echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Susimail escaping from psi plus some more

Browse Source
This commit is contained in:
zzz
2014-07-26 16:50:58 +00:00
parent 6753d23309
commit 1603353ae8
5 changed files with 56 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/susimail/src/src/i2p/susi/webmail/Mail.java
View File

@ -283,14 +283,14 @@ class Mail {
Encoding html = EncodingFactory.getEncoding( "HTML" );
if( html == null ) {
error += "HTML encoder not found.<br>";
error += "HTML encoder not found.\n";
ok = false;
}
Encoding hl = EncodingFactory.getEncoding( "HEADERLINE" );
if( hl == null ) {
error += "Header line encoder not found.<br>";
error += "Header line encoder not found.\n";
ok = false;
}
@ -369,7 +369,7 @@ class Mail {
}
}
catch( Exception e ) {
error += "Error parsing mail header: " + e.getClass().getName() + "<br>";
error += "Error parsing mail header: " + e.getClass().getName() + '\n';
}
}
}

80
apps/susimail/src/src/i2p/susi/webmail/WebMail.java
View File

@ -677,7 +677,7 @@ public class WebMail extends HttpServlet
static String quoteHTML( String line )
{
if( line != null )
line = line.replace("&", "&amp;").replace( "<", "&lt;" ).replace( ">", "&gt;" );
line = DataHelper.escapeHTML(line);
else
line = "";
return line;
@ -710,52 +710,52 @@ public class WebMail extends HttpServlet
if (buttonPressed(request, LOGIN) || offline) {
if( user == null || user.length() == 0 ) {
sessionObject.error += _("Need username for authentication.") + "<br>";
sessionObject.error += _("Need username for authentication.") + '\n';
doContinue = false;
}
if( pass == null || pass.length() == 0 ) {
sessionObject.error += _("Need password for authentication.") + "<br>";
sessionObject.error += _("Need password for authentication.") + '\n';
doContinue = false;
}
if( host == null || host.length() == 0 ) {
sessionObject.error += _("Need hostname for connect.") + "<br>";
sessionObject.error += _("Need hostname for connect.") + '\n';
doContinue = false;
}
int pop3PortNo = 0;
if( pop3Port == null || pop3Port.length() == 0 ) {
sessionObject.error += _("Need port number for pop3 connect.") + "<br>";
sessionObject.error += _("Need port number for pop3 connect.") + '\n';
doContinue = false;
}
else {
try {
pop3PortNo = Integer.parseInt( pop3Port );
if( pop3PortNo < 0 || pop3PortNo > 65535 ) {
sessionObject.error += _("POP3 port number is not in range 0..65535.") + "<br>";
sessionObject.error += _("POP3 port number is not in range 0..65535.") + '\n';
doContinue = false;
}
}
catch( NumberFormatException nfe )
{
sessionObject.error += _("POP3 port number is invalid.") + "<br>";
sessionObject.error += _("POP3 port number is invalid.") + '\n';
doContinue = false;
}
}
int smtpPortNo = 0;
if( smtpPort == null || smtpPort.length() == 0 ) {
sessionObject.error += _("Need port number for smtp connect.") + "<br>";
sessionObject.error += _("Need port number for smtp connect.") + '\n';
doContinue = false;
}
else {
try {
smtpPortNo = Integer.parseInt( smtpPort );
if( smtpPortNo < 0 || smtpPortNo > 65535 ) {
sessionObject.error += _("SMTP port number is not in range 0..65535.") + "<br>";
sessionObject.error += _("SMTP port number is not in range 0..65535.") + '\n';
doContinue = false;
}
}
catch( NumberFormatException nfe )
{
sessionObject.error += _("SMTP port number is invalid.") + "<br>";
sessionObject.error += _("SMTP port number is invalid.") + '\n';
doContinue = false;
}
}
@ -829,10 +829,10 @@ public class WebMail extends HttpServlet
sessionObject.mailbox = null;
sessionObject.mailCache = null;
}
sessionObject.info += _("User logged out.") + "<br>";
sessionObject.info += _("User logged out.") + '\n';
sessionObject.state = STATE_AUTH;
} else if( sessionObject.mailbox == null ) {
sessionObject.error += _("Internal error, lost connection.") + "<br>";
