boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

XSS-safe put as default.

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3217 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 18 years ago
parent d6e02cf837
commit 0c81bd39d4
28 changed files with 147 additions and 143 deletions
Show Stats Download Patch File Download Diff File

4
htroot/Blacklist_p.java
Unescape View File

@ -307,7 +307,7 @@ public class Blacklist_p {
if (nextEntry.length() == 0) continue;
if (nextEntry.startsWith("#")) continue;
prop.put(DISABLED + "Itemlist_" + entryCount + "_item", de.anomic.data.wikiCode.replaceHTMLonly(nextEntry));
prop.put(DISABLED + "Itemlist_" + entryCount + "_item", de.anomic.data.wikiCode.replaceXMLEntities(nextEntry));
entryCount++;
}
prop.put(DISABLED + "Itemlist", entryCount);
@ -341,7 +341,7 @@ public class Blacklist_p {
int blacklistCount = 0;
if (dirlist != null) {
for (int i = 0; i <= dirlist.length - 1; i++) {
prop.put(DISABLED + BLACKLIST + blacklistCount + "_name", de.anomic.data.wikiCode.replaceHTMLonly(dirlist[i]));
prop.put(DISABLED + BLACKLIST + blacklistCount + "_name", de.anomic.data.wikiCode.replaceXMLEntities(dirlist[i]));
prop.put(DISABLED + BLACKLIST + blacklistCount + "_selected", 0);
if (dirlist[i].equals(blacklistToUse)) { //current List

2
htroot/Bookmarks.java
Unescape View File

@ -242,7 +242,7 @@ public class Bookmarks {
while(count<max_count && it.hasNext()){
bookmark=switchboard.bookmarksDB.getBookmark((String)it.next());
if(bookmark!=null){
prop.put("bookmarks_"+count+"_link", de.anomic.data.wikiCode.replaceHTMLonly(bookmark.getUrl()));
prop.put("bookmarks_"+count+"_link", de.anomic.data.wikiCode.replaceXMLEntities(bookmark.getUrl()));
prop.put("bookmarks_"+count+"_title", bookmark.getTitle());
prop.put("bookmarks_"+count+"_description", bookmark.getDescription());
prop.put("bookmarks_"+count+"_public", (bookmark.getPublic()? 1:0));

12
htroot/CacheAdmin_p.java
Unescape View File

@ -149,7 +149,7 @@ public class CacheAdmin_p {
prop.put("info_type_headlines", t.length);
for (i = 0; i < t.length; i++)
prop.put("info_type_headlines_" + i + "_headline",
de.anomic.data.wikiCode.replaceHTMLonly(t[i].replaceAll("\n", "").trim()));
de.anomic.data.wikiCode.replaceXMLEntities(t[i].replaceAll("\n", "").trim()));
formatAnchor(prop, document.getHyperlinks(), "links");
formatImageAnchor(prop, document.getImages());
@ -159,14 +159,14 @@ public class CacheAdmin_p {
formatAnchor(prop, document.getEmaillinks(), "email");
prop.put("info_type_text",
de.anomic.data.wikiCode.replaceHTMLonly(new String(scraper.getText())));
de.anomic.data.wikiCode.replaceXMLEntities(new String(scraper.getText())));
i = 0;
final Iterator sentences = document.getSentences(false);
if (sentences != null)
while (sentences.hasNext()) {
prop.put("info_type_lines_" + i + "_line",
de.anomic.data.wikiCode.replaceHTMLonly(sentences.next().toString().replaceAll("\n", "").trim()));
de.anomic.data.wikiCode.replaceXMLEntities(sentences.next().toString().replaceAll("\n", "").trim()));
i++;
}
prop.put("info_type_lines", i);
@ -267,9 +267,9 @@ public class CacheAdmin_p {
descr = ((String) entry.getValue()).trim();
if (descr.length() == 0) { descr = "-"; }
prop.put("info_type_use." + extension + "_" + extension + "_" + i + "_name",
de.anomic.data.wikiCode.replaceHTMLonly(descr.replaceAll("\n", "").trim()));
de.anomic.data.wikiCode.replaceXMLEntities(descr.replaceAll("\n", "").trim()));
prop.put("info_type_use." + extension + "_" + extension + "_" + i + "_link",
de.anomic.data.wikiCode.replaceHTMLonly(entry.getKey().toString()));
de.anomic.data.wikiCode.replaceXMLEntities(entry.getKey().toString()));
i++;
}
prop.put("info_type_use." + extension, (i == 0) ? 0 : 1);
@ -284,7 +284,7 @@ public class CacheAdmin_p {
ie = (htmlFilterImageEntry) iter.next();
prop.put("info_type_use.images_images_" + i + "_name", ie.alt().replaceAll("\n", "").trim());
prop.put("info_type_use.images_images_" + i + "_link",
de.anomic.data.wikiCode.replaceHTMLonly(ie.url().toNormalform()));
de.anomic.data.wikiCode.replaceXMLEntities(ie.url().toNormalform()));
i++;
}
prop.put("info_type_use.images", (i == 0) ? 0 : 1);

