* Console:

- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files

apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java

@@ -57,7 +57,7 @@ public class CSSHelper extends HelperBase {
      */
     public void setLang(String lang) {
         // Protected with nonce in css.jsi
-        if (lang != null && lang.length() > 0) {
+        if (lang != null && lang.length() > 0 && lang.length() <= 6) {
             Map m = new HashMap(2);
             int under = lang.indexOf('_');
             if (under < 0) {
@@ -105,9 +105,9 @@ public class CSSHelper extends HelperBase {
         try {
             if (Integer.parseInt(r) < MIN_REFRESH)
                 r = "" + MIN_REFRESH;
+            _context.router().saveConfig(PROP_REFRESH, r);
         } catch (Exception e) {
         }
-        _context.router().saveConfig(PROP_REFRESH, r);
     }
 
     /** @return refresh time in seconds, as a string */
@@ -117,6 +117,7 @@ public class CSSHelper extends HelperBase {
             if (Integer.parseInt(r) < MIN_REFRESH)
                 r = "" + MIN_REFRESH;
         } catch (Exception e) {
+            r = "" + MIN_REFRESH;
         }
         return r;
     }

apps/routerconsole/java/src/net/i2p/router/web/ConfigAdvancedHandler.java

@@ -21,7 +21,8 @@ public class ConfigAdvancedHandler extends FormHandler {
     @Override
     protected void processForm() {
         if (_shouldSave) {
-            saveChanges();
+            //saveChanges();
+            addFormError("Save disabled, edit the router.config file to make changes") ;
         } else {
             // noop
         }

apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java

@@ -54,7 +54,8 @@ public class ConfigClientsHandler extends FormHandler {
             return;
         }
         if (_action.equals(_("Install Plugin"))) {
-            installPlugin();
+            //installPlugin();
+            addFormError("Plugin installation disabled");
             return;
         }
         if (_action.equals(_("Update All Installed Plugins"))) {

apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java

@@ -173,10 +173,11 @@ public class ConfigUpdateHandler extends FormHandler {
                 _newsThroughProxy = false;
             String oldURL = ConfigUpdateHelper.getNewsURL(_context);
             if ( (oldURL == null) || (!_newsURL.equals(oldURL)) ) {
-                changes.put(PROP_NEWS_URL, _newsURL);
+                //changes.put(PROP_NEWS_URL, _newsURL);
                 // this invalidates the news
-                changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
-                addFormNotice(_("Updating news URL to {0}", _newsURL));
+                //changes.put(NewsHelper.PROP_LAST_CHECKED, "0");
+                //addFormNotice(_("Updating news URL to {0}", _newsURL));
+                addFormError("Changing news URL disabled");
             }
         }
         
@@ -240,8 +241,9 @@ public class ConfigUpdateHandler extends FormHandler {
         if ( (_zipURL != null) && (_zipURL.length() > 0) ) {
             String oldURL = _context.router().getConfigSetting(PROP_ZIP_URL);
             if ( (oldURL == null) || (!_zipURL.equals(oldURL)) ) {
-                changes.put(PROP_ZIP_URL, _zipURL);
-                addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
+                //changes.put(PROP_ZIP_URL, _zipURL);
+                //addFormNotice(_("Updating unsigned update URL to {0}", _zipURL));
+                addFormError("Changing unsigned update URL disabled");
             }
         }
         

apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java

@@ -5,6 +5,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import net.i2p.data.DataHelper;
 import net.i2p.router.RouterContext;
 import net.i2p.util.Log;
 
@@ -50,8 +51,8 @@ public abstract class FormHandler {
         }
     }
 
-    public void setNonce(String val) { _nonce = val; }
-    public void setAction(String val) { _action = val; }
+    public void setNonce(String val) { _nonce = DataHelper.stripHTML(val); }
+    public void setAction(String val) { _action = DataHelper.stripHTML(val); }
 
     /**
      * For many forms, it's easiest just to put all the parameters here.

apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java

@@ -818,19 +818,19 @@ public class SummaryHelper extends HelperBase {
     /* below here is stuff we need to get from summarynoframe.jsp to SummaryBarRenderer */
 
     private String _action;
-    public void setAction(String s) { _action = s; }
+    public void setAction(String s) { _action = DataHelper.stripHTML(s); }
     public String getAction() { return _action; }
 
     private String _consoleNonce;
-    public void setConsoleNonce(String s) { _consoleNonce = s; }
+    public void setConsoleNonce(String s) { _consoleNonce = DataHelper.stripHTML(s); }
     public String getConsoleNonce() { return _consoleNonce; }
 
     private String _updateNonce;
-    public void setUpdateNonce(String s) { _updateNonce = s; }
+    public void setUpdateNonce(String s) { _updateNonce = DataHelper.stripHTML(s); }
     public String getUpdateNonce() { return _updateNonce; }
 
     private String _requestURI;
-    public void setRequestURI(String s) { _requestURI = s; }
+    public void setRequestURI(String s) { _requestURI = DataHelper.stripHTML(s); }
 
     /**
      * @return non-null; "/home" if (strangely) not set by jsp