boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

XSS-safe put as default.

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3217 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 18 years ago
parent d6e02cf837
commit 0c81bd39d4
28 changed files with 147 additions and 143 deletions
Show Stats Download Patch File Download Diff File

4
htroot/Blacklist_p.java
Unescape View File

@ -307,7 +307,7 @@ public class Blacklist_p {
if (nextEntry.length() == 0) continue; if (nextEntry.length() == 0) continue;
if (nextEntry.startsWith("#")) continue; if (nextEntry.startsWith("#")) continue;
prop.put(DISABLED + "Itemlist_" + entryCount + "_item", de.anomic.data.wikiCode.replaceHTMLonly(nextEntry)); prop.put(DISABLED + "Itemlist_" + entryCount + "_item", de.anomic.data.wikiCode.replaceXMLEntities(nextEntry));
entryCount++; entryCount++;
} }
prop.put(DISABLED + "Itemlist", entryCount); prop.put(DISABLED + "Itemlist", entryCount);
@ -341,7 +341,7 @@ public class Blacklist_p {
int blacklistCount = 0; int blacklistCount = 0;
if (dirlist != null) { if (dirlist != null) {
for (int i = 0; i <= dirlist.length - 1; i++) { for (int i = 0; i <= dirlist.length - 1; i++) {
prop.put(DISABLED + BLACKLIST + blacklistCount + "_name", de.anomic.data.wikiCode.replaceHTMLonly(dirlist[i])); prop.put(DISABLED + BLACKLIST + blacklistCount + "_name", de.anomic.data.wikiCode.replaceXMLEntities(dirlist[i]));
prop.put(DISABLED + BLACKLIST + blacklistCount + "_selected", 0); prop.put(DISABLED + BLACKLIST + blacklistCount + "_selected", 0);
if (dirlist[i].equals(blacklistToUse)) { //current List if (dirlist[i].equals(blacklistToUse)) { //current List

2
htroot/Bookmarks.java
Unescape View File

@ -242,7 +242,7 @@ public class Bookmarks {
while(count<max_count && it.hasNext()){ while(count<max_count && it.hasNext()){
bookmark=switchboard.bookmarksDB.getBookmark((String)it.next()); bookmark=switchboard.bookmarksDB.getBookmark((String)it.next());
if(bookmark!=null){ if(bookmark!=null){
prop.put("bookmarks_"+count+"_link", de.anomic.data.wikiCode.replaceHTMLonly(bookmark.getUrl())); prop.put("bookmarks_"+count+"_link", de.anomic.data.wikiCode.replaceXMLEntities(bookmark.getUrl()));
prop.put("bookmarks_"+count+"_title", bookmark.getTitle()); prop.put("bookmarks_"+count+"_title", bookmark.getTitle());
prop.put("bookmarks_"+count+"_description", bookmark.getDescription()); prop.put("bookmarks_"+count+"_description", bookmark.getDescription());
prop.put("bookmarks_"+count+"_public", (bookmark.getPublic()? 1:0)); prop.put("bookmarks_"+count+"_public", (bookmark.getPublic()? 1:0));

