showStop,
// show delete button, show start button
!isConsole, showStart);
}
//if ("new".equals(_edit))
// renderForm(buf, "" + clients.size(), "", false, false, false, false, "", true, false, false, false, false, false);
if (allowEdit && "new".equals(_edit))
renderForm(buf, "" + clients.size(), "", false, false, false, false, "", true, false, false, false, false, false);
buf.append("</table>\n");
return buf.toString();
}
@@ -291,9 +307,9 @@ public class ConfigClientsHelper extends HelperBase {
if (showStopButton && (!edit))
buf.append("<button type=\"submit\" class=\"Xstop\" name=\"action\" value=\"Stop ").append(index).append("\" >")
.append(_("Stop")).append("<span class=hide> ").append(index).append("</span></button>");
//if (showEditButton && (!edit) && !ro)
// buf.append("<button type=\"submit\" class=\"Xadd\" name=\"edit\" value=\"Edit ").append(index).append("\" >")
// .append(_("Edit")).append("<span class=hide> ").append(index).append("</span></button>");
if (isClientChangeEnabled() && showEditButton && (!edit) && !ro)
buf.append("<button type=\"submit\" class=\"Xadd\" name=\"edit\" value=\"Edit ").append(index).append("\" >")
.append(_("Edit")).append("<span class=hide> ").append(index).append("</span></button>");
if (showUpdateButton && (!edit) && !ro) {
buf.append("<button type=\"submit\" class=\"Xcheck\" name=\"action\" value=\"Check ").append(index).append("\" >")
.append(_("Check for updates")).append("<span class=hide> ").append(index).append("</span></button>");

4
apps/routerconsole/java/src/net/i2p/router/web/ConfigReseedHelper.java
View File

@@ -26,7 +26,7 @@ public class ConfigReseedHelper extends HelperBase {
}
/** @since 0.8.9 */
public String getPassword() {
public String getNofilter_password() {
return _context.getProperty(Reseeder.PROP_PROXY_PASSWORD, "");
}
@@ -46,7 +46,7 @@ public class ConfigReseedHelper extends HelperBase {
}
/** @since 0.8.9 */
public String getSpassword() {
public String getNofilter_spassword() {
return _context.getProperty(Reseeder.PROP_SPROXY_PASSWORD, "");
}

2
apps/routerconsole/java/src/net/i2p/router/web/ConfigStatsHandler.java
View File

@@ -122,7 +122,7 @@ public class ConfigStatsHandler extends FormHandler {
addFormNotice(_("Restart required to take effect"));
}
if (graphsChanged)
addFormNotice(_("Graph list updated, may take up to 60s to be reflected on the {0}Graphs Page{1}", "<a href=\"graphs\">", "</a>"));
addFormNoticeNoEscape(_("Graph list updated, may take up to 60s to be reflected on the {0}Graphs Page{1}", "<a href=\"graphs\">", "</a>"));
}
}

8
apps/routerconsole/java/src/net/i2p/router/web/ConfigUIHandler.java
View File

@@ -35,8 +35,12 @@ public class ConfigUIHandler extends FormHandler {
/** note - lang change is handled in CSSHelper but we still need to save it here */
private void saveChanges() {
if (_config == null)
if (_config == null || _config.length() <= 0)
return;
if (_config.replaceAll("[a-zA-Z0-9_-]", "").length() != 0) {
addFormError("Bad theme name");
return;
}
Map<String, String> changes = new HashMap<String, String>();
List<String> removes = new ArrayList<String>();
String oldTheme = _context.getProperty(CSSHelper.PROP_THEME_NAME, CSSHelper.DEFAULT_THEME);
@@ -76,7 +80,7 @@ public class ConfigUIHandler extends FormHandler {
addFormError(_("No user name entered"));
return;
}
String pw = getJettyString("pw");
String pw = getJettyString("nofilter_pw");
if (pw == null || pw.length() <= 0) {
addFormError(_("No password entered"));
return;

2
apps/routerconsole/java/src/net/i2p/router/web/ConfigUIHelper.java
View File

@@ -183,7 +183,7 @@ public class ConfigUIHelper extends HelperBase {
"</td><td align=\"left\"><input type=\"text\" name=\"name\">" +
"</td><td align=\"left\"><b>");
buf.append(_("Password")).append(":</b> " +
"<input type=\"password\" size=\"40\" name=\"pw\"></td></tr>" +
"<input type=\"password\" size=\"40\" name=\"nofilter_pw\"></td></tr>" +
"</table>\n");
return buf.toString();
}

