35bb8c5348
Plugins: partial SU3 support
2014-08-07 19:06:41 +00:00
79fe799aeb
Plugins: Stub out SU3 support
2014-08-07 18:45:04 +00:00
2878a6487e
KeysAndCert: Change hashcode to prevent possible collisions
...
caused by apps with zeroed pubkey
2014-08-07 17:05:25 +00:00
d4722e0d2c
* i2psnark: Fix excaped message
2014-08-07 13:39:24 +00:00
9655e79d26
UPnP: Disable external entities in XML parser
2014-08-06 18:13:54 +00:00
d1a2e24f0e
SSU: Speed up introductions by responding to HolePunch (ticket #1333 )
2014-08-06 16:35:08 +00:00
086381d958
SU3File: Add support for XML and NEWS types
2014-08-06 16:32:10 +00:00
7187f6f714
* Console: Display full path to config file
...
* i2ptunnel: More escaping
2014-08-06 13:40:25 +00:00
e10e05166f
refresh patch
2014-08-06 09:03:18 +00:00
b0f8d84a7f
updated debian/po/uk.po
2014-08-06 09:03:02 +00:00
0e9ceba057
* i2ptunnel: Fix filtering of custom options
2014-08-05 21:26:48 +00:00
fe3059f0ab
* Plugins: Enforce signing key matches that in plugin.config
2014-08-05 21:23:48 +00:00
bd566f52cf
Adding SWAT's reseed(su3) certificate.
2014-08-05 09:27:24 +00:00
b7e0dabe61
fix manual wrapper URL
2014-08-04 15:49:46 +00:00
2d2348f671
payload bounds check
2014-08-03 14:36:20 +00:00
b28eb708a4
* Console:
...
- Fix update buttons
- Don't filter parameter names starting with "nofilter_"
- Re-allow configadvanced, news URL, and unsigned update URL if routerconsole.advanced=true
- Re-allow plugin install if routerconsole.advanced=true or routerconsole.enablePluginInstall=true
- Only allow whitelisted plugin signers, unless routerconsole.allowUntrustedPlugins=true
- Re-allow clients.config changes if routerconsole.advanced=true or routerconsole.enableClientChange=true
- More escaping
* i2psnark: Fix add torrent form
2014-08-03 13:58:51 +00:00
bf9c4b2346
new su3 cert as pwd for old lost, old one not in use till yet
2014-07-31 19:11:48 +00:00
d33aa097fe
bump
2014-07-31 14:56:04 +00:00
8673c232b6
Whitelist of known plugin public keys
...
Compiled by kytv from plugins.i2p
todo: implementation
2014-07-31 14:51:02 +00:00
d3ea5d2122
drop ExecNamingService, moving to i2p.scripts
2014-07-31 14:44:52 +00:00
370d2555c7
Notes and logging re: compiling with Java 8
2014-07-31 14:42:51 +00:00
5332cee3e8
update credit as requested
2014-07-27 11:02:59 +00:00
1246e1c498
0.9.14
2014-07-26 20:32:26 +00:00
d6b0b1b93c
refresh tweaks
...
another escape html
2014-07-26 20:14:01 +00:00
1e0c970c95
remove add client button
2014-07-26 19:31:36 +00:00
db9f49c7d4
updates after review:
...
Disable clients.config editing in UI
Strip single quotes too
Fix double-escaping in susimail folder page
2014-07-26 18:58:58 +00:00
1603353ae8
Susimail escaping from psi plus some more
2014-07-26 16:50:58 +00:00
6753d23309
Add filtering for getParameterMap()
...
Don't return null entries in getParameterValues() array
Log in getParameterValues() too
static
2014-07-26 15:09:40 +00:00
ca5755b0fd
javadoc move new classes
2014-07-26 13:51:48 +00:00
2c8223274d
filter pattern tweaks
2014-07-26 13:43:52 +00:00
f0dd09cf9c
filter logging
2014-07-26 12:18:35 +00:00
4746d9eb80
Fix CSP to allow inline style and refresh
...
Add filter to all webapps
2014-07-26 11:01:16 +00:00
99401c5639
fix link
2014-07-26 10:51:42 +00:00
58578d9020
Console:
...
XSSFilter patch from str4d:
XSSFilter and XSSRequestWrapper were from http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
No provided license, but it is clearly intended for public consumption.
But most of it is boilerplate provided by the Servlet Filter system.
In fact, now that I have stripped out his JS-specific patterns and replaced it with the whitelist,
it is effectively identical to what I would have written from scratch.
2014-07-26 09:39:31 +00:00
af575d6c95
* Console:
...
- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
- Add Content-Security-Policy and X-XSS-Protection headers
- Disable changing news feed URL from UI
- Disable plugin install from UI
- Disable setting unsigned update URL from UI
- Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files
2014-07-26 09:32:26 +00:00
e9c8748c0b
Updated Eclipse settings
2014-07-26 02:48:49 +00:00
08409d016b
translation updates from Transifex
2014-07-23 13:55:58 +00:00
42bfbfc60b
geoip database updates
2014-07-23 13:54:36 +00:00
c7c087d964
fix poupdate target
2014-07-23 13:49:09 +00:00
89764c12e7
bob finals, synch
2014-07-23 13:12:32 +00:00
bd45d5483f
Added new reseed host, thanks to Backup.
...
Notes: Only HTTPS and SU3 (v2) support.
2014-07-22 17:56:50 +00:00
328d7d0008
SAM:
...
- Don't spawn a thread for each transmitted datagram
- Set protocol field for raw and signed datagrams
- Enforce a 60s timeout for HELLO
- Use naming service cache to reduce Destination object churn
- Get Log object from the log manager
- Log spelling fixes
2014-07-22 14:52:08 +00:00
cca5bef8c1
propagate from branch 'i2p.i2p' (head 79d0ad4538a0adc4ced6ac26cb725abe3d5ccee3)
...
to branch 'i2p.i2p.zzz.test2' (head 73032545b42f6f9caffffca08d0a8b97f5cf7e3a)
2014-07-22 14:38:28 +00:00
ce4874d825
better logging of reseed su3 errors
2014-07-21 20:05:05 +00:00
9b408b67ef
Adding Matt's SU3 reseed key.
2014-07-21 18:07:02 +00:00
c3bf100082
readme_fr.html thx hummingbird
2014-07-21 13:24:13 +00:00
b282ccd890
increment error count on exception
2014-07-21 13:23:14 +00:00
f38b741813
Adding sindu's reseed key. ( i2p-netdb.innovatio.no )
2014-07-21 01:47:37 +00:00
3a899d52d1
Don't grab the ClientApp if we don't need to
2014-07-19 23:55:43 +00:00
a2567b0ee2
* SusiMail: Better error message on decode fail
...
http://forum.i2p/viewtopic.php?t=11469
2014-07-19 16:31:59 +00:00
