2012-10-20 20:52:45 +00:00
|
|
|
<%
|
|
|
|
|
/*
|
|
|
|
|
* Does the standard setup for all form handlers, then
|
|
|
|
|
* displays the message box (which drives the form processing).
|
|
|
|
|
*
|
|
|
|
|
* Included ~15 times, keep whitespace to a minimum
|
|
|
|
|
*
|
|
|
|
|
* Include this directly after the line:
|
2017-12-01 14:07:29 +00:00
|
|
|
* <jsp:useBean class="net.i2p.router.web.helpers.xxxHandler" id="formhandler" scope="request" />
|
2012-10-20 20:52:45 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// This initializes the RouterContext - must be the first thing
|
2018-07-28 19:03:01 +00:00
|
|
|
// i2pcontextId set in css.jsi
|
|
|
|
|
formhandler.setContextId(i2pcontextId);
|
2012-10-20 20:52:45 +00:00
|
|
|
|
|
|
|
|
// Prevents any saves via GET
|
|
|
|
|
formhandler.storeMethod(request.getMethod());
|
|
|
|
|
|
2012-10-20 21:28:17 +00:00
|
|
|
// Store the nonces for verification
|
2012-10-20 22:52:11 +00:00
|
|
|
String klass = formhandler.getClass().getName();
|
2012-10-20 21:28:17 +00:00
|
|
|
String nonceAttr1 = klass + ".nonce";
|
|
|
|
|
String nonceAttr2 = nonceAttr1 + "Prev";
|
2013-01-29 13:48:00 +00:00
|
|
|
String nonce1 = null;
|
|
|
|
|
try {
|
|
|
|
|
// Jetty doesn't seem to ISE here...
|
|
|
|
|
nonce1 = (String) session.getAttribute(nonceAttr1);
|
|
|
|
|
String nonce2 = (String) session.getAttribute(nonceAttr2);
|
|
|
|
|
formhandler.storeNonces(nonce1, nonce2);
|
|
|
|
|
} catch (IllegalStateException ise) {
|
|
|
|
|
// nonce1 will be null, removed in setAttibute below
|
|
|
|
|
}
|
2012-10-20 21:28:17 +00:00
|
|
|
|
2012-10-20 20:52:45 +00:00
|
|
|
|
2015-03-20 12:30:04 +00:00
|
|
|
String contentType = request.getContentType();
|
|
|
|
|
if (contentType != null && contentType.toLowerCase(java.util.Locale.US).startsWith( "multipart/form-data")) {
|
|
|
|
|
// For multipart/form-data, we must decode things enough to get the action and nonce
|
|
|
|
|
// so FormHandler will validate.
|
|
|
|
|
// The handler must get everything else through the wrapper. No other properties will be set.
|
|
|
|
|
// All parameters other than nonce and action must be retrieved through the wrapper.
|
|
|
|
|
// Warning, parameters are NOT XSS filtered.
|
|
|
|
|
net.i2p.servlet.RequestWrapper requestWrapper = new net.i2p.servlet.RequestWrapper(request);
|
|
|
|
|
String action = requestWrapper.getParameter("action");
|
|
|
|
|
if (action != null)
|
|
|
|
|
formhandler.setAction(action);
|
|
|
|
|
String nonce = requestWrapper.getParameter("nonce");
|
|
|
|
|
if (nonce != null)
|
|
|
|
|
formhandler.setNonce(nonce);
|
|
|
|
|
formhandler.setRequestWrapper(requestWrapper);
|
|
|
|
|
} else {
|
|
|
|
|
// Put all the params in the map, some handlers use this instead of individual setters
|
|
|
|
|
// We also call all of the setters below.
|
|
|
|
|
formhandler.setSettings(request.getParameterMap());
|
2018-11-15 14:24:46 +00:00
|
|
|
%><jsp:setProperty name="formhandler" property="*" /><%
|
2015-03-20 12:30:04 +00:00
|
|
|
}
|
2018-11-15 14:24:46 +00:00
|
|
|
%><jsp:getProperty name="formhandler" property="allMessages" /><%
|
2012-10-20 20:52:45 +00:00
|
|
|
|
|
|
|
|
// Only call this once per page, do not getProperty("newNonce") elsewhere,
|
|
|
|
|
// use the variable instead.
|
|
|
|
|
// This shuffles down the nonces, so it must be after getAllMessages() above,
|
|
|
|
|
// since it does the form validation.
|
|
|
|
|
String pageNonce = formhandler.getNewNonce();
|
2013-01-29 13:48:00 +00:00
|
|
|
try {
|
|
|
|
|
// Jetty waits to ISE until here....
|
|
|
|
|
session.setAttribute(nonceAttr2, nonce1);
|
|
|
|
|
session.setAttribute(nonceAttr1, pageNonce);
|
|
|
|
|
} catch (IllegalStateException ise) {}
|
2012-10-20 20:52:45 +00:00
|
|
|
|
|
|
|
|
%>
|