sessionObject.error += _("Internal error, lost connection.") + '\n';
sessionObject.state = STATE_AUTH;
}
}
@ -1065,7 +1065,7 @@ public class WebMail extends HttpServlet
sessionObject.state = STATE_NEW;
}
else {
sessionObject.error += _("Could not fetch mail body.") + "<br>";
sessionObject.error += _("Could not fetch mail body.") + '\n';
}
}
}
@ -1095,7 +1095,7 @@ public class WebMail extends HttpServlet
}
catch( NumberFormatException nfe )
{
sessionObject.error += _("Message id not valid.") + "<br>";
sessionObject.error += _("Message id not valid.") + '\n';
}
}
}
@ -1194,7 +1194,7 @@ public class WebMail extends HttpServlet
);
}
else {
sessionObject.error += _("No Encoding found for {0}", encodeTo) + "<br>";
sessionObject.error += _("No Encoding found for {0}", encodeTo) + '\n';
}
}
catch (EncodingException e1) {
@ -1203,7 +1203,7 @@ public class WebMail extends HttpServlet
}
}
catch (IOException e) {
sessionObject.error += _("Error reading uploaded file: {0}", e.getMessage()) + "<br>";
sessionObject.error += _("Error reading uploaded file: {0}", e.getMessage()) + '\n';
}
}
}
@ -1338,7 +1338,7 @@ public class WebMail extends HttpServlet
sessionObject.folder.setPageSize( pageSize );
}
catch( NumberFormatException nfe ) {
sessionObject.error += _("Invalid pagesize number, resetting to default value.") + "<br>";
sessionObject.error += _("Invalid pagesize number, resetting to default value.") + '\n';
}
}
if( buttonPressed( request, PREVPAGE ) ) {
@ -1362,7 +1362,7 @@ public class WebMail extends HttpServlet
if (m > 0)
sessionObject.reallyDelete = true;
else
sessionObject.error += _("No messages marked for deletion.") + "<br>";
sessionObject.error += _("No messages marked for deletion.") + '\n';
}
else {
if( buttonPressed( request, REALLYDELETE ) ) {
@ -1379,7 +1379,7 @@ public class WebMail extends HttpServlet
sessionObject.folder.removeElements(toDelete);
sessionObject.pageChanged = true;
sessionObject.info += ngettext("1 message deleted.", "{0} messages deleted.", numberDeleted);
//sessionObject.error += _("Error deleting message: {0}", sessionObject.mailbox.lastError()) + "<br>";
//sessionObject.error += _("Error deleting message: {0}", sessionObject.mailbox.lastError()) + '\n';
}
}
sessionObject.reallyDelete = false;
@ -1466,7 +1466,7 @@ public class WebMail extends HttpServlet
} catch (IOException ioe) {
sessionObject.error = ioe.toString();
} catch( NumberFormatException nfe ) {
sessionObject.error += _("Invalid pagesize number, resetting to default value.") + "<br>";
sessionObject.error += _("Invalid pagesize number, resetting to default value.") + '\n';
}
} else if (buttonPressed(request, CANCEL)) {
sessionObject.state = (sessionObject.folder != null) ? STATE_LIST : STATE_AUTH;
@ -1670,7 +1670,7 @@ public class WebMail extends HttpServlet
} else if( sessionObject.state == STATE_SHOW ) {
Mail mail = sessionObject.mailCache.getMail(sessionObject.showUIDL, MailCache.FetchMode.HEADER);
if (mail != null && mail.shortSubject != null)
subtitle = mail.shortSubject;
subtitle = quoteHTML(mail.shortSubject);
else
subtitle = _("Show Message");
} else if( sessionObject.state == STATE_NEW ) {
@ -1714,10 +1714,10 @@ public class WebMail extends HttpServlet
"<form method=\"POST\" enctype=\"multipart/form-data\" action=\"" + myself + "\" accept-charset=\"UTF-8\">" );
if( sessionObject.error != null && sessionObject.error.length() > 0 ) {
out.println( "<p class=\"error\">" + sessionObject.error + "</p>" );
out.println( "<p class=\"error\">" + quoteHTML(sessionObject.error).replace("\n", "<br>") + "</p>" );
}
if( sessionObject.info != null && sessionObject.info.length() > 0 ) {
out.println( "<p class=\"info\"><b>" + sessionObject.info + "</b></p>" );
out.println( "<p class=\"info\"><b>" + quoteHTML(sessionObject.info).replace("\n", "<br>") + "</b></p>" );