2
htroot/IndexMonitor.java
Unescape View File

@ -181,7 +181,7 @@ public class IndexMonitor {
prop.put("table_indexed_" + cnt + "_moddate", daydate(urle.moddate()));
prop.put("table_indexed_" + cnt + "_wordcount", urle.wordCount());
prop.put("table_indexed_" + cnt + "_urldescr", comp.descr());
prop.put("table_indexed_" + cnt + "_url", (cachepath == null) ? "-not-cached-" : "<a href=\"CacheAdmin_p.html?action=info&amp;path=" + cachepath + "\" class=\"small\" title=\"" + de.anomic.data.wikiCode.replaceHTMLonly(urlstr) + "\">" + de.anomic.data.wikiCode.replaceHTMLonly(urltxt) + "</a>");
prop.put("table_indexed_" + cnt + "_url", (cachepath == null) ? "-not-cached-" : "<a href=\"CacheAdmin_p.html?action=info&amp;path=" + cachepath + "\" class=\"small\" title=\"" + de.anomic.data.wikiCode.replaceXMLEntities(urlstr) + "\">" + de.anomic.data.wikiCode.replaceXMLEntities(urltxt) + "</a>");
dark = !dark;
cnt++;
} catch (Exception e) {

2
htroot/Surftips.java
Unescape View File

@ -142,7 +142,7 @@ public class Surftips {
prop.put("surftips_results_" + i + "_authorized_recommend_negativeVoteLink", "/Surftips.html?voteNegative=" + urlhash + "&amp;refid=" + refid + "&amp,display=" + display + ((showScore) ? "&amp;score=" : "")); // for negaive votes, we don't send around the bad url again, the hash is enough
prop.put("surftips_results_" + i + "_authorized_recommend_positiveVoteLink", "/Surftips.html?votePositive=" + urlhash + "&amp;refid=" + refid + "&amp;url=" + crypt.simpleEncode(url,null,'b') + "&amp;title=" + crypt.simpleEncode(title,null,'b') + "&amp;description=" + crypt.simpleEncode(description,null,'b') + "&amp;display=" + display + ((showScore) ? "&amp;score=" : ""));
prop.put("surftips_results_" + i + "_authorized_urlhash", urlhash);
prop.put("surftips_results_" + i + "_url", de.anomic.data.wikiCode.replaceHTMLonly(url));
prop.put("surftips_results_" + i + "_url", de.anomic.data.wikiCode.replaceXMLEntities(url));
prop.put("surftips_results_" + i + "_urlname", nxTools.shortenURLString(url, 60));
prop.put("surftips_results_" + i + "_urlhash", urlhash);
prop.put("surftips_results_" + i + "_title", (showScore) ? ("(" + ranking.getScore(urlhash) + ") " + title) : title);

8
htroot/ViewFile.java
Unescape View File

@ -89,7 +89,7 @@ public class ViewFile {
plasmaSwitchboard sb = (plasmaSwitchboard)env;
if (post != null && post.containsKey("words"))
prop.put("error_words", wikiCode.replaceHTMLonly((String)post.get("words")));
prop.put("error_words", wikiCode.replaceXMLEntities((String)post.get("words")));
else {
prop.put("error", 1);
prop.put("viewmode", 0);
@ -263,7 +263,7 @@ public class ViewFile {
}
}
content = wikiCode.replaceHTMLonly(
content = wikiCode.replaceXMLEntities(
content.replaceAll("\n", "<br />").replaceAll("\t", "&nbsp;&nbsp;&nbsp;&nbsp;"));
prop.put("error", 0);
@ -272,7 +272,7 @@ public class ViewFile {
} else if (viewMode.equals("iframe")) {
prop.put("viewMode", VIEW_MODE_AS_IFRAME);
prop.put("viewMode_url", wikiCode.replaceHTMLonly(url.toNormalform()));
prop.put("viewMode_url", wikiCode.replaceXMLEntities(url.toNormalform()));
} else if (viewMode.equals("parsed") || viewMode.equals("sentences") || viewMode.equals("links")) {
// parsing the resource content
@ -362,7 +362,7 @@ public class ViewFile {
if (document != null) document.close();
}
prop.put("error", 0);
prop.put("error_url", wikiCode.replaceHTMLonly(url.toNormalform()));
prop.put("error_url", wikiCode.replaceXMLEntities(url.toNormalform()));
prop.put("error_hash", urlHash);
prop.put("error_wordCount", Integer.toString(wordCount));
prop.put("error_desc", descr);

