diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigPeerHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigPeerHandler.java index a0a3df8c9..5af095d2c 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigPeerHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigPeerHandler.java @@ -36,7 +36,7 @@ public class ConfigPeerHandler extends FormHandler { return; } addFormError(_("Invalid peer")); - } else if (_action.equals(_("Adjust Profile Bonuses"))) { + } else if (_action.equals(_("Adjust peer bonuses"))) { Hash h = getHash(); if (h != null) { PeerProfile prof = _context.profileOrganizer().getProfile(h); @@ -59,6 +59,8 @@ public class ConfigPeerHandler extends FormHandler { addFormError(_("Invalid peer")); } else if (_action.startsWith("Check")) { addFormError(_("Unsupported")); + } else { + addFormError("Unknown action \"" + _action + '"'); } } diff --git a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java index f064c5abc..88abf360d 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java @@ -20,26 +20,23 @@ public class FormHandler { protected Log _log; private String _nonce; protected String _action; + protected String _method; protected String _passphrase; - private List _errors; - private List _notices; + private final List _errors; + private final List _notices; private boolean _processed; private boolean _valid; public FormHandler() { _errors = new ArrayList(); _notices = new ArrayList(); - _action = null; - _processed = false; _valid = true; - _nonce = null; - _passphrase = null; } /** * Configure this bean to query a particular router context * - * @param contextId begging few characters of the routerHash, or null to pick + * @param contextId beginning few characters of the routerHash, or null to pick * the first one we come across. */ public void setContextId(String contextId) { @@ -54,6 +51,14 @@ public class FormHandler { public void setNonce(String val) { _nonce = val; } public void setAction(String val) { _action = val; } public void setPassphrase(String val) { _passphrase = val; } + + /** + * Call this to prevent changes using GET + * + * @param the request method + * @since 0.8.2 + */ + public void storeMethod(String val) { _method = val; } /** * Override this to perform the final processing (in turn, adding formNotice @@ -145,6 +150,12 @@ public class FormHandler { _valid = false; return; } + // To prevent actions with GET, jsps must call storeMethod() + if (_method != null && !"POST".equals(_method)) { + addFormError("Invalid form submission, requires POST not " + _method); + _valid = false; + return; + } String sharedNonce = System.getProperty("router.consoleNonce"); if ( (sharedNonce != null) && (sharedNonce.equals(_nonce) ) ) { @@ -211,4 +222,8 @@ public class FormHandler { return Messages.getString(s, o, _context); } + /** two params @since 0.8.2 */ + public String _(String s, Object o, Object o2) { + return Messages.getString(s, o, o2, _context); + } } diff --git a/apps/routerconsole/java/src/net/i2p/router/web/GraphHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/GraphHelper.java index 31b67dc81..b3ce2fa83 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/GraphHelper.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/GraphHelper.java @@ -1,6 +1,7 @@ package net.i2p.router.web; import java.io.IOException; +import java.io.Writer; import java.util.Comparator; import java.util.Iterator; import java.util.List; @@ -9,7 +10,8 @@ import java.util.TreeSet; import net.i2p.data.DataHelper; import net.i2p.stat.Rate; -public class GraphHelper extends HelperBase { +public class GraphHelper extends FormHandler { + protected Writer _out; private int _periodCount; private boolean _showEvents; private int _width; @@ -29,9 +31,6 @@ public class GraphHelper extends HelperBase { static final int MAX_Y = 1024; private static final int MIN_REFRESH = 15; - public GraphHelper() { - } - /** set the defaults after we have a context */ @Override public void setContextId(String contextId) { @@ -43,6 +42,12 @@ public class GraphHelper extends HelperBase { _showEvents = Boolean.valueOf(_context.getProperty(PROP_EVENTS)).booleanValue(); } + /** + * This was a HelperBase but now it's a FormHandler + * @since 0.8.2 + */ + public void storeWriter(Writer out) { _out = out; } + public void setPeriodCount(String str) { try { _periodCount = Integer.parseInt(str); } catch (NumberFormatException nfe) {} } @@ -125,10 +130,15 @@ public class GraphHelper extends HelperBase { } public String getForm() { - saveSettings(); + String prev = System.getProperty("net.i2p.router.web.GraphHelper.nonce"); + if (prev != null) System.setProperty("net.i2p.router.web.GraphHelper.noncePrev", prev); + String nonce = "" + _context.random().nextLong(); + System.setProperty("net.i2p.router.web.GraphHelper.nonce", nonce); try { _out.write("

