zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

lint core, console, i2ptunnel, jetty

Browse Source
This commit is contained in:
zzz
2015-10-17 17:38:57 +00:00
parent 71bc55b470
commit abc0f4c720
11 changed files with 25 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/i2ptunnel/jsp/editClient.jsp
View File

@@ -56,7 +56,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
%><h4><%=intl._t("New proxy settings")%></h4><%
} %>
<input type="hidden" name="tunnel" value="<%=curTunnel%>" />
<input type="hidden" name="nonce" value="<%=editBean.getNextNonce()%>" />
<input type="hidden" name="nonce" value="<%=net.i2p.i2ptunnel.web.IndexBean.getNextNonce()%>" />
<input type="hidden" name="type" value="<%=tunnelType%>" />
<%
// these are four keys that are generated automatically on first save,

2
apps/i2ptunnel/jsp/editServer.jsp
View File

@@ -56,7 +56,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
%><h4><%=intl._t("New server settings")%></h4><%
} %>
<input type="hidden" name="tunnel" value="<%=curTunnel%>" />
<input type="hidden" name="nonce" value="<%=editBean.getNextNonce()%>" />
<input type="hidden" name="nonce" value="<%=net.i2p.i2ptunnel.web.IndexBean.getNextNonce()%>" />
<input type="hidden" name="type" value="<%=tunnelType%>" />
<%
// these are four keys that are generated automatically on first save,

23
apps/i2ptunnel/jsp/index.jsp
View File

@@ -60,6 +60,7 @@
<%
if (indexBean.isInitialized()) {
String nextNonce = net.i2p.i2ptunnel.web.IndexBean.getNextNonce();
%>
<div id="globalOperationsPanel" class="panel">
@@ -67,12 +68,12 @@
<div class="footer">
<div class="toolbox">
<a class="control" href="wizard"><%=intl._t("Tunnel Wizard")%></a>
<a class="control" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=Stop%20all"><%=intl._t("Stop All")%></a>
<a class="control" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=Start%20all"><%=intl._t("Start All")%></a>
<a class="control" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=Restart%20all"><%=intl._t("Restart All")%></a>
<a class="control" href="list?nonce=<%=nextNonce%>&amp;action=Stop%20all"><%=intl._t("Stop All")%></a>
<a class="control" href="list?nonce=<%=nextNonce%>&amp;action=Start%20all"><%=intl._t("Start All")%></a>
<a class="control" href="list?nonce=<%=nextNonce%>&amp;action=Restart%20all"><%=intl._t("Restart All")%></a>
<%--
//this is really bad because it stops and restarts all tunnels, which is probably not what you want
<a class="control" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=Reload%20configuration"><%=intl._t("Reload Config")%></a>
<a class="control" href="list?nonce=<%=nextNonce%>&amp;action=Reload%20configuration"><%=intl._t("Reload Config")%></a>
--%>
</div>
</div>
@@ -152,17 +153,17 @@
switch (indexBean.getTunnelStatus(curServer)) {
case IndexBean.STARTING:
%><div class="statusStarting text"><%=intl._t("Starting...")%></div>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=stop&amp;tunnel=<%=curServer%>"><%=intl._t("Stop")%></a>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=stop&amp;tunnel=<%=curServer%>"><%=intl._t("Stop")%></a>
<%
break;
case IndexBean.RUNNING:
%><div class="statusRunning text"><%=intl._t("Running")%></div>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=stop&amp;tunnel=<%=curServer%>"><%=intl._t("Stop")%></a>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=stop&amp;tunnel=<%=curServer%>"><%=intl._t("Stop")%></a>
<%
break;
case IndexBean.NOT_RUNNING:
%><div class="statusNotRunning text"><%=intl._t("Stopped")%></div>
<a class="control" title="Start this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=start&amp;tunnel=<%=curServer%>"><%=intl._t("Start")%></a>
<a class="control" title="Start this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=start&amp;tunnel=<%=curServer%>"><%=intl._t("Start")%></a>
<%
break;
}
@@ -275,22 +276,22 @@
switch (indexBean.getTunnelStatus(curClient)) {
case IndexBean.STARTING:
%><div class="statusStarting text"><%=intl._t("Starting...")%></div>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=stop&amp;tunnel=<%=curClient%>"><%=intl._t("Stop")%></a>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=stop&amp;tunnel=<%=curClient%>"><%=intl._t("Stop")%></a>
<%
break;
case IndexBean.STANDBY:
%><div class="statusStarting text"><%=intl._t("Standby")%></div>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=stop&amp;tunnel=<%=curClient%>"><%=intl._t("Stop")%></a>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=stop&amp;tunnel=<%=curClient%>"><%=intl._t("Stop")%></a>
<%
break;
case IndexBean.RUNNING:
%><div class="statusRunning text"><%=intl._t("Running")%></div>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=stop&amp;tunnel=<%=curClient%>"><%=intl._t("Stop")%></a>
<a class="control" title="Stop this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=stop&amp;tunnel=<%=curClient%>"><%=intl._t("Stop")%></a>
<%
break;
case IndexBean.NOT_RUNNING:
%><div class="statusNotRunning text"><%=intl._t("Stopped")%></div>
<a class="control" title="Start this Tunnel" href="list?nonce=<%=indexBean.getNextNonce()%>&amp;action=start&amp;tunnel=<%=curClient%>"><%=intl._t("Start")%></a>
<a class="control" title="Start this Tunnel" href="list?nonce=<%=nextNonce%>&amp;action=start&amp;tunnel=<%=curClient%>"><%=intl._t("Start")%></a>
<%
break;
}

