echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Console: Fix escaping of plugin description on /configclients (ticket #1711)

Browse Source
This commit is contained in:
zzz
2015-11-21 17:39:10 +00:00
parent 9efb3c8751
commit 9a9832cb77
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java
View File

@ -151,7 +151,7 @@ public class ConfigClientsHelper extends HelperBase {
//"webConsole".equals(ca.clientName) || "Web console".equals(ca.clientName),
false, RouterConsoleRunner.class.getName().equals(ca.className),
// description
ca.className + ((ca.args != null) ? " " + ca.args : ""),
DataHelper.escapeHTML(ca.className + ((ca.args != null) ? " " + ca.args : "")),
// edit
allowEdit && (""+cur).equals(_edit),
// show edit button, show update button
@ -212,7 +212,7 @@ public class ConfigClientsHelper extends HelperBase {
boolean isRunning = WebAppStarter.isWebAppRunning(app);
renderForm(buf, app, app, !"addressbook".equals(app),
"true".equals(val), RouterConsoleRunner.ROUTERCONSOLE.equals(app),
RouterConsoleRunner.ROUTERCONSOLE.equals(app), app + ".war",
RouterConsoleRunner.ROUTERCONSOLE.equals(app), DataHelper.escapeHTML(app + ".war"),
false, false, false, isRunning, false, !isRunning);
}
}
@ -316,14 +316,15 @@ public class ConfigClientsHelper extends HelperBase {
/**
* Misnamed, renders a single line in a table for a single client/webapp/plugin.
*
* ro trumps edit and showEditButton
* @param name will be escaped here
* @param ro trumps edit and showEditButton
* @param escapedDesc description, must be HTML escaped, except for plugins
*/
private void renderForm(StringBuilder buf, String index, String name, boolean urlify,
boolean enabled, boolean ro, boolean preventDisable, String desc, boolean edit,
boolean enabled, boolean ro, boolean preventDisable, String escapedDesc, boolean edit,
boolean showEditButton, boolean showUpdateButton, boolean showStopButton,
boolean showDeleteButton, boolean showStartButton) {
String escapedName = DataHelper.escapeHTML(name);
String escapedDesc = DataHelper.escapeHTML(desc);
buf.append("<tr><td class=\"mediumtags\" align=\"right\" width=\"25%\">");
if (urlify && enabled) {
String link = "/";