" + _("Configure Graph Display") + " [" + _("Select Stats") + "]

"); - _out.write("
"); + _out.write("\n" + + "\n" + + "\n"); _out.write(_("Periods") + ":
\n"); _out.write(_("Plot averages") + ": "); _out.write(_("or")+ " " +_("plot events") + ":
\n"); @@ -143,6 +153,15 @@ public class GraphHelper extends HelperBase { return ""; } + /** + * This was a HelperBase but now it's a FormHandler + * @since 0.8.2 + */ + @Override + protected void processForm() { + saveSettings(); + } + /** * Silently save settings if changed, no indication of success or failure * @since 0.7.10 @@ -159,6 +178,7 @@ public class GraphHelper extends HelperBase { _context.router().setConfigSetting(PROP_REFRESH, "" + _refreshDelaySeconds); _context.router().setConfigSetting(PROP_EVENTS, "" + _showEvents); _context.router().saveConfig(); + addFormNotice(_("Graph settings saved")); } } diff --git a/apps/routerconsole/java/src/net/i2p/router/web/HelperBase.java b/apps/routerconsole/java/src/net/i2p/router/web/HelperBase.java index 802e059ad..8ceec1098 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/HelperBase.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/HelperBase.java @@ -28,7 +28,13 @@ public abstract class HelperBase { /** might be useful in the jsp's */ //public RouterContext getContext() { return _context; } - public void setWriter(Writer out) { _out = out; } + + /** + * Renamed from setWriter, we realy don't want setFoo(non-String) + * Prevent jsp.error.beans.property.conversion 500 error for ?writer=foo + * @since 0.8.2 + */ + public void storeWriter(Writer out) { _out = out; } /** translate a string */ public String _(String s) { diff --git a/apps/routerconsole/jsp/config.jsp b/apps/routerconsole/jsp/config.jsp index 2cb8a3aed..74f1bf465 100644 --- a/apps/routerconsole/jsp/config.jsp +++ b/apps/routerconsole/jsp/config.jsp @@ -16,6 +16,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/configadvanced.jsp b/apps/routerconsole/jsp/configadvanced.jsp index 566d0c1ba..0381aef9a 100644 --- a/apps/routerconsole/jsp/configadvanced.jsp +++ b/apps/routerconsole/jsp/configadvanced.jsp @@ -18,6 +18,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/configclients.jsp b/apps/routerconsole/jsp/configclients.jsp index 49430e206..4f633c894 100644 --- a/apps/routerconsole/jsp/configclients.jsp +++ b/apps/routerconsole/jsp/configclients.jsp @@ -21,6 +21,7 @@ button span.hide{ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> " /> " /> diff --git a/apps/routerconsole/jsp/configkeyring.jsp b/apps/routerconsole/jsp/configkeyring.jsp index 84cd54384..b260f843a 100644 --- a/apps/routerconsole/jsp/configkeyring.jsp +++ b/apps/routerconsole/jsp/configkeyring.jsp @@ -13,6 +13,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/configlogging.jsp b/apps/routerconsole/jsp/configlogging.jsp index a90c362d7..c87fd367d 100644 --- a/apps/routerconsole/jsp/configlogging.jsp +++ b/apps/routerconsole/jsp/configlogging.jsp @@ -15,6 +15,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/confignav.jsi b/apps/routerconsole/jsp/confignav.jsi index adbf46fc7..87d0ec5b8 100644 --- a/apps/routerconsole/jsp/confignav.jsi +++ b/apps/routerconsole/jsp/confignav.jsi @@ -5,7 +5,7 @@ %> " /> - +<% navHelper.storeWriter(out); %>
<% diff --git a/apps/routerconsole/jsp/configpeer.jsp b/apps/routerconsole/jsp/configpeer.jsp index 0dfb55085..188ca56d4 100644 --- a/apps/routerconsole/jsp/configpeer.jsp +++ b/apps/routerconsole/jsp/configpeer.jsp @@ -13,6 +13,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> @@ -27,7 +28,7 @@ peer = net.i2p.data.DataHelper.stripHTML(request.getParameter("peer")); // XSS %>
- + <% String prev = System.getProperty("net.i2p.router.web.ConfigPeerHandler.nonce"); if (prev != null) System.setProperty("net.i2p.router.web.ConfigPeerHandler.noncePrev", prev); System.setProperty("net.i2p.router.web.ConfigPeerHandler.nonce", new java.util.Random().nextLong()+""); %> @@ -64,7 +65,7 @@

