From 081f1865a87d1569c28ac389f6a63e4bd045a29b Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Wed, 13 May 2015 12:04:28 +0000
Subject: [PATCH] Console: Fix URLs caught in XSS filter on /confighome (ticket
#1569) Fix name and URL escaping Truncate long URLs in display
---
.../net/i2p/router/web/ConfigHomeHandler.java | 11 ++++++----
.../src/net/i2p/router/web/HomeHelper.java | 22 ++++++++++++-------
2 files changed, 21 insertions(+), 12 deletions(-)
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java
index 16bccdfafd..5e426988e7 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java
@@ -58,18 +58,21 @@ public class ConfigHomeHandler extends FormHandler {
else
apps = HomeHelper.buildApps(_context, config);
if (adding) {
- String name = getJettyString("name");
+ String name = getJettyString("nofilter_name");
if (name == null || name.length() <= 0) {
addFormError(_("No name entered"));
return;
}
- String url = getJettyString("url");
+ String url = getJettyString("nofilter_url");
if (url == null || url.length() <= 0) {
addFormError(_("No URL entered"));
return;
}
- name = DataHelper.escapeHTML(name).replace(",", ","); // HomeHelper.S
- url = DataHelper.escapeHTML(url).replace(",", ",");
+ // these would get double-escaped so we can't do it this way...
+ //name = DataHelper.escapeHTML(name).replace(",", ",");
+ //url = DataHelper.escapeHTML(url).replace(",", ",");
+ name = name.replace(",", ".");
+ url = url.replace(",", "."); // fail
HomeHelper.App app = null;
if ("1".equals(group))
app = new HomeHelper.App(name, "", url, "/themes/console/images/eepsite.png");
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/HomeHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/HomeHelper.java
index 1569ebc9bb..114441e5c1 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/HomeHelper.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/HomeHelper.java
@@ -7,6 +7,7 @@ import java.util.List;
import java.util.Set;
import java.util.TreeSet;
+import net.i2p.data.DataHelper;
import net.i2p.router.RouterContext;
import net.i2p.util.PortMapper;
@@ -209,17 +210,22 @@ public class HomeHelper extends HelperBase {
buf.append("<img height=\"16\" alt=\"\" src=\"").append(app.icon).append("\">");
}
buf.append("</td><td align=\"left\">")
- .append(app.name)
- .append("</td><td align=\"left\"><a href=\"")
- .append(app.url.replace("&", "&"))
- .append("\">")
- .append(app.url.replace("&", "&"))
- .append("</a></td></tr>\n");
+ .append(DataHelper.escapeHTML(app.name))
+ .append("</td><td align=\"left\"><a href=\"");
+ String url = DataHelper.escapeHTML(app.url);
+ buf.append(url)
+ .append("\">");
+ // truncate before escaping
+ if (app.url.length() > 50)
+ buf.append(DataHelper.escapeHTML(app.url.substring(0, 48))).append("…");
+ else
+ buf.append(url);
+ buf.append("</a></td></tr>\n");
}
buf.append("<tr><td colspan=\"2\" align=\"center\"><b>")
.append(_("Add")).append(":</b>" +
- "</td><td align=\"left\"><input type=\"text\" name=\"name\"></td>" +
- "<td align=\"left\"><input type=\"text\" size=\"40\" name=\"url\"></td></tr>");
+ "</td><td align=\"left\"><input type=\"text\" name=\"nofilter_name\"></td>" +
+ "<td align=\"left\"><input type=\"text\" size=\"40\" name=\"nofilter_url\"></td></tr>");
buf.append("</table>\n");
return buf.toString();
}
--
GitLab