8
htroot/htdocsdefault/dir.java
Unescape View File

@ -236,7 +236,7 @@ public class dir {
// tree += "<span class=\"tt\">path&nbsp;=&nbsp;" + path + "</span><br><br>";
if (list != null) {
int filecount = 0, fileIdx = 0;
prop.putNoHTML("path", path);
prop.putSafeXML("path", path);
boolean dark = false;
for (int i = 0; i < list.length; i++) {
@ -280,7 +280,7 @@ public class dir {
prop.put("dirlist_" + fileIdx + "_dir_date" , dateString(new Date(f.lastModified())));
prop.put("dirlist_" + fileIdx + "_dir_timestamp" , Long.toString(f.lastModified()));
// the entry name
prop.putNoHTML("dirlist_" + fileIdx + "_dir_name" , fileName);
prop.putSafeXML("dirlist_" + fileIdx + "_dir_name" , fileName);
if (f.isDirectory()) {
// the entry is a directory
@ -295,7 +295,7 @@ public class dir {
prop.put("dirlist_" + fileIdx + "_dir_size" , serverMemory.bytesToString(f.length()));
prop.put("dirlist_" + fileIdx + "_dir_sizeBytes" , Long.toString(f.length()));
// the unique url
prop.putNoHTML("dirlist_" + fileIdx + "_dir_yacyhURL",yacyhURL(yacyCore.seedDB.mySeed, fileName, md5s));
prop.putSafeXML("dirlist_" + fileIdx + "_dir_yacyhURL",yacyhURL(yacyCore.seedDB.mySeed, fileName, md5s));
// the md5 sum of the file
prop.put("dirlist_" + fileIdx + "_dir_md5s",md5s);
// description mode: 0...image preview, 1...description text
@ -303,7 +303,7 @@ public class dir {
if (showImage) {
prop.put("dirlist_" + fileIdx + "_dir_descriptionMode_image",fileName);
} else {
prop.putNoHTML("dirlist_" + fileIdx + "_dir_descriptionMode_text",description);
prop.putSafeXML("dirlist_" + fileIdx + "_dir_descriptionMode_text",description);
}
}

2
htroot/xml/blacklists_p.java
Unescape View File

@ -77,7 +77,7 @@ public class blacklists_p {
if (nextEntry.length() == 0) continue;
if (nextEntry.startsWith("#")) continue;
prop.putNoHTML("lists_" + blacklistCount + "_items_" + count + "_item", nextEntry);
prop.putSafeXML("lists_" + blacklistCount + "_items_" + count + "_item", nextEntry);
count++;
}
prop.put("lists_" + blacklistCount + "_items", count);

12
htroot/xml/bookmarks/posts/all.java
Unescape View File

@ -72,13 +72,13 @@ public class all {
Date date;
while(it.hasNext()){
bookmark=switchboard.bookmarksDB.getBookmark((String) it.next());
prop.putNoHTML("posts_"+count+"_url", bookmark.getUrl());
prop.putNoHTML("posts_"+count+"_title", bookmark.getTitle());
prop.putNoHTML("posts_"+count+"_description", bookmark.getDescription());
prop.putNoHTML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl()));
prop.putSafeXML("posts_"+count+"_url", bookmark.getUrl());
prop.putSafeXML("posts_"+count+"_title", bookmark.getTitle());
prop.putSafeXML("posts_"+count+"_description", bookmark.getDescription());
prop.putSafeXML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl()));
date=new Date(bookmark.getTimeStamp());
prop.putNoHTML("posts_"+count+"_time", bookmarksDB.dateToiso8601(date));
prop.putNoHTML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," "));
prop.putSafeXML("posts_"+count+"_time", bookmarksDB.dateToiso8601(date));
prop.putSafeXML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," "));
count++;
}
prop.put("posts", count);

12
htroot/xml/bookmarks/posts/get.java
Unescape View File

@ -57,12 +57,12 @@ public class get {
if(bookmarksDB.dateToiso8601(new Date(bookmark.getTimeStamp())) == date &&
tag==null || bookmark.getTags().contains(tag) &&
isAdmin || bookmark.getPublic()){
prop.putNoHTML("posts_"+count+"_url", bookmark.getUrl());
prop.putNoHTML("posts_"+count+"_title", bookmark.getTitle());
prop.putNoHTML("posts_"+count+"_description", bookmark.getDescription());
prop.putNoHTML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl()));
prop.putNoHTML("posts_"+count+"_time", date);
prop.putNoHTML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," "));
prop.putSafeXML("posts_"+count+"_url", bookmark.getUrl());
prop.putSafeXML("posts_"+count+"_title", bookmark.getTitle());
prop.putSafeXML("posts_"+count+"_description", bookmark.getDescription());
prop.putSafeXML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl()));
prop.putSafeXML("posts_"+count+"_time", date);
prop.putSafeXML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," "));
count++;
}
}

4
htroot/xml/config_p.java
Unescape View File

@ -62,8 +62,8 @@ public class config_p {
int count=0;
while(keys.hasNext()){
key = (String) keys.next();
prop.put("options_"+count+"_key", wikiCode.replaceHTMLonly(key));
prop.put("options_"+count+"_value", wikiCode.replaceHTMLonly(env.getConfig(key, "ERROR")));
prop.put("options_"+count+"_key", wikiCode.replaceXMLEntities(key));
prop.put("options_"+count+"_value", wikiCode.replaceXMLEntities(env.getConfig(key, "ERROR")));
count++;
}
prop.put("options", count);