<%=intl._("Banned Peers")%>

" /> - + <% profilesHelper.storeWriter(out); %>

<%=intl._("Banned IPs")%>

diff --git a/apps/routerconsole/jsp/configservice.jsp b/apps/routerconsole/jsp/configservice.jsp index d71c8ee39..f87479a92 100644 --- a/apps/routerconsole/jsp/configservice.jsp +++ b/apps/routerconsole/jsp/configservice.jsp @@ -13,6 +13,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/configstats.jsp b/apps/routerconsole/jsp/configstats.jsp index 1f3dd6354..fde10837d 100644 --- a/apps/routerconsole/jsp/configstats.jsp +++ b/apps/routerconsole/jsp/configstats.jsp @@ -58,8 +58,9 @@ function toggleAll(category) <%@include file="confignav.jsi" %> - " /> + <% formhandler.storeMethod(request.getMethod()); %> + " /> diff --git a/apps/routerconsole/jsp/configtunnels.jsp b/apps/routerconsole/jsp/configtunnels.jsp index 9a6a11a37..1c1393280 100644 --- a/apps/routerconsole/jsp/configtunnels.jsp +++ b/apps/routerconsole/jsp/configtunnels.jsp @@ -15,6 +15,7 @@
<%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> " /> " /> diff --git a/apps/routerconsole/jsp/configui.jsp b/apps/routerconsole/jsp/configui.jsp index f2a0f5b0f..9f3d32e4f 100644 --- a/apps/routerconsole/jsp/configui.jsp +++ b/apps/routerconsole/jsp/configui.jsp @@ -18,6 +18,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/configupdate.jsp b/apps/routerconsole/jsp/configupdate.jsp index 21ae4fedf..193061421 100644 --- a/apps/routerconsole/jsp/configupdate.jsp +++ b/apps/routerconsole/jsp/configupdate.jsp @@ -13,6 +13,7 @@ <%@include file="confignav.jsi" %> + <% formhandler.storeMethod(request.getMethod()); %> " /> diff --git a/apps/routerconsole/jsp/dumpprofile.jsp b/apps/routerconsole/jsp/dumpprofile.jsp index f13a4bcd7..dfdcc0b6e 100644 --- a/apps/routerconsole/jsp/dumpprofile.jsp +++ b/apps/routerconsole/jsp/dumpprofile.jsp @@ -1,5 +1,5 @@ <%@page contentType="text/plain" %>" -/> \ No newline at end of file +/><% helper.storeWriter(out); +%> diff --git a/apps/routerconsole/jsp/graphs.jsp b/apps/routerconsole/jsp/graphs.jsp index e3d5c0115..bbda25944 100644 --- a/apps/routerconsole/jsp/graphs.jsp +++ b/apps/routerconsole/jsp/graphs.jsp @@ -13,9 +13,12 @@
+ <% graphHelper.storeMethod(request.getMethod()); %> " /> +<% /* GraphHelper sets the defaults in setContextId, so setting the properties must be after the context */ %> - + <% graphHelper.storeWriter(out); %> +
diff --git a/apps/routerconsole/jsp/i2psnark/index.html b/apps/routerconsole/jsp/i2psnark/index.html index a1500fad3..681b94656 100644 --- a/apps/routerconsole/jsp/i2psnark/index.html +++ b/apps/routerconsole/jsp/i2psnark/index.html @@ -3,6 +3,6 @@ -The I2PSnark Anonymous BitTorrent Client is not running. Please visit the config clients page +The I2PSnark Anonymous BitTorrent Client is not running. Please visit the config clients page to start it. diff --git a/apps/routerconsole/jsp/i2ptunnel/index.jsp b/apps/routerconsole/jsp/i2ptunnel/index.jsp index f3cceda0d..db3648aa0 100644 --- a/apps/routerconsole/jsp/i2ptunnel/index.jsp +++ b/apps/routerconsole/jsp/i2ptunnel/index.jsp @@ -3,5 +3,5 @@ -The I2P Tunnel Manager is not currently running. Please visit the Client Configuration page to start it. +The I2P Tunnel Manager is not currently running. Please visit the Client Configuration page to start it. diff --git a/apps/routerconsole/jsp/jobs.jsp b/apps/routerconsole/jsp/jobs.jsp index ef84c8f8c..53916dcd4 100644 --- a/apps/routerconsole/jsp/jobs.jsp +++ b/apps/routerconsole/jsp/jobs.jsp @@ -10,6 +10,6 @@
" /> - + <% jobQueueHelper.storeWriter(out); %>
diff --git a/apps/routerconsole/jsp/netdb.jsp b/apps/routerconsole/jsp/netdb.jsp index 9cbac25e7..2862e9e0e 100644 --- a/apps/routerconsole/jsp/netdb.jsp +++ b/apps/routerconsole/jsp/netdb.jsp @@ -12,7 +12,7 @@
" /> - + <% netdbHelper.storeWriter(out); %> " /> " /> " /> diff --git a/apps/routerconsole/jsp/oldconsole.jsp b/apps/routerconsole/jsp/oldconsole.jsp index 701d70f7d..3612169e4 100644 --- a/apps/routerconsole/jsp/oldconsole.jsp +++ b/apps/routerconsole/jsp/oldconsole.jsp @@ -12,7 +12,7 @@ <%@include file="summary.jsi" %> " /> - +<% conhelper.storeWriter(out); %>

