-
- Downloads
standardized the spoof prevention:
- set the nonce and noncePrev for the handler when rendering the form - include the current nonce in the hidden parameter "nonce" - include an "action" parameter (so we know we want to execute something and hence, validate the nonce, rather than just display the page) - if the nonce submitted doesnt match what is set in the nonce or noncePrev when validating, its invalid. refuse to process
Showing
- apps/routerconsole/java/src/net/i2p/router/web/ConfigServiceHandler.java 2 additions, 19 deletions...ole/java/src/net/i2p/router/web/ConfigServiceHandler.java
- apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java 42 additions, 1 deletion...outerconsole/java/src/net/i2p/router/web/FormHandler.java
- apps/routerconsole/jsp/config.jsp 6 additions, 0 deletionsapps/routerconsole/jsp/config.jsp
- apps/routerconsole/jsp/configadvanced.jsp 5 additions, 0 deletionsapps/routerconsole/jsp/configadvanced.jsp
- apps/routerconsole/jsp/configclients.jsp 5 additions, 0 deletionsapps/routerconsole/jsp/configclients.jsp
- apps/routerconsole/jsp/configlogging.jsp 5 additions, 0 deletionsapps/routerconsole/jsp/configlogging.jsp
Loading
Please register or sign in to comment