2
apps/i2ptunnel/jsp/wizard.jsp
View File

@@ -92,7 +92,7 @@
} %>
<input type="hidden" name="page" value="<%=curPage%>" />
<input type="hidden" name="tunnel" value="null" />
<input type="hidden" name="nonce" value="<%=editBean.getNextNonce()%>" />
<input type="hidden" name="nonce" value="<%=net.i2p.i2ptunnel.web.IndexBean.getNextNonce()%>" />
</div>
<div class="separator">

9
apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
View File

@@ -84,11 +84,10 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
* Parameter names starting with "nofilter_" will not be filtered.
*/
@Override
@SuppressWarnings({"unchecked", "rawtypes"})
public Map getParameterMap() {
Map rv = new HashMap();
for (Enumeration keys = getParameterNames(); keys.hasMoreElements(); ) {
String k = (String) keys.nextElement();
public Map<String, String[]> getParameterMap() {
Map<String, String[]> rv = new HashMap<String, String[]>();
for (Enumeration<String> keys = getParameterNames(); keys.hasMoreElements(); ) {
String k = keys.nextElement();
String[] v = getParameterValues(k);
if (v != null)
rv.put(k, v);

2
apps/routerconsole/jsp/configui.jsp
View File

@@ -31,7 +31,7 @@ input.default {
<%@include file="formhandler.jsi" %>
<div class="configure"><div class="topshimten"><h3><%=uihelper._t("Router Console Theme")%></h3></div>
<form action="" method="POST">
<input type="hidden" name="consoleNonce" value="<%=intl.getNonce()%>" >
<input type="hidden" name="consoleNonce" value="<%=net.i2p.router.web.CSSHelper.getNonce()%>" >
<input type="hidden" name="nonce" value="<%=pageNonce%>" >
<input type="hidden" name="action" value="blah" >
<%

2
apps/routerconsole/jsp/console.jsp
View File

@@ -10,7 +10,7 @@
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
<%
String consoleNonce = intl.getNonce();
String consoleNonce = net.i2p.router.web.CSSHelper.getNonce();
%>
<%@include file="summary.jsi" %>

2
apps/routerconsole/jsp/css.jsi
View File

@@ -37,7 +37,7 @@
}
String conNonceParam = request.getParameter("consoleNonce");
if (intl.getNonce().equals(conNonceParam)) {
if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {
intl.setLang(request.getParameter("lang"));
intl.setNews(request.getParameter("news"));
}

2
apps/routerconsole/jsp/home.jsp
View File

@@ -8,7 +8,7 @@
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
<%
String consoleNonce = intl.getNonce();
String consoleNonce = net.i2p.router.web.CSSHelper.getNonce();
%>
<jsp:useBean class="net.i2p.router.web.NewsHelper" id="newshelper" scope="request" />
<jsp:setProperty name="newshelper" property="contextId" value="<%=(String)session.getAttribute(\"i2p.contextId\")%>" />

2
apps/routerconsole/jsp/summaryframe.jsp
View File

@@ -23,7 +23,7 @@
if (!shutdownSoon) {
if (d == null || "".equals(d)) {
// set below
} else if (intl.getNonce().equals(conNonceParam)) {
} else if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {
d = net.i2p.data.DataHelper.stripHTML(d); // XSS
intl.setRefresh(d);
intl.setDisableRefresh(d);