12
htroot/CacheAdmin_p.java
Unescape View File

@ -149,7 +149,7 @@ public class CacheAdmin_p {
prop.put("info_type_headlines", t.length); prop.put("info_type_headlines", t.length);
for (i = 0; i < t.length; i++) for (i = 0; i < t.length; i++)
prop.put("info_type_headlines_" + i + "_headline", prop.put("info_type_headlines_" + i + "_headline",
de.anomic.data.wikiCode.replaceHTMLonly(t[i].replaceAll("\n", "").trim())); de.anomic.data.wikiCode.replaceXMLEntities(t[i].replaceAll("\n", "").trim()));
formatAnchor(prop, document.getHyperlinks(), "links"); formatAnchor(prop, document.getHyperlinks(), "links");
formatImageAnchor(prop, document.getImages()); formatImageAnchor(prop, document.getImages());
@ -159,14 +159,14 @@ public class CacheAdmin_p {
formatAnchor(prop, document.getEmaillinks(), "email"); formatAnchor(prop, document.getEmaillinks(), "email");
prop.put("info_type_text", prop.put("info_type_text",
de.anomic.data.wikiCode.replaceHTMLonly(new String(scraper.getText()))); de.anomic.data.wikiCode.replaceXMLEntities(new String(scraper.getText())));
i = 0; i = 0;
final Iterator sentences = document.getSentences(false); final Iterator sentences = document.getSentences(false);
if (sentences != null) if (sentences != null)
while (sentences.hasNext()) { while (sentences.hasNext()) {
prop.put("info_type_lines_" + i + "_line", prop.put("info_type_lines_" + i + "_line",
de.anomic.data.wikiCode.replaceHTMLonly(sentences.next().toString().replaceAll("\n", "").trim())); de.anomic.data.wikiCode.replaceXMLEntities(sentences.next().toString().replaceAll("\n", "").trim()));
i++; i++;
} }
prop.put("info_type_lines", i); prop.put("info_type_lines", i);
@ -267,9 +267,9 @@ public class CacheAdmin_p {
descr = ((String) entry.getValue()).trim(); descr = ((String) entry.getValue()).trim();
if (descr.length() == 0) { descr = "-"; } if (descr.length() == 0) { descr = "-"; }
prop.put("info_type_use." + extension + "_" + extension + "_" + i + "_name", prop.put("info_type_use." + extension + "_" + extension + "_" + i + "_name",
de.anomic.data.wikiCode.replaceHTMLonly(descr.replaceAll("\n", "").trim())); de.anomic.data.wikiCode.replaceXMLEntities(descr.replaceAll("\n", "").trim()));
prop.put("info_type_use." + extension + "_" + extension + "_" + i + "_link", prop.put("info_type_use." + extension + "_" + extension + "_" + i + "_link",
de.anomic.data.wikiCode.replaceHTMLonly(entry.getKey().toString())); de.anomic.data.wikiCode.replaceXMLEntities(entry.getKey().toString()));
i++; i++;
} }
prop.put("info_type_use." + extension, (i == 0) ? 0 : 1); prop.put("info_type_use." + extension, (i == 0) ? 0 : 1);
@ -284,7 +284,7 @@ public class CacheAdmin_p {
ie = (htmlFilterImageEntry) iter.next(); ie = (htmlFilterImageEntry) iter.next();
prop.put("info_type_use.images_images_" + i + "_name", ie.alt().replaceAll("\n", "").trim()); prop.put("info_type_use.images_images_" + i + "_name", ie.alt().replaceAll("\n", "").trim());
prop.put("info_type_use.images_images_" + i + "_link", prop.put("info_type_use.images_images_" + i + "_link",
de.anomic.data.wikiCode.replaceHTMLonly(ie.url().toNormalform())); de.anomic.data.wikiCode.replaceXMLEntities(ie.url().toNormalform()));
i++; i++;
} }
prop.put("info_type_use.images", (i == 0) ? 0 : 1); prop.put("info_type_use.images", (i == 0) ? 0 : 1);

2
htroot/IndexMonitor.java
Unescape View File

@ -181,7 +181,7 @@ public class IndexMonitor {
prop.put("table_indexed_" + cnt + "_moddate", daydate(urle.moddate())); prop.put("table_indexed_" + cnt + "_moddate", daydate(urle.moddate()));
prop.put("table_indexed_" + cnt + "_wordcount", urle.wordCount()); prop.put("table_indexed_" + cnt + "_wordcount", urle.wordCount());
prop.put("table_indexed_" + cnt + "_urldescr", comp.descr()); prop.put("table_indexed_" + cnt + "_urldescr", comp.descr());
prop.put("table_indexed_" + cnt + "_url", (cachepath == null) ? "-not-cached-" : "<a href=\"CacheAdmin_p.html?action=info&amp;path=" + cachepath + "\" class=\"small\" title=\"" + de.anomic.data.wikiCode.replaceHTMLonly(urlstr) + "\">" + de.anomic.data.wikiCode.replaceHTMLonly(urltxt) + "</a>"); prop.put("table_indexed_" + cnt + "_url", (cachepath == null) ? "-not-cached-" : "<a href=\"CacheAdmin_p.html?action=info&amp;path=" + cachepath + "\" class=\"small\" title=\"" + de.anomic.data.wikiCode.replaceXMLEntities(urlstr) + "\">" + de.anomic.data.wikiCode.replaceXMLEntities(urltxt) + "</a>");
dark = !dark; dark = !dark;
cnt++; cnt++;
} catch (Exception e) { } catch (Exception e) {