}
/*
* now write body
@ -1762,7 +1762,7 @@ public class WebMail extends HttpServlet
content = part.decode(2);
}
catch (DecodingException e) {
sessionObject.error += _("Error decoding content: {0}", e.getMessage()) + "<br>";
sessionObject.error += _("Error decoding content: {0}", e.getMessage()) + '\n';
content = null;
}
}
@ -1839,13 +1839,13 @@ public class WebMail extends HttpServlet
if( from == null || !Mail.validateAddress( from ) ) {
ok = false;
sessionObject.error += _("Found no valid sender address.") + "<br>";
sessionObject.error += _("Found no valid sender address.") + '\n';
}
else {
sender = Mail.getAddress( from );
if( sender == null || sender.length() == 0 ) {
ok = false;
sessionObject.error += _("Found no valid address in \\''{0}\\''.", quoteHTML( from )) + "<br>";
sessionObject.error += _("Found no valid address in \\''{0}\\''.", quoteHTML( from )) + '\n';
}
}
@ -1866,7 +1866,7 @@ public class WebMail extends HttpServlet
if( toList.isEmpty() ) {
ok = false;
sessionObject.error += _("No recipients found.") + "<br>";
sessionObject.error += _("No recipients found.") + '\n';
}
Encoding qp = EncodingFactory.getEncoding( "quoted-printable" );
Encoding hl = EncodingFactory.getEncoding( "HEADERLINE" );
@ -2018,12 +2018,12 @@ public class WebMail extends HttpServlet
out.println( "<table cellspacing=\"0\" cellpadding=\"5\">\n" +
"<tr><td colspan=\"2\" align=\"center\"><hr></td></tr>\n" +
"<tr><td align=\"right\">" + _("From") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_FROM + "\" value=\"" + from + "\" " + ( fixed ? "disabled" : "" ) +"></td></tr>\n" +
"<tr><td align=\"right\">" + _("To") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_TO + "\" value=\"" + to + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("Cc") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_CC + "\" value=\"" + cc + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("Bcc") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_BCC + "\" value=\"" + bcc + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("From") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_FROM + "\" value=\"" + quoteHTML(from) + "\" " + ( fixed ? "disabled" : "" ) +"></td></tr>\n" +
"<tr><td align=\"right\">" + _("To") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_TO + "\" value=\"" + quoteHTML(to) + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("Cc") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_CC + "\" value=\"" + quoteHTML(cc) + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("Bcc") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_BCC + "\" value=\"" + quoteHTML(bcc) + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("Bcc to self") + ": </td><td align=\"left\"><input type=\"checkbox\" class=\"optbox\" name=\"" + NEW_BCC_TO_SELF + "\" value=\"1\" " + (sessionObject.bccToSelf ? "checked" : "" ) + "></td></tr>\n" +
"<tr><td align=\"right\">" + _("Subject") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_SUBJECT + "\" value=\"" + subject + "\"></td></tr>\n" +
"<tr><td align=\"right\">" + _("Subject") + ":</td><td align=\"left\"><input type=\"text\" size=\"80\" name=\"" + NEW_SUBJECT + "\" value=\"" + quoteHTML(subject) + "\"></td></tr>\n" +
"<tr><td colspan=\"2\" align=\"center\"><textarea cols=\"" + Config.getProperty( CONFIG_COMPOSER_COLS, 80 )+ "\" rows=\"" + Config.getProperty( CONFIG_COMPOSER_ROWS, 10 )+ "\" name=\"" + NEW_TEXT + "\">" + text + "</textarea>" +
"<tr class=\"bottombuttons\"><td colspan=\"2\" align=\"center\"><hr></td></tr>\n" +
"<tr class=\"bottombuttons\"><td align=\"right\">" + _("Add Attachment") + ":</td><td align=\"left\"><input type=\"file\" size=\"50%\" name=\"" + NEW_FILENAME + "\" value=\"\"></td></tr>" +
@ -2039,7 +2039,7 @@ public class WebMail extends HttpServlet
} else {