14
htroot/xml/queues_p.java
Unescape View File

@ -119,11 +119,11 @@ public class queues_p {
if ((pcentry != null)&&(pcentry.url() != null)) {
initiator = yacyCore.seedDB.getConnected(pcentry.initiator());
prop.put("list-indexing_"+i+"_profile", (pcentry.profile() != null) ? pcentry.profile().name() : "deleted");
prop.putNoHTML("list-indexing_"+i+"_initiator", ((initiator == null) ? "proxy" : wikiCode.replaceHTML(initiator.getName())));
prop.putSafeXML("list-indexing_"+i+"_initiator", ((initiator == null) ? "proxy" : wikiCode.replaceHTML(initiator.getName())));
prop.put("list-indexing_"+i+"_depth", pcentry.depth());
prop.put("list-indexing_"+i+"_modified", pcentry.getModificationDate());
prop.putNoHTML("list-indexing_"+i+"_anchor", (pcentry.anchorName()==null)?"":wikiCode.replaceHTML(pcentry.anchorName()));
prop.putNoHTML("list-indexing_"+i+"_url", pcentry.normalizedURLString());
prop.putSafeXML("list-indexing_"+i+"_anchor", (pcentry.anchorName()==null)?"":wikiCode.replaceHTML(pcentry.anchorName()));
prop.putSafeXML("list-indexing_"+i+"_url", pcentry.normalizedURLString());
prop.put("list-indexing_"+i+"_size", entrySize);
prop.put("list-indexing_"+i+"_inProcess", (inProcess)?1:0);
prop.put("list-indexing_"+i+"_hash", pcentry.urlHash());
@ -151,9 +151,9 @@ public class queues_p {
if (theMsg == null) continue;
prop.put("list-loader_"+count+"_profile", theMsg.profile.name());
initiator = yacyCore.seedDB.getConnected(theMsg.initiator);
prop.putNoHTML("list-loader_"+count+"_initiator", ((initiator == null) ? "proxy" : initiator.getName()));
prop.putSafeXML("list-loader_"+count+"_initiator", ((initiator == null) ? "proxy" : initiator.getName()));
prop.put("list-loader_"+count+"_depth", theMsg.depth );
prop.putNoHTML("list-loader_"+count+"_url", theMsg.url.toString()); // null pointer exception here !!! maybe url = null; check reason.
prop.putSafeXML("list-loader_"+count+"_url", theMsg.url.toString()); // null pointer exception here !!! maybe url = null; check reason.
count++;
}
prop.put("list-loader", count );
@ -192,8 +192,8 @@ public class queues_p {
prop.put(tableName + "_" + showNum + "_initiator", ((initiator == null) ? "proxy" : initiator.getName()));
prop.put(tableName + "_" + showNum + "_depth", urle.depth());
prop.put(tableName + "_" + showNum + "_modified", daydate(urle.loaddate()));
prop.putNoHTML(tableName + "_" + showNum + "_anchor", urle.name());
prop.putNoHTML(tableName + "_" + showNum + "_url", urle.url().toString());
prop.putSafeXML(tableName + "_" + showNum + "_anchor", urle.name());
prop.putSafeXML(tableName + "_" + showNum + "_url", urle.url().toString());
prop.put(tableName + "_" + showNum + "_hash", urle.hash());
showNum++;
}

16
htroot/yacy/crawlOrder.java
Unescape View File

@ -200,8 +200,8 @@ public final class crawlOrder {
stackresult = stack(switchboard, (String) urlv.get(i), (String) refv.get(i), iam, youare);
response = (String) stackresult[0];
prop.put("list_" + i + "_job", (String) stackresult[0] + "," + (String) stackresult[1]);
prop.put("list_" + i + "_lurl", (String) stackresult[2]);
prop.putASIS("list_" + i + "_job", (String) stackresult[0] + "," + (String) stackresult[1]);
prop.putASIS("list_" + i + "_lurl", (String) stackresult[2]);
prop.put("list_" + i + "_count", i);
}
prop.put("list", count);
@ -218,13 +218,13 @@ public final class crawlOrder {
delay = "600";
}
prop.put("response", response);
prop.put("reason", reason);
prop.put("delay", delay);
prop.putASIS("response", response);
prop.putASIS("reason", reason);
prop.putASIS("delay", delay);
prop.put("depth", acceptDepth);
prop.put("lurl", lurl);
prop.put("forward", "");
prop.put("key", key);
prop.putASIS("lurl", lurl);
prop.putASIS("forward", "");
prop.putASIS("key", key);
// return rewrite properties
return prop;

8
htroot/yacy/crawlReceipt.java
Unescape View File

@ -118,10 +118,10 @@ public final class crawlReceipt {
if ((yacyCore.seedDB.mySeed == null) || (!(yacyCore.seedDB.mySeed.hash.equals(youare)))) {
// no yacy connection / unknown peers
prop.put("delay", "3600");
prop.putASIS("delay", "3600");
} else if (propStr == null) {
// error with url / wrong key
prop.put("delay", "3600");
prop.putASIS("delay", "3600");
} else if (result.equals("fill")) {
// generating a new loaded URL entry
indexURLEntry entry = switchboard.wordIndex.loadedURL.newEntry(propStr);
@ -152,7 +152,7 @@ public final class crawlReceipt {
}
}
// ready for more
prop.put("delay", "10");
prop.putASIS("delay", "10");
} else {
try {
plasmaCrawlNURL.Entry en = switchboard.noticeURL.getEntry(receivedUrlhash);
@ -163,7 +163,7 @@ public final class crawlReceipt {
} catch (IOException e) {
}
prop.put("delay", "100"); // what shall we do with that???
prop.putASIS("delay", "100"); // what shall we do with that???
}
// return rewrite properties