2
htroot/Surftips.java
Unescape View File

@ -142,7 +142,7 @@ public class Surftips {
prop.put("surftips_results_" + i + "_authorized_recommend_negativeVoteLink", "/Surftips.html?voteNegative=" + urlhash + "&amp;refid=" + refid + "&amp,display=" + display + ((showScore) ? "&amp;score=" : "")); // for negaive votes, we don't send around the bad url again, the hash is enough prop.put("surftips_results_" + i + "_authorized_recommend_negativeVoteLink", "/Surftips.html?voteNegative=" + urlhash + "&amp;refid=" + refid + "&amp,display=" + display + ((showScore) ? "&amp;score=" : "")); // for negaive votes, we don't send around the bad url again, the hash is enough
prop.put("surftips_results_" + i + "_authorized_recommend_positiveVoteLink", "/Surftips.html?votePositive=" + urlhash + "&amp;refid=" + refid + "&amp;url=" + crypt.simpleEncode(url,null,'b') + "&amp;title=" + crypt.simpleEncode(title,null,'b') + "&amp;description=" + crypt.simpleEncode(description,null,'b') + "&amp;display=" + display + ((showScore) ? "&amp;score=" : "")); prop.put("surftips_results_" + i + "_authorized_recommend_positiveVoteLink", "/Surftips.html?votePositive=" + urlhash + "&amp;refid=" + refid + "&amp;url=" + crypt.simpleEncode(url,null,'b') + "&amp;title=" + crypt.simpleEncode(title,null,'b') + "&amp;description=" + crypt.simpleEncode(description,null,'b') + "&amp;display=" + display + ((showScore) ? "&amp;score=" : ""));
prop.put("surftips_results_" + i + "_authorized_urlhash", urlhash); prop.put("surftips_results_" + i + "_authorized_urlhash", urlhash);
prop.put("surftips_results_" + i + "_url", de.anomic.data.wikiCode.replaceHTMLonly(url)); prop.put("surftips_results_" + i + "_url", de.anomic.data.wikiCode.replaceXMLEntities(url));
prop.put("surftips_results_" + i + "_urlname", nxTools.shortenURLString(url, 60)); prop.put("surftips_results_" + i + "_urlname", nxTools.shortenURLString(url, 60));
prop.put("surftips_results_" + i + "_urlhash", urlhash); prop.put("surftips_results_" + i + "_urlhash", urlhash);
prop.put("surftips_results_" + i + "_title", (showScore) ? ("(" + ranking.getScore(urlhash) + ") " + title) : title); prop.put("surftips_results_" + i + "_title", (showScore) ? ("(" + ranking.getScore(urlhash) + ") " + title) : title);