out.println("<tr><td align=\"right\">&nbsp;</td>");
}
out.println("<td align=\"left\"><input type=\"checkbox\" class=\"optbox\" name=\"check" + attachment.hashCode() + "\" value=\"1\">&nbsp;" + attachment.getFileName() + "</td></tr>");
out.println("<td align=\"left\"><input type=\"checkbox\" class=\"optbox\" name=\"check" + attachment.hashCode() + "\" value=\"1\">&nbsp;" + quoteHTML(attachment.getFileName()) + "</td></tr>");
}
// TODO disable in JS if none selected
out.println("<tr class=\"bottombuttons\"><td>&nbsp;</td><td align=\"left\">" +
@ -2068,9 +2068,9 @@ public class WebMail extends HttpServlet
//if (!fixed) {
if (true) {
out.println(
"<tr><td align=\"right\" width=\"30%\">" + _("Host") + "</td><td width=\"40%\" align=\"left\"><input type=\"text\" size=\"32\" name=\"" + HOST +"\" value=\"" + host + "\"" + ( fixed ? " disabled" : "" ) + "></td></tr>\n" +
"<tr><td align=\"right\" width=\"30%\">" + _("POP3 Port") + "</td><td width=\"40%\" align=\"left\"><input type=\"text\" style=\"text-align: right;\" size=\"5\" name=\"" + POP3 +"\" value=\"" + pop3 + "\"" + ( fixed ? " disabled" : "" ) + "></td></tr>\n" +
"<tr><td align=\"right\" width=\"30%\">" + _("SMTP Port") + "</td><td width=\"40%\" align=\"left\"><input type=\"text\" style=\"text-align: right;\" size=\"5\" name=\"" + SMTP +"\" value=\"" + smtp + "\"" + ( fixed ? " disabled" : "" ) + "></td></tr>\n");
"<tr><td align=\"right\" width=\"30%\">" + _("Host") + "</td><td width=\"40%\" align=\"left\"><input type=\"text\" size=\"32\" name=\"" + HOST +"\" value=\"" + quoteHTML(host) + "\"" + ( fixed ? " disabled" : "" ) + "></td></tr>\n" +
"<tr><td align=\"right\" width=\"30%\">" + _("POP3 Port") + "</td><td width=\"40%\" align=\"left\"><input type=\"text\" style=\"text-align: right;\" size=\"5\" name=\"" + POP3 +"\" value=\"" + quoteHTML(pop3) + "\"" + ( fixed ? " disabled" : "" ) + "></td></tr>\n" +
"<tr><td align=\"right\" width=\"30%\">" + _("SMTP Port") + "</td><td width=\"40%\" align=\"left\"><input type=\"text\" style=\"text-align: right;\" size=\"5\" name=\"" + SMTP +"\" value=\"" + quoteHTML(smtp) + "\"" + ( fixed ? " disabled" : "" ) + "></td></tr>\n");
}
out.println(
"<tr><td colspan=\"2\">&nbsp;</td></tr>\n" +
@ -2164,9 +2164,9 @@ public class WebMail extends HttpServlet
" onclick=\"deleteboxclicked();\" " +
( idChecked ? "checked" : "" ) + ">" + "</td><td " + jslink + ">" +
(mail.isNew() ? "<img src=\"/susimail/icons/flag_green.png\" alt=\"\" title=\"" + _("Message is new") + "\">" : "&nbsp;") + "</td><td " + jslink + ">" +
link + mail.shortSender + "</a></td><td " + jslink + ">" +
link + quoteHTML(mail.shortSender) + "</a></td><td " + jslink + ">" +
(mail.hasAttachment() ? "<img src=\"/susimail/icons/attach.png\" alt=\"\" title=\"" + _("Message has an attachment") + "\">" : "&nbsp;") + "</td><td " + jslink + ">" +
link + mail.shortSubject + "</a></td><td " + jslink + ">" +
link + quoteHTML(mail.shortSubject) + "</a></td><td " + jslink + ">" +
(mail.isSpam() ? "<img src=\"/susimail/icons/flag_red.png\" alt=\"\" title=\"" + _("Message is spam") + "\">" : "&nbsp;") + "</td><td " + jslink + ">" +
// don't let date get split across lines
mail.localFormattedDate.replace(" ", "&nbsp;") + "</td><td " + jslink + ">&nbsp;</td><td align=\"right\" " + jslink + ">" +
@ -2314,9 +2314,9 @@ public class WebMail extends HttpServlet
Properties config = Config.getProperties();
out.print(":</p><textarea cols=\"80\" rows=\"" + Math.max(8, config.size() + 2) + "\" spellcheck=\"false\" name=\"" + CONFIG_TEXT + "\">");
for (Map.Entry<Object, Object> e : config.entrySet()) {
out.print(e.getKey());
out.print(quoteHTML(e.getKey().toString()));
out.print('=');
out.println(e.getValue());
out.println(quoteHTML(e.getValue().toString()));
}
out.println("</textarea>");
out.println("<div id=\"bottombuttons\">");