16
htroot/yacy/hello.java
Unescape View File

@ -100,7 +100,7 @@ public final class hello {
serverCore.checkInterruption();
// try first the reportedip, since this may be a connect from a port-forwarding host
prop.put(yacySeed.YOURIP, reportedip);
prop.putASIS(yacySeed.YOURIP, reportedip);
remoteSeed.put(yacySeed.IP, reportedip);
urls = yacyClient.queryUrlCount(remoteSeed);
}
@ -117,7 +117,7 @@ public final class hello {
if(isNotLocal) {
serverCore.checkInterruption();
prop.put(yacySeed.YOURIP, clientip);
prop.putASIS(yacySeed.YOURIP, clientip);
remoteSeed.put(yacySeed.IP, clientip);
urls = yacyClient.queryUrlCount(remoteSeed);
}
@ -128,18 +128,18 @@ public final class hello {
// assign status
if (urls >= 0) {
if (remoteSeed.get(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR) == null) {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR);
prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR);
remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR);
} else if (remoteSeed.get(yacySeed.PEERTYPE, yacySeed.PEERTYPE_PRINCIPAL).equals(yacySeed.PEERTYPE_PRINCIPAL)) {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_PRINCIPAL);
prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_PRINCIPAL);
} else {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR);
prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR);
remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR);
}
// connect the seed
yacyCore.peerActions.peerArrival(remoteSeed, true);
} else {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_JUNIOR);
prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_JUNIOR);
remoteSeed.put(yacySeed.LASTSEEN, yacyCore.universalDateShortString(new Date(System.currentTimeMillis() + serverDate.UTCDiff() - remoteSeed.getUTCDiff())) );
yacyCore.peerActions.juniorConnects++; // update statistics
remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_JUNIOR);
@ -186,8 +186,8 @@ public final class hello {
seeds.append("seed0=").append(yacyCore.seedDB.mySeed.genSeedStr(key)).append(serverCore.crlfString);
}
prop.put(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date()));
prop.put("seedlist", seeds.toString());
prop.putASIS(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date()));
prop.putASIS("seedlist", seeds.toString());
// return rewrite properties
return prop;
}

4
htroot/yacy/list.java
Unescape View File

@ -84,10 +84,10 @@ public final class list {
prop.put("list",out);
} else {
prop.put("list","");
prop.putASIS("list","");
}
return prop;
}
}
}

18
htroot/yacy/message.java
Unescape View File

@ -87,8 +87,8 @@ public final class message {
int messagesize = 10240;
int attachmentsize = 0;
prop.put("messagesize", "0");
prop.put("attachmentsize", "0");
prop.putASIS("messagesize", "0");
prop.putASIS("attachmentsize", "0");
// System.out.println("DEBUG yacy/message: message post values = " + post.toString());
@ -97,17 +97,17 @@ public final class message {
if ((yacyCore.seedDB.mySeed == null) || (!(yacyCore.seedDB.mySeed.hash.equals(youare)))) {
// this request has a wrong target
// System.out.println("DEBUG yacy/message: authenticate failed");
prop.put("response", "-1"); // request rejected
prop.putASIS("response", "-1"); // request rejected
return prop;
}
prop.put("messagesize", Integer.toString(messagesize));
prop.put("attachmentsize", Integer.toString(attachmentsize));
prop.putASIS("messagesize", Integer.toString(messagesize));
prop.putASIS("attachmentsize", Integer.toString(attachmentsize));
if (process.equals("permission")) {
// permission: respond with acceptable message and attachment size
// String iam = (String) post.get("iam", ""); // seed hash of requester
prop.put("response", "Welcome to my peer!");
prop.putASIS("response", "Welcome to my peer!");
// that's it!
}
@ -115,7 +115,7 @@ public final class message {
// post: post message to message board
String otherSeedString = post.get("myseed", "");
if (otherSeedString.length() == 0) {
prop.put("response", "-1"); // request rejected
prop.putASIS("response", "-1"); // request rejected
return prop;
}
//Date remoteTime = yacyCore.parseUniversalDate((String) post.get(yacySeed.MYTIME)); // read remote time
@ -127,11 +127,11 @@ public final class message {
message = message.trim();
if (subject.length() == 0 && message.length() == 0) {
prop.put("response", "-1"); // don't accept empty messages
prop.putASIS("response", "-1"); // don't accept empty messages
return prop;
}
prop.put("response", "Thank you!");
prop.putASIS("response", "Thank you!");
// save message
messageBoard.entry msgEntry = null;

6
htroot/yacy/profile.java
Unescape View File

@ -85,8 +85,8 @@ public final class profile {
key=(String)it.next();
value=profile.getProperty(key, "").replaceAll("\r","").replaceAll("\n","\\\\n");
if( !(key.equals("")) && !(value.equals("")) ){
prop.put("list_"+count+"_key", key);
prop.put("list_"+count+"_value", value);
prop.putASIS("list_"+count+"_key", key);
prop.putASIS("list_"+count+"_value", value);
count++;
}
}
@ -96,4 +96,4 @@ public final class profile {
return prop;
}
}
}