8
htroot/ViewFile.java
Unescape View File

@ -89,7 +89,7 @@ public class ViewFile {
plasmaSwitchboard sb = (plasmaSwitchboard)env; plasmaSwitchboard sb = (plasmaSwitchboard)env;
if (post != null && post.containsKey("words")) if (post != null && post.containsKey("words"))
prop.put("error_words", wikiCode.replaceHTMLonly((String)post.get("words"))); prop.put("error_words", wikiCode.replaceXMLEntities((String)post.get("words")));
else { else {
prop.put("error", 1); prop.put("error", 1);
prop.put("viewmode", 0); prop.put("viewmode", 0);
@ -263,7 +263,7 @@ public class ViewFile {
} }
} }
content = wikiCode.replaceHTMLonly( content = wikiCode.replaceXMLEntities(
content.replaceAll("\n", "<br />").replaceAll("\t", "&nbsp;&nbsp;&nbsp;&nbsp;")); content.replaceAll("\n", "<br />").replaceAll("\t", "&nbsp;&nbsp;&nbsp;&nbsp;"));
prop.put("error", 0); prop.put("error", 0);
@ -272,7 +272,7 @@ public class ViewFile {
} else if (viewMode.equals("iframe")) { } else if (viewMode.equals("iframe")) {
prop.put("viewMode", VIEW_MODE_AS_IFRAME); prop.put("viewMode", VIEW_MODE_AS_IFRAME);
prop.put("viewMode_url", wikiCode.replaceHTMLonly(url.toNormalform())); prop.put("viewMode_url", wikiCode.replaceXMLEntities(url.toNormalform()));
} else if (viewMode.equals("parsed") || viewMode.equals("sentences") || viewMode.equals("links")) { } else if (viewMode.equals("parsed") || viewMode.equals("sentences") || viewMode.equals("links")) {
// parsing the resource content // parsing the resource content
@ -362,7 +362,7 @@ public class ViewFile {
if (document != null) document.close(); if (document != null) document.close();
} }
prop.put("error", 0); prop.put("error", 0);
prop.put("error_url", wikiCode.replaceHTMLonly(url.toNormalform())); prop.put("error_url", wikiCode.replaceXMLEntities(url.toNormalform()));
prop.put("error_hash", urlHash); prop.put("error_hash", urlHash);
prop.put("error_wordCount", Integer.toString(wordCount)); prop.put("error_wordCount", Integer.toString(wordCount));
prop.put("error_desc", descr); prop.put("error_desc", descr);

8
htroot/htdocsdefault/dir.java
Unescape View File

@ -236,7 +236,7 @@ public class dir {
// tree += "<span class=\"tt\">path&nbsp;=&nbsp;" + path + "</span><br><br>"; // tree += "<span class=\"tt\">path&nbsp;=&nbsp;" + path + "</span><br><br>";
if (list != null) { if (list != null) {
int filecount = 0, fileIdx = 0; int filecount = 0, fileIdx = 0;
prop.putNoHTML("path", path); prop.putSafeXML("path", path);
boolean dark = false; boolean dark = false;
for (int i = 0; i < list.length; i++) { for (int i = 0; i < list.length; i++) {
@ -280,7 +280,7 @@ public class dir {
prop.put("dirlist_" + fileIdx + "_dir_date" , dateString(new Date(f.lastModified()))); prop.put("dirlist_" + fileIdx + "_dir_date" , dateString(new Date(f.lastModified())));
prop.put("dirlist_" + fileIdx + "_dir_timestamp" , Long.toString(f.lastModified())); prop.put("dirlist_" + fileIdx + "_dir_timestamp" , Long.toString(f.lastModified()));
// the entry name // the entry name
prop.putNoHTML("dirlist_" + fileIdx + "_dir_name" , fileName); prop.putSafeXML("dirlist_" + fileIdx + "_dir_name" , fileName);
if (f.isDirectory()) { if (f.isDirectory()) {
// the entry is a directory // the entry is a directory
@ -295,7 +295,7 @@ public class dir {
prop.put("dirlist_" + fileIdx + "_dir_size" , serverMemory.bytesToString(f.length())); prop.put("dirlist_" + fileIdx + "_dir_size" , serverMemory.bytesToString(f.length()));
prop.put("dirlist_" + fileIdx + "_dir_sizeBytes" , Long.toString(f.length())); prop.put("dirlist_" + fileIdx + "_dir_sizeBytes" , Long.toString(f.length()));
// the unique url // the unique url
prop.putNoHTML("dirlist_" + fileIdx + "_dir_yacyhURL",yacyhURL(yacyCore.seedDB.mySeed, fileName, md5s)); prop.putSafeXML("dirlist_" + fileIdx + "_dir_yacyhURL",yacyhURL(yacyCore.seedDB.mySeed, fileName, md5s));
// the md5 sum of the file // the md5 sum of the file
prop.put("dirlist_" + fileIdx + "_dir_md5s",md5s); prop.put("dirlist_" + fileIdx + "_dir_md5s",md5s);
// description mode: 0...image preview, 1...description text // description mode: 0...image preview, 1...description text
@ -303,7 +303,7 @@ public class dir {
if (showImage) { if (showImage) {
prop.put("dirlist_" + fileIdx + "_dir_descriptionMode_image",fileName); prop.put("dirlist_" + fileIdx + "_dir_descriptionMode_image",fileName);
} else { } else {
prop.putNoHTML("dirlist_" + fileIdx + "_dir_descriptionMode_text",description); prop.putSafeXML("dirlist_" + fileIdx + "_dir_descriptionMode_text",description);
} }
} }

