From f0dd09cf9c2fef98950cbe636d0f1f9a098a3faf Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sat, 26 Jul 2014 12:18:35 +0000
Subject: [PATCH] filter logging

---
 .../i2p/servlet/filters/XSSRequestWrapper.java | 18 +++++++++++++++---
 .../java/src/net/i2p/router/RouterVersion.java |  2 +-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
index c15c94b849..93228079bd 100644
--- a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
+++ b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
@@ -7,6 +7,9 @@ import javax.servlet.http.HttpServletRequestWrapper;
 
 //import org.owasp.esapi.ESAPI;
 
+import net.i2p.I2PAppContext;
+import net.i2p.util.Log;
+
 public class XSSRequestWrapper extends HttpServletRequestWrapper {
     // Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
     private static Pattern parameterValuePattern = Pattern.compile("^[a-zA-Z0-9.,:\\-\\/+=@_ \r\n]*$");
@@ -36,14 +39,23 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
     @Override
     public String getParameter(String parameter) {
         String value = super.getParameter(parameter);
-
-        return stripXSS(value, parameterValuePattern);
+        String rv = stripXSS(value, parameterValuePattern);
+        if (value != null && rv == null) {
+            Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
+            log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped param \"" + parameter + "\" : \"" + value + '"');
+        }
+        return rv;
     }
 
     @Override
     public String getHeader(String name) {
         String value = super.getHeader(name);
-        return stripXSS(value, headerValuePattern);
+        String rv = stripXSS(value, headerValuePattern);
+        if (value != null && rv == null) {
+            Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
+            log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped header \"" + name + "\" : \"" + value + '"');
+        }
+        return rv;
     }
 
     private String stripXSS(String value, Pattern whitelistPattern) {
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index 601535dbe6..a85b0c8aa2 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 21;
+    public final static long BUILD = 22;
 
     /** for example "-test" */
     public final static String EXTRA = "-rc";
-- 
GitLab