16
htroot/yacy/query.java
Unescape View File

@ -73,12 +73,12 @@ public final class query {
final String obj = post.get("object", ""); // keyword for query subject
final String env = post.get("env", ""); // argument to query
prop.put(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date()));
prop.putASIS(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date()));
// check if we are the right target and requester has correct information about this peer
if (yacyCore.seedDB.mySeed == null || !yacyCore.seedDB.mySeed.hash.equals(youare)) {
// this request has a wrong target
prop.put("response", "-1"); // request rejected
prop.putASIS("response", "-1"); // request rejected
return prop;
}
@ -105,30 +105,30 @@ public final class query {
// requests about requirements
if (obj.equals("wantedlurls")) {
prop.put("response", "0"); // dummy response
prop.putASIS("response", "0"); // dummy response
return prop;
}
if (obj.equals("wantedpurls")) {
prop.put("response", "0"); // dummy response
prop.putASIS("response", "0"); // dummy response
return prop;
}
if (obj.equals("wantedword")) {
// response returns a list of wanted word hashes
prop.put("response", "0"); // dummy response
prop.putASIS("response", "0"); // dummy response
return prop;
}
if (obj.equals("wantedrwi")) {
// <env> shall contain a word hash, the number of wanted lurls for this hash is returned
prop.put("response", "0"); // dummy response
prop.putASIS("response", "0"); // dummy response
return prop;
}
if (obj.equals("wantedseeds")) {
// return a number of wanted seed
prop.put("response", "0"); // dummy response
prop.putASIS("response", "0"); // dummy response
return prop;
}
@ -136,4 +136,4 @@ public final class query {
return prop;
}
}
}

36
htroot/yacy/search.java
Unescape View File

@ -164,7 +164,7 @@ public final class search {
}
}
prop.put("indexcount", "");
prop.putASIS("indexcount", "");
prop.put("joincount", 0);
} else {
// retrieve index containers from search request
@ -185,8 +185,8 @@ public final class search {
// set statistic details of search result and find best result index set
if (containers == null) {
prop.put("indexcount", "");
prop.put("joincount", "0");
prop.putASIS("indexcount", "");
prop.putASIS("joincount", "0");
} else {
Iterator ci = containers.entrySet().iterator();
StringBuffer indexcount = new StringBuffer();
@ -213,7 +213,7 @@ public final class search {
indexabstract.append("indexabstract." + wordhash + "=").append(plasmaURL.compressIndex(container, null,1000).toString()).append(serverCore.crlfString);
}
}
prop.put("indexcount", new String(indexcount));
prop.putASIS("indexcount", new String(indexcount));
// join and order the result
indexContainer localResults = theSearch.localSearchJoin(containers.values());
@ -223,14 +223,14 @@ public final class search {
acc = null;
} else {
joincount = localResults.size();
prop.put("joincount", Integer.toString(joincount));
prop.putASIS("joincount", Integer.toString(joincount));
acc = theSearch.orderFinal(localResults);
}
// generate compressed index for maxcounthash
// this is not needed if the search is restricted to specific
// urls, because it is a re-search
if ((maxcounthash == null) || (urls.length() != 0) || (keyhashes.size() == 1) || (abstracts.length() == 0)) {
prop.put("indexabstract", "");
prop.putASIS("indexabstract", "");
} else if (abstracts.equals("auto")) {
indexabstract.append("indexabstract." + maxcounthash + "=").append(plasmaURL.compressIndex(((indexContainer) containers.get(maxcounthash)),localResults, 1000).toString()).append(serverCore.crlfString);
if ((neardhthash != null)
@ -243,7 +243,7 @@ public final class search {
}
}
}
prop.put("indexabstract", indexabstract.toString());
prop.putASIS("indexabstract", indexabstract.toString());
// prepare search statistics
Long trackerHandle = new Long(System.currentTimeMillis());
@ -260,9 +260,9 @@ public final class search {
if ((joincount == 0) || (acc == null)) {
// no results
prop.put("links", "");
prop.put("linkcount", "0");
prop.put("references", "");
prop.putASIS("links", "");
prop.putASIS("linkcount", "0");
prop.putASIS("references", "");
} else {
// result is a List of urlEntry elements
@ -288,26 +288,26 @@ public final class search {
i++;
}
}
prop.put("links", new String(links));
prop.put("linkcount", Integer.toString(i));
prop.putASIS("links", new String(links));
prop.putASIS("linkcount", Integer.toString(i));
// prepare reference hints
Object[] ws = acc.getReferences(16);
StringBuffer refstr = new StringBuffer();
for (int j = 0; j < ws.length; j++)
refstr.append(",").append((String) ws[j]);
prop.put("references", (refstr.length() > 0) ? refstr.substring(1) : refstr.toString());
prop.putASIS("references", (refstr.length() > 0) ? refstr.substring(1) : refstr.toString());
}
// add information about forward peers
prop.put("fwhop", ""); // hops (depth) of forwards that had been performed to construct this result
prop.put("fwsrc", ""); // peers that helped to construct this result
prop.put("fwrec", ""); // peers that would have helped to construct this result (recommendations)
prop.putASIS("fwhop", ""); // hops (depth) of forwards that had been performed to construct this result
prop.putASIS("fwsrc", ""); // peers that helped to construct this result
prop.putASIS("fwrec", ""); // peers that would have helped to construct this result (recommendations)
// log
yacyCore.log.logInfo("EXIT HASH SEARCH: " + plasmaSearchQuery.anonymizedQueryHashes(squery.queryHashes) + " - " + joincount + " links found, " + prop.get("linkcount", "?") + " links selected, " + ((System.currentTimeMillis() - timestamp1) / 1000) + " seconds");
prop.put("searchtime", Long.toString(System.currentTimeMillis() - timestamp));
prop.putASIS("searchtime", Long.toString(System.currentTimeMillis() - timestamp));
final int links = Integer.parseInt(prop.get("linkcount","0"));
yacyCore.seedDB.mySeed.incSI(links);
@ -315,4 +315,4 @@ public final class search {
return prop;
}
}
}

