From 68814e31e7fb477e08afcc9fca41d7c258cf7498 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sat, 20 Oct 2012 21:28:17 +0000
Subject: [PATCH] * Console: - Store form handler nonces in the servlet
session instead of system properties, to prevent cross-session
interference
---
.../src/net/i2p/router/web/FormHandler.java | 25 +++++++++----------
apps/routerconsole/jsp/formhandler.jsi | 10 ++++++++
2 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
index 4cd8f8d232..ae8990662f 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
@@ -21,15 +21,13 @@ public class FormHandler {
protected RouterContext _context;
protected Log _log;
protected Map _settings;
- private String _nonce;
+ private String _nonce, _nonce1, _nonce2;
protected String _action;
protected String _method;
private final List<String> _errors;
private final List<String> _notices;
private boolean _processed;
private boolean _valid;
- private static final String NONCE_SUFFIX = ".nonce";
- private static final String PREV_SUFFIX = "Prev";
public FormHandler() {
_errors = new ArrayList();
@@ -84,6 +82,15 @@ public class FormHandler {
* @since 0.8.2
*/
public void storeMethod(String val) { _method = val; }
+
+ /**
+ * The old nonces from the session
+ * @since 0.9.4
+ */
+ public void storeNonces(String n1, String n2) {
+ _nonce1 = n1;
+ _nonce2 = n2;
+ }
/**
* Override this to perform the final processing (in turn, adding formNotice
@@ -187,10 +194,7 @@ public class FormHandler {
return;
}
- String nonce = System.getProperty(getClass().getName() + NONCE_SUFFIX);
- String noncePrev = nonce + PREV_SUFFIX;
- if ( ( (nonce == null) || (!_nonce.equals(nonce)) ) &&
- ( (noncePrev == null) || (!_nonce.equals(noncePrev)) ) ) {
+ if (!_nonce.equals(_nonce1) && !_nonce.equals(_nonce2)) {
addFormError(_("Invalid form submission, probably because you used the 'back' or 'reload' button on your browser. Please resubmit."));
_valid = false;
}
@@ -221,18 +225,13 @@ public class FormHandler {
}
/**
- * Generate a new nonce, store old and new in the system properties.
+ * Generate a new nonce.
* Only call once per page!
* @return a new random long as a String
* @since 0.8.5
*/
public String getNewNonce() {
- String prop = getClass().getName() + NONCE_SUFFIX;
- String prev = System.getProperty(prop);
- if (prev != null)
- System.setProperty(prop + PREV_SUFFIX, prev);
String rv = Long.toString(_context.random().nextLong());
- System.setProperty(prop, rv);
return rv;
}
diff --git a/apps/routerconsole/jsp/formhandler.jsi b/apps/routerconsole/jsp/formhandler.jsi
index a773dda8d5..99dfbb7cfb 100644
--- a/apps/routerconsole/jsp/formhandler.jsi
+++ b/apps/routerconsole/jsp/formhandler.jsi
@@ -15,6 +15,14 @@
// Prevents any saves via GET
formhandler.storeMethod(request.getMethod());
+ // Store the nonces for verification
+ String klass = getClass().getName();
+ String nonceAttr1 = klass + ".nonce";
+ String nonceAttr2 = nonceAttr1 + "Prev";
+ String nonce1 = (String) session.getAttribute(nonceAttr1);
+ String nonce2 = (String) session.getAttribute(nonceAttr2);
+ formhandler.storeNonces(nonce1, nonce2);
+
// Put all the params in the map, some handlers use this instead of individual setters
// We also call all of the setters below.
formhandler.setSettings(request.getParameterMap());
@@ -29,5 +37,7 @@
// This shuffles down the nonces, so it must be after getAllMessages() above,
// since it does the form validation.
String pageNonce = formhandler.getNewNonce();
+ session.setAttribute(nonceAttr2, nonce1);
+ session.setAttribute(nonceAttr1, pageNonce);
%>
--
GitLab