echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Console:

Browse Source 
- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files
This commit is contained in:
zzz
2014-07-26 09:32:26 +00:00
parent e9c8748c0b
commit af575d6c95
32 changed files with 124 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/routerconsole/java/src/net/i2p/router/web/SummaryHelper.java
View File

@ -818,19 +818,19 @@ public class SummaryHelper extends HelperBase {
/* below here is stuff we need to get from summarynoframe.jsp to SummaryBarRenderer */
private String _action;
public void setAction(String s) { _action = s; }
public void setAction(String s) { _action = DataHelper.stripHTML(s); }
public String getAction() { return _action; }
private String _consoleNonce;
public void setConsoleNonce(String s) { _consoleNonce = s; }
public void setConsoleNonce(String s) { _consoleNonce = DataHelper.stripHTML(s); }
public String getConsoleNonce() { return _consoleNonce; }
private String _updateNonce;
public void setUpdateNonce(String s) { _updateNonce = s; }
public void setUpdateNonce(String s) { _updateNonce = DataHelper.stripHTML(s); }
public String getUpdateNonce() { return _updateNonce; }
private String _requestURI;
public void setRequestURI(String s) { _requestURI = s; }
public void setRequestURI(String s) { _requestURI = DataHelper.stripHTML(s); }
/**
* @return non-null; "/home" if (strangely) not set by jsp