I2P Router » Old Console

diff --git a/apps/routerconsole/jsp/peers.jsp b/apps/routerconsole/jsp/peers.jsp index c4b72b931..4b48c5957 100644 --- a/apps/routerconsole/jsp/peers.jsp +++ b/apps/routerconsole/jsp/peers.jsp @@ -11,7 +11,7 @@
" /> - + <% peerHelper.storeWriter(out); %> " /> diff --git a/apps/routerconsole/jsp/profiles.jsp b/apps/routerconsole/jsp/profiles.jsp index 69100e349..98ec48828 100644 --- a/apps/routerconsole/jsp/profiles.jsp +++ b/apps/routerconsole/jsp/profiles.jsp @@ -10,7 +10,7 @@
" /> - + <% profilesHelper.storeWriter(out); %> " />

<%=intl._("Banned Peers")%>

diff --git a/apps/routerconsole/jsp/stats.jsp b/apps/routerconsole/jsp/stats.jsp index 61466d986..d2787dea9 100644 --- a/apps/routerconsole/jsp/stats.jsp +++ b/apps/routerconsole/jsp/stats.jsp @@ -9,7 +9,7 @@ <%@include file="summary.jsi" %> " /> - +<% oldhelper.storeWriter(out); %> " />

<%=intl._("I2P Router Statistics")%>

diff --git a/apps/routerconsole/jsp/summarynoframe.jsi b/apps/routerconsole/jsp/summarynoframe.jsi index 33a029e76..355f4bc0b 100644 --- a/apps/routerconsole/jsp/summarynoframe.jsi +++ b/apps/routerconsole/jsp/summarynoframe.jsi @@ -11,7 +11,7 @@ " /> " /> - +<% helper.storeWriter(out); %> <% /* * The following is required for the reseed button to work, although we probably diff --git a/apps/routerconsole/jsp/susidns/index.jsp b/apps/routerconsole/jsp/susidns/index.jsp index 5fb267a83..2964615e3 100644 --- a/apps/routerconsole/jsp/susidns/index.jsp +++ b/apps/routerconsole/jsp/susidns/index.jsp @@ -3,6 +3,6 @@ -SusiDNS is not running. Go to the config clients page +SusiDNS is not running. Go to the config clients page to start it. diff --git a/apps/routerconsole/jsp/susimail/susimail b/apps/routerconsole/jsp/susimail/susimail index 985292121..32e9d3787 100644 --- a/apps/routerconsole/jsp/susimail/susimail +++ b/apps/routerconsole/jsp/susimail/susimail @@ -3,6 +3,6 @@ -SusiMail is not running. Go to the config clients page +SusiMail is not running. Go to the config clients page to start it. diff --git a/apps/routerconsole/jsp/tunnels.jsp b/apps/routerconsole/jsp/tunnels.jsp index 63045519c..e01b331f6 100644 --- a/apps/routerconsole/jsp/tunnels.jsp +++ b/apps/routerconsole/jsp/tunnels.jsp @@ -10,6 +10,6 @@
" /> - + <% tunnelHelper.storeWriter(out); %>