zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Console:

Browse Source 
- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files
This commit is contained in:
zzz
2014-07-26 09:32:26 +00:00
parent e9c8748c0b
commit af575d6c95
32 changed files with 124 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/i2ptunnel/jsp/editClient.jsp
View File

@@ -52,10 +52,10 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
%><h4><%=intl._("Edit proxy settings")%></h4><%
} else {
tunnelTypeName = editBean.getTypeName(request.getParameter("type"));
tunnelType = request.getParameter("type");
tunnelType = net.i2p.data.DataHelper.stripHTML(request.getParameter("type"));
%><h4><%=intl._("New proxy settings")%></h4><%
} %>
<input type="hidden" name="tunnel" value="<%=request.getParameter("tunnel")%>" />
<input type="hidden" name="tunnel" value="<%=curTunnel%>" />
<input type="hidden" name="nonce" value="<%=editBean.getNextNonce()%>" />
<input type="hidden" name="type" value="<%=tunnelType%>" />
<input type="submit" class="default" name="action" value="Save changes" />