diff --git a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
index 2bc68376aa5464709af05bf54f0232b020cebb9a..564399957e4e2357ed28973af4e8a0c37086167e 100644
--- a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
+++ b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
@@ -387,13 +387,12 @@ public class I2PSnarkServlet extends BasicServlet {
out.write("</div>\n");
if (!isConfigure) {
- String search = req.getParameter("s");
+ String search = req.getParameter("nf_s");
if (_manager.getTorrents().size() > 1 || (search != null && search.length() > 0)) {
out.write("<form class=\"search\" id = \"search\" action=\"" + _contextPath + "\" method=\"GET\">" +
- "<input type=\"text\" name=\"s\" size=\"20\" class=\"search\" id=\"searchbox\"");
- String s = req.getParameter("s");
- if (s != null)
- out.write(" value=\"" + DataHelper.escapeHTML(s) + '"');
+ "<input type=\"text\" name=\"nf_s\" size=\"20\" class=\"search\" id=\"searchbox\"");
+ if (search != null)
+ out.write(" value=\"" + DataHelper.escapeHTML(search) + '"');
out.write(">" +
"<input type=\"reset\" class=\"cancel\" id=\"searchcancel\" value=\"\">" +
"</form>\n");
@@ -507,7 +506,7 @@ public class I2PSnarkServlet extends BasicServlet {
// search
boolean isSearch = false;
- String search = req.getParameter("s");
+ String search = req.getParameter("nf_s");
if (search != null && search.length() > 0) {
List<Snark> matches = search(search, snarks);
if (matches != null) {
@@ -851,12 +850,17 @@ public class I2PSnarkServlet extends BasicServlet {
/**
* search torrents for matching terms
*
- * @param search non-null
- * @param snarks unmodified
- * @return null if no valid search, or matching torrents in same order
+ * @param search non-null and %-encoded, will be decoded here
+ * @param snarks unmodified, order will be honored
+ * @return null if not a valid search, or matching torrents in same order, possibly empty
* @since 0.9.58
*/
private static List<Snark> search(String search, Collection<Snark> snarks) {
+ try {
+ search = decodePath(search);
+ } catch (IOException ioe) {
+ return null;
+ }
List<String> searchList = null;
String[] terms = DataHelper.split(search, " ");
for (int i = 0; i < terms.length; i++) {
@@ -927,7 +931,7 @@ public class I2PSnarkServlet extends BasicServlet {
.append(action).append("\" >\n");
} else {
// for buttons, keep the search term
- String sParam = req.getParameter("s");
+ String sParam = req.getParameter("nf_s");
if (sParam != null) {
buf.append("<input type=\"hidden\" name=\"s\" value=\"")
.append(DataHelper.escapeHTML(sParam)).append("\" >\n");
@@ -987,15 +991,15 @@ public class I2PSnarkServlet extends BasicServlet {
buf.append(st);
}
if (s == null) {
- s = req.getParameter("s");
+ s = req.getParameter("nf_s");
if (s != null)
s = DataHelper.escapeHTML(s);
}
if (s != null && !s.equals("")) {
if (buf.length() <= 0)
- buf.append("?s=");
+ buf.append("?nf_s=");
else
- buf.append("&s=");
+ buf.append("&nf_s=");
buf.append(s);
}
return buf.toString();
@@ -1555,7 +1559,7 @@ public class I2PSnarkServlet extends BasicServlet {
_manager.addMessage(_t("Error creating torrent - you must enter a file or directory"));
}
} else if ("StopAll".equals(action)) {
- String search = req.getParameter("s");
+ String search = req.getParameter("nf_s");
if (search != null && search.length() > 0) {
List<Snark> matches = search(search, _manager.getTorrents());
if (matches != null) {
@@ -1567,7 +1571,7 @@ public class I2PSnarkServlet extends BasicServlet {
}
_manager.stopAllTorrents(false);
} else if ("StartAll".equals(action)) {
- String search = req.getParameter("s");
+ String search = req.getParameter("nf_s");
if (search != null && search.length() > 0) {
List<Snark> matches = search(search, _manager.getTorrents());
if (matches != null) {
diff --git a/apps/i2psnark/resources/js/initajax.js b/apps/i2psnark/resources/js/initajax.js
index 87de15cd3683c72b248f5524ce1920024c6aae42..7697b0086e02dc13f51c739f42a3450e2f105033 100644
--- a/apps/i2psnark/resources/js/initajax.js
+++ b/apps/i2psnark/resources/js/initajax.js
@@ -29,12 +29,12 @@ function requestAjax2(refreshtime) {
query = "";
}
var q = new URLSearchParams(query);
- q.set("s", search);
+ q.set("nf_s", encodeURIComponent(search));
query = "?" + q.toString();
} else {
if (query != null) {
var q = new URLSearchParams(query);
- q.delete("s");
+ q.delete("nf_s");
var newq = q.toString();
if (newq != null && newq.length > 0) {
query = "?" + newq;
diff --git a/apps/i2psnark/resources/themes/dark/snark.css b/apps/i2psnark/resources/themes/dark/snark.css
index ff10571f7f3e4c5070f238ba1bad6e212ed6669b..f392273d97dd32e718cca600a4ee1d821e6a6bf0 100644
--- a/apps/i2psnark/resources/themes/dark/snark.css
+++ b/apps/i2psnark/resources/themes/dark/snark.css
@@ -224,6 +224,27 @@ _:-ms-lang(x), .snarknavbar {
margin-top: 0 !important;
