zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Console:

Browse Source 
- Fix update buttons
   - Don't filter parameter names starting with "nofilter_"
   - Re-allow configadvanced, news URL, and unsigned update URL if routerconsole.advanced=true
   - Re-allow plugin install if routerconsole.advanced=true or routerconsole.enablePluginInstall=true
   - Only allow whitelisted plugin signers, unless routerconsole.allowUntrustedPlugins=true
   - Re-allow clients.config changes if routerconsole.advanced=true or routerconsole.enableClientChange=true
   - More escaping
 * i2psnark: Fix add torrent form
This commit is contained in:
zzz
2014-08-03 13:58:51 +00:00
parent bf9c4b2346
commit b28eb708a4
26 changed files with 289 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java
View File

@@ -57,7 +57,8 @@ public class CSSHelper extends HelperBase {
*/
public void setLang(String lang) {
// Protected with nonce in css.jsi
if (lang != null && lang.length() > 0 && lang.length() <= 6) {
if (lang != null && lang.length() >= 2 && lang.length() <= 6 &&
lang.replaceAll("[a-zA-Z_]", "").length() == 0) {
Map m = new HashMap(2);
int under = lang.indexOf('_');
if (under < 0) {