echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

i2psnark escape fixes

Browse Source
This commit is contained in:
zzz
2014-08-23 13:19:44 +00:00
parent d76164679f
commit 1bc355b8fd
4 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/i2psnark/java/src/org/klomp/snark/Snark.java
View File

@ -797,6 +797,7 @@ public class Snark
}
/**
* Not HTML escaped.
* @return String returned from tracker, or null if no error
* @since 0.8.4
*/

3
apps/i2psnark/java/src/org/klomp/snark/TrackerInfo.java
View File

@ -196,6 +196,9 @@ class TrackerInfo
return complete;
}
/**
* Not HTML escaped.
*/
public String getFailureReason()
{
return failure_reason;

8
apps/i2psnark/java/src/org/klomp/snark/UpdateRunner.java
View File

@ -6,6 +6,7 @@ import java.util.List;
import net.i2p.I2PAppContext;
import net.i2p.crypto.TrustedUpdate;
import net.i2p.data.DataHelper;
import net.i2p.update.*;
import net.i2p.util.Log;
import net.i2p.util.SimpleTimer2;
@ -297,9 +298,10 @@ class UpdateRunner implements UpdateTask, CompleteListener {
//////// end CompleteListener methods
private static String linkify(String url) {
String durl = url.length() <= 28 ? url :
url.substring(0, 25) + "&hellip;";
return "<a target=\"_blank\" href=\"" + url + "\"/>" + durl + "</a>";
String durl = url.length() <= 28 ? DataHelper.escapeHTML(url) :
DataHelper.escapeHTML(url.substring(0, 25)) + "&hellip;";
// TODO urlEncode instead
return "<a target=\"_blank\" href=\"" + DataHelper.escapeHTML(url) + "\"/>" + durl + "</a>";
}
private void updateStatus(String s) {

19
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
View File

@ -60,6 +60,7 @@ public class I2PSnarkServlet extends BasicServlet {
private static final String DEFAULT_NAME = "i2psnark";
public static final String PROP_CONFIG_FILE = "i2psnark.configFile";
private static final String WARBASE = "/.icons/";
private static final char HELLIP = '\u2026';
public I2PSnarkServlet() {
super();
@ -1256,7 +1257,7 @@ public class I2PSnarkServlet extends BasicServlet {
String start = basename.substring(0, MAX_DISPLAYED_FILENAME_LENGTH);
if (start.indexOf(" ") < 0 && start.indexOf("-") < 0) {
// browser has nowhere to break it
basename = start + "&hellip;";
basename = start + HELLIP;
}
}
// includes skipped files, -1 for magnet mode
@ -1307,7 +1308,9 @@ public class I2PSnarkServlet extends BasicServlet {
ngettext("1 peer", "{0} peers", knownPeers);
else {
if (err.length() > MAX_DISPLAYED_ERROR_LENGTH)
err = err.substring(0, MAX_DISPLAYED_ERROR_LENGTH) + "&hellip;";
err = DataHelper.escapeHTML(err.substring(0, MAX_DISPLAYED_ERROR_LENGTH)) + "&hellip;";
else
err = DataHelper.escapeHTML(err);
statusString = "<img alt=\"\" border=\"0\" src=\"" + _imgPath + "trackererror.png\" title=\"" + err + "\"></td>" +
"<td class=\"snarkTorrentStatus\">" + _("Tracker Error");
}
@ -1729,8 +1732,8 @@ public class I2PSnarkServlet extends BasicServlet {
(announce.startsWith("http://lnQ6yoBT") && aURL.startsWith("http://tracker2.postman.i2p/")) ||
(announce.startsWith("http://ahsplxkbhemefwvvml7qovzl5a2b5xo5i7lyai7ntdunvcyfdtna.b32.i2p/") && aURL.startsWith("http://tracker2.postman.i2p/"))))
continue;
String baseURL = t.baseURL;
String name = t.name;
String baseURL = urlEncode(t.baseURL);
String name = DataHelper.escapeHTML(t.name);
StringBuilder buf = new StringBuilder(128);
buf.append("<a href=\"").append(baseURL).append("details.php?dllist=1&amp;filelist=1&amp;info_hash=")
.append(TrackerClient.urlencode(infohash))
@ -1774,9 +1777,11 @@ public class I2PSnarkServlet extends BasicServlet {
if (trackerLinkUrl != null)
buf.append(trackerLinkUrl);
else
buf.append("<a href=\"http://").append(announce).append("/\">");
// TODO encode
buf.append("<a href=\"http://").append(urlEncode(announce)).append("/\">");
if (announce.length() > 67)
announce = announce.substring(0, 40) + "&hellip;" + announce.substring(announce.length() - 8);
announce = DataHelper.escapeHTML(announce.substring(0, 40)) + "&hellip;" +
DataHelper.escapeHTML(announce.substring(announce.length() - 8));
buf.append(announce);
buf.append("</a>");
return buf.toString();
@ -2274,7 +2279,7 @@ public class I2PSnarkServlet extends BasicServlet {
*/
private static String urlEncode(String s) {
return s.replace(";", "%3B").replace("&", "&amp;").replace(" ", "%20")
.replace("<", "&lt;").replace(">", "&gt;")
.replace("<", "%3C").replace(">", "%3E")
.replace("[", "%5B").replace("]", "%5D");
}