33
apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java
View File

@@ -173,11 +173,14 @@ public class ConfigUpdateHandler extends FormHandler {
_newsThroughProxy = false;
String oldURL = ConfigUpdateHelper.getNewsURL(_context);
if ( (oldURL == null) || (!_newsURL.equals(oldURL)) ) {
//changes.put(PROP_NEWS_URL, _newsURL);
// this invalidates the news
//changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
//addFormNotice(_("Updating news URL to {0}", _newsURL));
addFormError("Changing news URL disabled");
if (isAdvanced()) {
changes.put(PROP_NEWS_URL, _newsURL);
// this invalidates the news
changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
addFormNotice(_("Updating news URL to {0}", _newsURL));
} else {
addFormError("Changing news URL disabled");
}
}
}
@@ -199,7 +202,8 @@ public class ConfigUpdateHandler extends FormHandler {
changes.put(PROP_SHOULD_PROXY, Boolean.toString(_updateThroughProxy));
changes.put(PROP_SHOULD_PROXY_NEWS, Boolean.toString(_newsThroughProxy));
changes.put(PROP_UPDATE_UNSIGNED, Boolean.toString(_updateUnsigned));
if (isAdvanced())
changes.put(PROP_UPDATE_UNSIGNED, Boolean.toString(_updateUnsigned));
String oldFreqStr = _context.getProperty(PROP_REFRESH_FREQUENCY, DEFAULT_REFRESH_FREQUENCY);
long oldFreq = DEFAULT_REFRESH_FREQ;
@@ -233,17 +237,24 @@ public class ConfigUpdateHandler extends FormHandler {
oldKeys = oldKeys.replace("\r\n", ",");
if (!_trustedKeys.equals(oldKeys)) {
// note that keys are not validated here and no console error message will be generated
changes.put(PROP_TRUSTED_KEYS, _trustedKeys);
addFormNotice(_("Updating trusted keys."));
if (isAdvanced()) {
changes.put(PROP_TRUSTED_KEYS, _trustedKeys);
addFormNotice(_("Updating trusted keys."));
} else {
addFormError("Changing trusted keys disabled");
}
}
}
if ( (_zipURL != null) && (_zipURL.length() > 0) ) {
String oldURL = _context.router().getConfigSetting(PROP_ZIP_URL);
if ( (oldURL == null) || (!_zipURL.equals(oldURL)) ) {
//changes.put(PROP_ZIP_URL, _zipURL);
//addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
addFormError("Changing unsigned update URL disabled");
if (isAdvanced()) {
changes.put(PROP_ZIP_URL, _zipURL);
addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
} else {
addFormError("Changing unsigned update URL disabled");
}
}
}

31
apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
View File

@@ -51,8 +51,8 @@ public abstract class FormHandler {
}
}
public void setNonce(String val) { _nonce = DataHelper.stripHTML(val); }
public void setAction(String val) { _action = DataHelper.stripHTML(val); }
public void setNonce(String val) { _nonce = val == null ? null : DataHelper.stripHTML(val); }
public void setAction(String val) { _action = val == null ? null : DataHelper.stripHTML(val); }
/**
* For many forms, it's easiest just to put all the parameters here.
@@ -61,6 +61,14 @@ public abstract class FormHandler {
*/
public void setSettings(Map settings) { _settings = new HashMap(settings); }
/**
* Same as HelperBase
* @since 0.9.14.1
*/
public boolean isAdvanced() {
return _context.getBooleanProperty(HelperBase.PROP_ADVANCED);
}
/**
* setSettings() must have been called previously
* Curses Jetty for returning arrays.
@@ -102,16 +110,31 @@ public abstract class FormHandler {
/**
* Add an error message to display
* Use if it does not include a link.
* Escapes '<' and '>' before queueing
*/
protected void addFormError(String errorMsg) {
if (errorMsg == null) return;
_errors.add(errorMsg);
_errors.add(DataHelper.escapeHTML(errorMsg));
}
/**
* Add a non-error message to display
* Use if it does not include a link.
* Escapes '<' and '>' before queueing
*/
protected void addFormNotice(String msg) {
if (msg == null) return;
_notices.add(DataHelper.escapeHTML(msg));
}
/**
* Add a non-error message to display
* Use if it includes a link or other formatting.
* Does not escape '<' and '>' before queueing
* @since 0.9.14.1
*/
protected void addFormNoticeNoEscape(String msg) {
if (msg == null) return;
_notices.add(msg);
}
@@ -180,7 +203,7 @@ public abstract class FormHandler {
}
// To prevent actions with GET, jsps must call storeMethod()
if (_method != null && !"POST".equals(_method)) {
addFormError("Invalid form submission, requires POST not " + _method);
addFormError("Invalid form submission, requires POST");
_valid = false;
return;
}

8
apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java
View File

@@ -818,19 +818,19 @@ public class SummaryHelper extends HelperBase {
/* below here is stuff we need to get from summarynoframe.jsp to SummaryBarRenderer */
private String _action;
public void setAction(String s) { _action = DataHelper.stripHTML(s); }
public void setAction(String s) { _action = s == null ? null : DataHelper.stripHTML(s); }
public String getAction() { return _action; }
private String _consoleNonce;
public void setConsoleNonce(String s) { _consoleNonce = DataHelper.stripHTML(s); }
public void setConsoleNonce(String s) { _consoleNonce = s == null ? null : DataHelper.stripHTML(s); }
public String getConsoleNonce() { return _consoleNonce; }
private String _updateNonce;
public void setUpdateNonce(String s) { _updateNonce = DataHelper.stripHTML(s); }
public void setUpdateNonce(String s) { _updateNonce = s == null ? null : DataHelper.stripHTML(s); }
public String getUpdateNonce() { return _updateNonce; }
private String _requestURI;
public void setRequestURI(String s) { _requestURI = DataHelper.stripHTML(s); }
public void setRequestURI(String s) { _requestURI = s == null ? null : DataHelper.stripHTML(s); }
/**
* @return non-null; "/home" if (strangely) not set by jsp