2
htroot/xml/blacklists_p.java
Unescape View File

@ -77,7 +77,7 @@ public class blacklists_p {
if (nextEntry.length() == 0) continue; if (nextEntry.length() == 0) continue;
if (nextEntry.startsWith("#")) continue; if (nextEntry.startsWith("#")) continue;
prop.putNoHTML("lists_" + blacklistCount + "_items_" + count + "_item", nextEntry); prop.putSafeXML("lists_" + blacklistCount + "_items_" + count + "_item", nextEntry);
count++; count++;
} }
prop.put("lists_" + blacklistCount + "_items", count); prop.put("lists_" + blacklistCount + "_items", count);

12
htroot/xml/bookmarks/posts/all.java
Unescape View File

@ -72,13 +72,13 @@ public class all {
Date date; Date date;
while(it.hasNext()){ while(it.hasNext()){
bookmark=switchboard.bookmarksDB.getBookmark((String) it.next()); bookmark=switchboard.bookmarksDB.getBookmark((String) it.next());
prop.putNoHTML("posts_"+count+"_url", bookmark.getUrl()); prop.putSafeXML("posts_"+count+"_url", bookmark.getUrl());
prop.putNoHTML("posts_"+count+"_title", bookmark.getTitle()); prop.putSafeXML("posts_"+count+"_title", bookmark.getTitle());
prop.putNoHTML("posts_"+count+"_description", bookmark.getDescription()); prop.putSafeXML("posts_"+count+"_description", bookmark.getDescription());
prop.putNoHTML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl())); prop.putSafeXML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl()));
date=new Date(bookmark.getTimeStamp()); date=new Date(bookmark.getTimeStamp());
prop.putNoHTML("posts_"+count+"_time", bookmarksDB.dateToiso8601(date)); prop.putSafeXML("posts_"+count+"_time", bookmarksDB.dateToiso8601(date));
prop.putNoHTML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," ")); prop.putSafeXML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," "));
count++; count++;
} }
prop.put("posts", count); prop.put("posts", count);

12
htroot/xml/bookmarks/posts/get.java
Unescape View File

@ -57,12 +57,12 @@ public class get {
if(bookmarksDB.dateToiso8601(new Date(bookmark.getTimeStamp())) == date && if(bookmarksDB.dateToiso8601(new Date(bookmark.getTimeStamp())) == date &&
tag==null || bookmark.getTags().contains(tag) && tag==null || bookmark.getTags().contains(tag) &&
isAdmin || bookmark.getPublic()){ isAdmin || bookmark.getPublic()){
prop.putNoHTML("posts_"+count+"_url", bookmark.getUrl()); prop.putSafeXML("posts_"+count+"_url", bookmark.getUrl());
prop.putNoHTML("posts_"+count+"_title", bookmark.getTitle()); prop.putSafeXML("posts_"+count+"_title", bookmark.getTitle());
prop.putNoHTML("posts_"+count+"_description", bookmark.getDescription()); prop.putSafeXML("posts_"+count+"_description", bookmark.getDescription());
prop.putNoHTML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl())); prop.putSafeXML("posts_"+count+"_md5", serverCodings.encodeMD5Hex(bookmark.getUrl()));
prop.putNoHTML("posts_"+count+"_time", date); prop.putSafeXML("posts_"+count+"_time", date);
prop.putNoHTML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," ")); prop.putSafeXML("posts_"+count+"_tags", bookmark.getTagsString().replaceAll(","," "));
count++; count++;
} }
} }

