From 1e8c968bd66edb5f51016d44d554f5fa37ad2eec Mon Sep 17 00:00:00 2001
From: str4d <str4d@mail.i2p>
Date: Tue, 17 Jan 2012 00:56:49 +0000
Subject: [PATCH] Fix for #588 - HTML escape and unescape descriptions on
configclients page
---
.../i2p/router/web/ConfigClientsHandler.java | 22 ++++++++++++++--
.../i2p/router/web/ConfigClientsHelper.java | 25 +++++++++++++++++--
2 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
index eb28a4b90e..90be37ad2e 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java
@@ -165,7 +165,7 @@ public class ConfigClientsHandler extends FormHandler {
if (! ("webConsole".equals(ca.clientName) || "Web console".equals(ca.clientName)))
ca.disabled = val == null;
// edit of an existing entry
- String desc = getJettyString("desc" + cur);
+ String desc = unescapeHTML(getJettyString("desc" + cur));
if (desc != null) {
int spc = desc.indexOf(" ");
String clss = desc;
@@ -181,7 +181,7 @@ public class ConfigClientsHandler extends FormHandler {
}
int newClient = clients.size();
- String newDesc = getJettyString("desc" + newClient);
+ String newDesc = unescapeHTML(getJettyString("desc" + newClient));
if (newDesc != null && newDesc.trim().length() > 0) {
// new entry
int spc = newDesc.indexOf(" ");
@@ -399,4 +399,22 @@ public class ConfigClientsHandler extends FormHandler {
_context.router().saveConfig();
addFormNotice(_("Interface configuration saved successfully - restart required to take effect."));
}
+
+ /**
+ * Unescapes a string taken from HTML
+ */
+ private String unescapeHTML(String escaped) {
+ Map<String, String> map = new HashMap<String, String>();
+ map.put(""","\"");
+ map.put("&","&");
+ map.put("<","<");
+ map.put(">",">");
+ String unescaped = escaped;
+ for (Map.Entry<String, String> entry : map.entrySet()) {
+ String k = entry.getKey();
+ String v = entry.getValue();
+ unescaped = unescaped.replaceAll(k, v);
+ }
+ return unescaped;
+ }
}
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java
index 0f2c768593..e7033d3682 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java
@@ -3,8 +3,10 @@ package net.i2p.router.web;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
@@ -234,6 +236,7 @@ public class ConfigClientsHelper extends HelperBase {
boolean enabled, boolean ro, String desc, boolean edit,
boolean showEditButton, boolean showUpdateButton, boolean showStopButton,
boolean showDeleteButton, boolean showStartButton) {
+ String escapeddesc = escapeHTML(desc);
buf.append("<tr><td class=\"mediumtags\" align=\"right\" width=\"25%\">");
if (urlify && enabled) {
String link = "/";
@@ -279,10 +282,10 @@ public class ConfigClientsHelper extends HelperBase {
buf.append("</td><td align=\"left\" width=\"50%\">");
if (edit && !ro) {
buf.append("<input type=\"text\" size=\"80\" name=\"desc").append(index).append("\" value=\"");
- buf.append(desc);
+ buf.append(escapeddesc);
buf.append("\" >");
} else {
- buf.append(desc);
+ buf.append(escapeddesc);
}
buf.append("</td></tr>\n");
}
@@ -298,4 +301,22 @@ public class ConfigClientsHelper extends HelperBase {
String rv = t1.replace('>', ' ');
return rv;
}
+
+ /**
+ * Escapes a string for inclusion in HTML
+ */
+ private String escapeHTML(String unescaped) {
+ Map<String, String> map = new HashMap<String, String>();
+ map.put("\"",""");
+ map.put("&","&");
+ map.put("<","<");
+ map.put(">",">");
+ String escaped = unescaped;
+ for (Map.Entry<String, String> entry : map.entrySet()) {
+ String k = entry.getKey();
+ String v = entry.getValue();
+ escaped = escaped.replaceAll(k, v);
+ }
+ return escaped;
+ }
}
--
GitLab