36
htroot/yacy/transfer.java
Unescape View File

@ -72,12 +72,12 @@ public final class transfer {
//long filesize = Long.parseLong((String) post.get("filesize", "")); // the size of the file
prop.put("process", 0);
prop.put("response", "denied"); // reject is default and is overwritten if ok
prop.put("process_access", "");
prop.put("process_address", "");
prop.put("process_protocol", "");
prop.put("process_path", "");
prop.put("process_maxsize", "0");
prop.putASIS("response", "denied"); // reject is default and is overwritten if ok
prop.putASIS("process_access", "");
prop.putASIS("process_address", "");
prop.putASIS("process_protocol", "");
prop.putASIS("process_path", "");
prop.putASIS("process_maxsize", "0");
if (!sb.rankingOn) { return prop; }
@ -99,12 +99,12 @@ public final class transfer {
//System.out.println("yacy/transfer:post=" + post.toString());
//String cansendprotocol = (String) post.get("can-send-protocol", "http");
String access = kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw(otherpeer + ":" + filename)) + ":" + kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw("" + System.currentTimeMillis()));
prop.put("response", "ok");
prop.put("process_access", access);
prop.put("process_address", yacyCore.seedDB.mySeed.getAddress());
prop.put("process_protocol", "http");
prop.put("process_path", ""); // currently empty; the store process will find a path
prop.put("process_maxsize", "-1"); // if response is too big we return the size of the file
prop.putASIS("response", "ok");
prop.putASIS("process_access", access);
prop.putASIS("process_address", yacyCore.seedDB.mySeed.getAddress());
prop.putASIS("process_protocol", "http");
prop.putASIS("process_path", ""); // currently empty; the store process will find a path
prop.putASIS("process_maxsize", "-1"); // if response is too big we return the size of the file
sb.rankingPermissions.put(serverCodings.encodeMD5Hex(kelondroBase64Order.standardCoder.encodeString(access)), filename);
sb.getLog().logFine("RankingTransmission: granted peer " + otherpeerName + " to send CR file " + filename);
}
@ -120,10 +120,10 @@ public final class transfer {
//java.util.HashMap perm = sb.rankingPermissions;
//System.out.println("PERMISSIONDEBUG: accesscode=" + accesscode + ", permissions=" + perm.toString());
String grantedFile = (String) sb.rankingPermissions.get(accesscode);
prop.put("process_tt", "");
prop.putASIS("process_tt", "");
if ((grantedFile == null) || (!(grantedFile.equals(filename)))) {
// fraud-access of this interface
prop.put("response", "denied");
prop.putASIS("response", "denied");
sb.getLog().logFine("RankingTransmission: denied " + otherpeerName + " to send CR file " + filename + ": wrong access code");
} else {
sb.rankingPermissions.remove(accesscode); // not needed any more
@ -135,19 +135,19 @@ public final class transfer {
serverFileUtils.write(filebytes, file);
String md5t = serverCodings.encodeMD5Hex(file);
if (md5t.equals(md5)) {
prop.put("response", "ok");
prop.putASIS("response", "ok");
sb.getLog().logFine("RankingTransmission: received from peer " + otherpeerName + " CR file " + filename);
} else {
prop.put("response", "transfer failure");
prop.putASIS("response", "transfer failure");
sb.getLog().logFine("RankingTransmission: transfer failure from peer " + otherpeerName + " for CR file " + filename);
}
}else{
//exploit?
prop.put("response", "io error");
prop.putASIS("response", "io error");
return prop;
}
} catch (IOException e) {
prop.put("response", "io error");
prop.putASIS("response", "io error");
}
}
}

6
htroot/yacy/transferRWI.java
Unescape View File

@ -215,9 +215,9 @@ public final class transferRWI {
}
}
prop.put("unknownURL", unknownURLs.toString());
prop.put("result", result);
prop.put("pause", Integer.toString(pause));
prop.putASIS("unknownURL", unknownURLs.toString());
prop.putASIS("result", result);
prop.putASIS("pause", Integer.toString(pause));
// return rewrite properties
return prop;

4
htroot/yacy/transferURL.java
Unescape View File

@ -153,8 +153,8 @@ public final class transferURL {
result = "error_not_granted";
}
prop.put("double", doublevalues);
prop.put("result", result);
prop.putASIS("double", doublevalues);
prop.putASIS("result", result);
return prop;
}
}

2
htroot/yacysearch.java
Unescape View File

@ -398,7 +398,7 @@ public class yacysearch {
prop.put("type_results_" + i + "_authorized", (authenticated) ? 1 : 0);
prop.put("promoteSearchPageGreeting", promoteSearchPageGreeting);
prop.put("former", wikiCode.replaceHTMLonly(post.get("search", "")));
prop.put("former", wikiCode.replaceXMLEntities(post.get("search", "")));
prop.put("count", count);
prop.put("order", order);
prop.put("resource", (global) ? "global" : "local");