4
htroot/xml/config_p.java
Unescape View File

@ -62,8 +62,8 @@ public class config_p {
int count=0; int count=0;
while(keys.hasNext()){ while(keys.hasNext()){
key = (String) keys.next(); key = (String) keys.next();
prop.put("options_"+count+"_key", wikiCode.replaceHTMLonly(key)); prop.put("options_"+count+"_key", wikiCode.replaceXMLEntities(key));
prop.put("options_"+count+"_value", wikiCode.replaceHTMLonly(env.getConfig(key, "ERROR"))); prop.put("options_"+count+"_value", wikiCode.replaceXMLEntities(env.getConfig(key, "ERROR")));
count++; count++;
} }
prop.put("options", count); prop.put("options", count);

14
htroot/xml/queues_p.java
Unescape View File

@ -119,11 +119,11 @@ public class queues_p {
if ((pcentry != null)&&(pcentry.url() != null)) { if ((pcentry != null)&&(pcentry.url() != null)) {
initiator = yacyCore.seedDB.getConnected(pcentry.initiator()); initiator = yacyCore.seedDB.getConnected(pcentry.initiator());
prop.put("list-indexing_"+i+"_profile", (pcentry.profile() != null) ? pcentry.profile().name() : "deleted"); prop.put("list-indexing_"+i+"_profile", (pcentry.profile() != null) ? pcentry.profile().name() : "deleted");
prop.putNoHTML("list-indexing_"+i+"_initiator", ((initiator == null) ? "proxy" : wikiCode.replaceHTML(initiator.getName()))); prop.putSafeXML("list-indexing_"+i+"_initiator", ((initiator == null) ? "proxy" : wikiCode.replaceHTML(initiator.getName())));
prop.put("list-indexing_"+i+"_depth", pcentry.depth()); prop.put("list-indexing_"+i+"_depth", pcentry.depth());
prop.put("list-indexing_"+i+"_modified", pcentry.getModificationDate()); prop.put("list-indexing_"+i+"_modified", pcentry.getModificationDate());
prop.putNoHTML("list-indexing_"+i+"_anchor", (pcentry.anchorName()==null)?"":wikiCode.replaceHTML(pcentry.anchorName())); prop.putSafeXML("list-indexing_"+i+"_anchor", (pcentry.anchorName()==null)?"":wikiCode.replaceHTML(pcentry.anchorName()));
prop.putNoHTML("list-indexing_"+i+"_url", pcentry.normalizedURLString()); prop.putSafeXML("list-indexing_"+i+"_url", pcentry.normalizedURLString());
prop.put("list-indexing_"+i+"_size", entrySize); prop.put("list-indexing_"+i+"_size", entrySize);
prop.put("list-indexing_"+i+"_inProcess", (inProcess)?1:0); prop.put("list-indexing_"+i+"_inProcess", (inProcess)?1:0);
prop.put("list-indexing_"+i+"_hash", pcentry.urlHash()); prop.put("list-indexing_"+i+"_hash", pcentry.urlHash());
@ -151,9 +151,9 @@ public class queues_p {
if (theMsg == null) continue; if (theMsg == null) continue;
prop.put("list-loader_"+count+"_profile", theMsg.profile.name()); prop.put("list-loader_"+count+"_profile", theMsg.profile.name());
initiator = yacyCore.seedDB.getConnected(theMsg.initiator); initiator = yacyCore.seedDB.getConnected(theMsg.initiator);
prop.putNoHTML("list-loader_"+count+"_initiator", ((initiator == null) ? "proxy" : initiator.getName())); prop.putSafeXML("list-loader_"+count+"_initiator", ((initiator == null) ? "proxy" : initiator.getName()));
prop.put("list-loader_"+count+"_depth", theMsg.depth ); prop.put("list-loader_"+count+"_depth", theMsg.depth );
prop.putNoHTML("list-loader_"+count+"_url", theMsg.url.toString()); // null pointer exception here !!! maybe url = null; check reason. prop.putSafeXML("list-loader_"+count+"_url", theMsg.url.toString()); // null pointer exception here !!! maybe url = null; check reason.
count++; count++;
} }
prop.put("list-loader", count ); prop.put("list-loader", count );
@ -192,8 +192,8 @@ public class queues_p {
prop.put(tableName + "_" + showNum + "_initiator", ((initiator == null) ? "proxy" : initiator.getName())); prop.put(tableName + "_" + showNum + "_initiator", ((initiator == null) ? "proxy" : initiator.getName()));
prop.put(tableName + "_" + showNum + "_depth", urle.depth()); prop.put(tableName + "_" + showNum + "_depth", urle.depth());
prop.put(tableName + "_" + showNum + "_modified", daydate(urle.loaddate())); prop.put(tableName + "_" + showNum + "_modified", daydate(urle.loaddate()));
prop.putNoHTML(tableName + "_" + showNum + "_anchor", urle.name()); prop.putSafeXML(tableName + "_" + showNum + "_anchor", urle.name());
prop.putNoHTML(tableName + "_" + showNum + "_url", urle.url().toString()); prop.putSafeXML(tableName + "_" + showNum + "_url", urle.url().toString());
prop.put(tableName + "_" + showNum + "_hash", urle.hash()); prop.put(tableName + "_" + showNum + "_hash", urle.hash());
showNum++; showNum++;
} }