}
+#search {
+ display: inline-block;
+ position: absolute;
+ top: 6px;
+ right: 3px;
+}
+
+#searchbox {
+ background: #f60 url(/themes/console/images/buttons/search.png) 7px center no-repeat !important;
+ margin: 2px 4px 2px 24px !important;
+ padding: 4px 32px 4px 32px !important;
+ color: black;
+}
+
+#searchcancel {
+ background: url(images/cancel.png);
+ margin: 2px 4px 2px -28px;
+ color: transparent;
+ border: none;
+}
+
/* end topnav */
/* screenlog */
diff --git a/apps/i2psnark/resources/themes/light/snark.css b/apps/i2psnark/resources/themes/light/snark.css
index c3e3391f06d41e2cc1f0eceb33b4678e0d77178c..18134c4146da76fd04e5fc80fedb6a03c62530d3 100644
--- a/apps/i2psnark/resources/themes/light/snark.css
+++ b/apps/i2psnark/resources/themes/light/snark.css
@@ -229,6 +229,27 @@ button::-moz-focus-inner, input::-moz-focus-inner {
background: #f60 url(images/button_tracker_active.png) 8px center no-repeat;
}
+#search {
+ display: inline-block;
+ position: absolute;
+ top: 6px;
+ right: 3px;
+}
+
+#searchbox {
+ background: #f60 url(/themes/console/images/buttons/search.png) 7px center no-repeat !important;
+ margin: 2px 4px 2px 24px !important;
+ padding: 4px 32px 4px 32px !important;
+ color: black;
+}
+
+#searchcancel {
+ background: url(images/cancel.png);
+ margin: 2px 4px 2px -28px;
+ color: transparent;
+ border: none;
+}
+
/* end top nav */
/* screenlog */
diff --git a/apps/i2psnark/resources/themes/ubergine/snark.css b/apps/i2psnark/resources/themes/ubergine/snark.css
index 6394cecea2af260b8d96497ce6976d01a8dabc42..e3afeb55d5a32536b244b8c5efc3ab23519c019d 100644
--- a/apps/i2psnark/resources/themes/ubergine/snark.css
+++ b/apps/i2psnark/resources/themes/ubergine/snark.css
@@ -231,7 +231,6 @@ _:-ms-lang(x), .snarkNav:last-child[href="/i2psnark/"] {
#search {
display: inline-block;
- float: right;
position: absolute;
top: 6px;
right: 3px;
diff --git a/apps/i2psnark/resources/themes/vanilla/snark.css b/apps/i2psnark/resources/themes/vanilla/snark.css
index a119bc1001305aa12ffa846157b3fcc233833cc4..1a70c5cac736040ec67d3fe65d40838d0884f34c 100644
--- a/apps/i2psnark/resources/themes/vanilla/snark.css
+++ b/apps/i2psnark/resources/themes/vanilla/snark.css
@@ -272,6 +272,27 @@ _:-ms-lang(x), .snarkNav:link, .snarkNav:visited {
transition: ease box-shadow 0.1s;
}
+#search {
+ display: inline-block;
+ position: absolute;
+ top: 6px;
+ right: 3px;
+}
+
+#searchbox {
+ background: #f60 url(/themes/console/images/buttons/search.png) 7px center no-repeat !important;
+ margin: 2px 4px 2px 24px !important;
+ padding: 4px 32px 4px 32px !important;
+ color: black;
+}
+
+#searchcancel {
+ background: url(images/cancel.png);
+ margin: 2px 4px 2px -28px;
+ color: transparent;
+ border: none;
+}
+
/* end topnav */
/* screenlog */
diff --git a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
index b24c3d324f6688256f3a797ea906b489ff3a7698..163505906c65a9f8712cf3b96662af96df18af5e 100644
--- a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
+++ b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
@@ -26,6 +26,8 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
private static final Pattern parameterValuePattern = Pattern.compile(SystemVersion.isWindows() ? WIN_PATTERN : NON_WIN_PATTERN);
private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ \"]*$");
private static final String NOFILTER = "nofilter_";
+ // shorter flavor
+ private static final String NOFILTER2 = "nf_";
public XSSRequestWrapper(HttpServletRequest servletRequest) {
super(servletRequest);
@@ -33,11 +35,12 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
/**
* Parameter names starting with "nofilter_" will not be filtered.
+ * As of 0.9.58, names starting with "nf_" will not be filtered.
*/
@Override
public String[] getParameterValues(String parameter) {
String[] values = super.getParameterValues(parameter);
- if (parameter.startsWith(NOFILTER))
+ if (parameter.startsWith(NOFILTER) || parameter.startsWith(NOFILTER2))
return values;
if (values == null) {
@@ -70,11 +73,12 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
/**
* Parameter names starting with "nofilter_" will not be filtered.
+ * As of 0.9.58, names starting with "nf_" will not be filtered.
*/
@Override
public String getParameter(String parameter) {
String value = super.getParameter(parameter);
- if (parameter.startsWith(NOFILTER))
+ if (parameter.startsWith(NOFILTER) || parameter.startsWith(NOFILTER2))
return value;
String rv = stripXSS(value, parameterValuePattern);
if (value != null && rv == null) {
@@ -86,6 +90,7 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
/**
* Parameter names starting with "nofilter_" will not be filtered.
+ * As of 0.9.58, names starting with "nf_" will not be filtered.
*/
@Override
public Map<String, String[]> getParameterMap() {