20
apps/susimail/src/src/i2p/susi/webmail/smtp/SMTPClient.java
View File

@ -89,7 +89,7 @@ public class SMTPClient {
socket.getOutputStream().flush();
return getResult();
} catch (IOException e) {
error += "IOException occured.<br>";
error += "IOException occured.\n";
return 0;
}
}
@ -193,7 +193,7 @@ public class SMTPClient {
buf.setLength(0);
}
} catch (IOException e) {
error += "IOException occured.<br>";
error += "IOException occured.\n";
result = 0;
}
lastResponse = fullResponse.toString();
@ -211,7 +211,7 @@ public class SMTPClient {
try {
socket = new Socket( host, port );
} catch (Exception e) {
error += _("Cannot connect") + ": " + e.getMessage() + "<br>";
error += _("Cannot connect") + ": " + e.getMessage() + '\n';
ok = false;
}
try {
@ -222,7 +222,7 @@ public class SMTPClient {
socket.setSoTimeout(120*1000);
int result = sendCmd(null);
if (result != 220) {
error += _("Server refused connection") + " (" + result + ")<br>";
error += _("Server refused connection") + " (" + result + ")\n";
ok = false;
}
}
@ -234,7 +234,7 @@ public class SMTPClient {
if (r.result == 250) {
supportsPipelining = r.recv.contains("PIPELINING");
} else {
error += _("Server refused connection") + " (" + r.result + ")<br>";
error += _("Server refused connection") + " (" + r.result + ")\n";
ok = false;
}
}
@ -246,7 +246,7 @@ public class SMTPClient {
cmds.add(new SendExpect(base64.encode(user), 334));
cmds.add(new SendExpect(base64.encode(pass), 235));
if (sendCmds(cmds) != 3) {
error += _("Login failed") + "<br>";
error += _("Login failed") + '\n';
ok = false;
}
}
@ -259,7 +259,7 @@ public class SMTPClient {
cmds.add(new SendExpect("DATA", 354));
if (sendCmds(cmds) != cmds.size()) {
// TODO which recipient?
error += _("Mail rejected") + "<br>";
error += _("Mail rejected") + '\n';
ok = false;
}
}
@ -273,10 +273,10 @@ public class SMTPClient {
if (result == 250)
mailSent = true;
else
error += _("Error sending mail") + " (" + result + ")<br>";
error += _("Error sending mail") + " (" + result + ")\n";
}
} catch (IOException e) {
error += _("Error sending mail") + ": " + e.getMessage() + "<br>";
error += _("Error sending mail") + ": " + e.getMessage() + '\n';
} catch (EncodingException e) {
error += e.getMessage();
@ -284,7 +284,7 @@ public class SMTPClient {
if( !mailSent && lastResponse.length() > 0 ) {
String[] lines = lastResponse.split( "\r" );
for( int i = 0; i < lines.length; i++ )
error += lines[i] + "<br>";
error += lines[i] + '\n';
}
sendCmd("QUIT", false);
if( socket != null ) {

4
core/java/src/net/i2p/data/DataHelper.java
View File

@ -1628,8 +1628,8 @@ public class DataHelper {
return rv;
}
private static final String escapeChars[] = {"&", "\"", "<", ">"};
private static final String escapeCodes[] = {"&amp;", "&quot;", "&lt;", "&gt;"};
private static final String escapeChars[] = {"&", "\"", "<", ">", "\"", "'"};
private static final String escapeCodes[] = {"&amp;", "&quot;", "&lt;", "&gt;", "&quot;", "&apos;"};
/**
* Escape a string for inclusion in HTML

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */
public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 24;
public final static long BUILD = 25;
/** for example "-test" */
public final static String EXTRA = "-rc";