18
source/de/anomic/data/wikiCode.java
Unescape View File

@ -128,8 +128,8 @@ public class wikiCode {
*/
//[MN]
public static String replaceHTML(String text) {
text = replace(text, xmlentities);
text = replace(text, htmlentities);
text = replace(text, characters);
return text;
}
@ -139,8 +139,8 @@ public class wikiCode {
* @return the string with all special characters encoded
*/
//[MN]
public static String replaceCharacters(String text) {
text = replace(text, characters);
public static String replaceHTMLEntities(String text) {
text = replace(text, htmlentities);
return text;
}
@ -149,8 +149,8 @@ public class wikiCode {
* @return the string without any HTML-tags that can be used for XSS
*/
//[MN]
public static String replaceHTMLonly(String text) {
text = replace(text, htmlentities);
public static String replaceXMLEntities(String text) {
text = replace(text, xmlentities);
return text;
}
@ -175,7 +175,7 @@ public class wikiCode {
//This array contains codes (see http://mindprod.com/jgloss/unicode.html for details)
//that will be replaced. To add new codes or patterns, just put them at the end
//of the list. Codes or patterns in this list can not be escaped with [= or <pre>
public static String[] htmlentities={
public static String[] xmlentities={
// Ampersands _have_ to be replaced first. If they were replaced later,
// other replaced characters containing ampersands would get messed up.
"\u0026","&amp;", //ampersand
@ -187,7 +187,7 @@ public class wikiCode {
//This array contains codes (see http://mindprod.com/jgloss/unicode.html for details) and
//patterns that will be replaced. To add new codes or patterns, just put them at the end
//of the list. Codes or patterns in this list can not be escaped with [= or <pre>
public static String[] characters={
public static String[] htmlentities={
"\u005E","&#094;", // Caret
"\u0060","&#096;", // Accent Grave `
@ -1046,12 +1046,12 @@ public class wikiCode {
public String transformLine(String result, plasmaSwitchboard switchboard) {
//If HTML has not bee replaced yet (can happen if method gets called in recursion), replace now!
if (!replacedHTML || preformattedSpan){
result = replaceHTMLonly(result);
result = replaceXMLEntities(result);
replacedHTML = true;
}
//If special characters have not bee replaced yet, replace now!
if (!replacedCharacters || preformattedSpan){
result = replaceCharacters(result);
result = replaceHTMLEntities(result);
replacedCharacters = true;
}

6
source/de/anomic/http/httpd.java
Unescape View File

@ -804,12 +804,12 @@ public final class httpd implements serverHandler {
// 06.01.2007: decode HTML entities by [FB]
public static String decodeHtmlEntities(String s) {
// replace all entities defined in wikiCode.characters and htmlentities
for (int i=1; i<wikiCode.characters.length; i+=2) {
s = s.replaceAll(wikiCode.characters[i], wikiCode.characters[i - 1]);
}
for (int i=1; i<wikiCode.htmlentities.length; i+=2) {
s = s.replaceAll(wikiCode.htmlentities[i], wikiCode.htmlentities[i - 1]);
}
for (int i=1; i<wikiCode.xmlentities.length; i+=2) {
s = s.replaceAll(wikiCode.xmlentities[i], wikiCode.xmlentities[i - 1]);
}
// replace all other
CharArrayWriter b = new CharArrayWriter(s.length());

10
source/de/anomic/server/serverObjects.java
Unescape View File

@ -87,8 +87,8 @@ public class serverObjects extends Hashtable implements Cloneable {
/**
* like put, but it replaces any HTML special chars.
*/
public Object putNoHTML(Object key, String value){
return put(key, wikiCode.replaceHTMLonly(value));
public Object putSafeXML(Object key, String value){
return put(key, wikiCode.replaceXMLEntities(value));
}
// new put takes also null values
@ -111,8 +111,12 @@ public class serverObjects extends Hashtable implements Cloneable {
// string variant
public String put(String key, String value) {
return (String) this.put((Object) key, (Object) value);
//return putASIS(key, value);
return (String)putSafeXML(key, value); //XSS Safe!
}
public String putASIS(Object key, String value) {
return (String) this.put(key, (Object) value);
}
// long variant
public long put(String key, long value) {

6
source/de/anomic/soap/services/SearchService.java
Unescape View File

@ -161,9 +161,9 @@ public class SearchService extends AbstractService
// Postprocess search ...
int count = Integer.valueOf(searchResult.get("type_results","0")).intValue();
for (int i=0; i < count; i++) {
searchResult.put("type_results_" + i + "_url",wikiCode.replaceHTMLonly(searchResult.get("type_results_" + i + "_url","")));
searchResult.put("type_results_" + i + "_description",wikiCode.replaceHTMLonly(searchResult.get("type_results_" + i + "_description","")));
searchResult.put("type_results_" + i + "_urlname",wikiCode.replaceHTMLonly(searchResult.get("type_results_" + i + "_urlname","")));
searchResult.put("type_results_" + i + "_url",wikiCode.replaceXMLEntities(searchResult.get("type_results_" + i + "_url","")));
searchResult.put("type_results_" + i + "_description",wikiCode.replaceXMLEntities(searchResult.get("type_results_" + i + "_description","")));
searchResult.put("type_results_" + i + "_urlname",wikiCode.replaceXMLEntities(searchResult.get("type_results_" + i + "_urlname","")));
}
// format the result

Write Preview
Loading…
Cancel
Save