forked from I2P_Developers/i2p.i2p
Fix for #588 - HTML escape and unescape descriptions on configclients page
This commit is contained in:
str4d
@ -165,7 +165,7 @@ public class ConfigClientsHandler extends FormHandler {
|
||||
if (! ("webConsole".equals(ca.clientName) || "Web console".equals(ca.clientName)))
|
||||
ca.disabled = val == null;
|
||||
// edit of an existing entry
|
||||
String desc = getJettyString("desc" + cur);
|
||||
String desc = unescapeHTML(getJettyString("desc" + cur));
|
||||
if (desc != null) {
|
||||
int spc = desc.indexOf(" ");
|
||||
String clss = desc;
|
||||
@ -181,7 +181,7 @@ public class ConfigClientsHandler extends FormHandler {
|
||||
}
|
||||
|
||||
int newClient = clients.size();
|
||||
String newDesc = getJettyString("desc" + newClient);
|
||||
String newDesc = unescapeHTML(getJettyString("desc" + newClient));
|
||||
if (newDesc != null && newDesc.trim().length() > 0) {
|
||||
// new entry
|
||||
int spc = newDesc.indexOf(" ");
|
||||
@ -399,4 +399,22 @@ public class ConfigClientsHandler extends FormHandler {
|
||||
_context.router().saveConfig();
|
||||
addFormNotice(_("Interface configuration saved successfully - restart required to take effect."));
|
||||
}
|
||||
|
||||
/**
|
||||
* Unescapes a string taken from HTML
|
||||
*/
|
||||
private String unescapeHTML(String escaped) {
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
map.put(""","\"");
|
||||
map.put("&","&");
|
||||
map.put("<","<");
|
||||
map.put(">",">");
|
||||
String unescaped = escaped;
|
||||
for (Map.Entry<String, String> entry : map.entrySet()) {
|
||||
String k = entry.getKey();
|
||||
String v = entry.getValue();
|
||||
unescaped = unescaped.replaceAll(k, v);
|
||||
}
|
||||
return unescaped;
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,8 +3,10 @@ package net.i2p.router.web;
|
||||
import java.text.SimpleDateFormat;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
@ -234,6 +236,7 @@ public class ConfigClientsHelper extends HelperBase {
|
||||
boolean enabled, boolean ro, String desc, boolean edit,
|
||||
boolean showEditButton, boolean showUpdateButton, boolean showStopButton,
|
||||
boolean showDeleteButton, boolean showStartButton) {
|
||||
String escapeddesc = escapeHTML(desc);
|
||||
buf.append("<tr><td class=\"mediumtags\" align=\"right\" width=\"25%\">");
|
||||
if (urlify && enabled) {
|
||||
String link = "/";
|
||||
@ -279,10 +282,10 @@ public class ConfigClientsHelper extends HelperBase {
|
||||
buf.append("</td><td align=\"left\" width=\"50%\">");
|
||||
if (edit && !ro) {
|
||||
buf.append("<input type=\"text\" size=\"80\" name=\"desc").append(index).append("\" value=\"");
|
||||
buf.append(desc);
|
||||
buf.append(escapeddesc);
|
||||
buf.append("\" >");
|
||||
} else {
|
||||
buf.append(desc);
|
||||
buf.append(escapeddesc);
|
||||
}
|
||||
buf.append("</td></tr>\n");
|
||||
}
|
||||
@ -298,4 +301,22 @@ public class ConfigClientsHelper extends HelperBase {
|
||||
String rv = t1.replace('>', ' ');
|
||||
return rv;
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes a string for inclusion in HTML
|
||||
*/
|
||||
private String escapeHTML(String unescaped) {
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
map.put("\"",""");
|
||||
map.put("&","&");
|
||||
map.put("<","<");
|
||||
map.put(">",">");
|
||||
String escaped = unescaped;
|
||||
for (Map.Entry<String, String> entry : map.entrySet()) {
|
||||
String k = entry.getKey();
|
||||
String v = entry.getValue();
|
||||
escaped = escaped.replaceAll(k, v);
|
||||
}
|
||||
return escaped;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user