16
htroot/yacy/crawlOrder.java
Unescape View File

@ -200,8 +200,8 @@ public final class crawlOrder {
stackresult = stack(switchboard, (String) urlv.get(i), (String) refv.get(i), iam, youare); stackresult = stack(switchboard, (String) urlv.get(i), (String) refv.get(i), iam, youare);
response = (String) stackresult[0]; response = (String) stackresult[0];
prop.put("list_" + i + "_job", (String) stackresult[0] + "," + (String) stackresult[1]); prop.putASIS("list_" + i + "_job", (String) stackresult[0] + "," + (String) stackresult[1]);
prop.put("list_" + i + "_lurl", (String) stackresult[2]); prop.putASIS("list_" + i + "_lurl", (String) stackresult[2]);
prop.put("list_" + i + "_count", i); prop.put("list_" + i + "_count", i);
} }
prop.put("list", count); prop.put("list", count);
@ -218,13 +218,13 @@ public final class crawlOrder {
delay = "600"; delay = "600";
} }
prop.put("response", response); prop.putASIS("response", response);
prop.put("reason", reason); prop.putASIS("reason", reason);
prop.put("delay", delay); prop.putASIS("delay", delay);
prop.put("depth", acceptDepth); prop.put("depth", acceptDepth);
prop.put("lurl", lurl); prop.putASIS("lurl", lurl);
prop.put("forward", ""); prop.putASIS("forward", "");
prop.put("key", key); prop.putASIS("key", key);
// return rewrite properties // return rewrite properties
return prop; return prop;

8
htroot/yacy/crawlReceipt.java
Unescape View File

@ -118,10 +118,10 @@ public final class crawlReceipt {
if ((yacyCore.seedDB.mySeed == null) || (!(yacyCore.seedDB.mySeed.hash.equals(youare)))) { if ((yacyCore.seedDB.mySeed == null) || (!(yacyCore.seedDB.mySeed.hash.equals(youare)))) {
// no yacy connection / unknown peers // no yacy connection / unknown peers
prop.put("delay", "3600"); prop.putASIS("delay", "3600");
} else if (propStr == null) { } else if (propStr == null) {
// error with url / wrong key // error with url / wrong key
prop.put("delay", "3600"); prop.putASIS("delay", "3600");
} else if (result.equals("fill")) { } else if (result.equals("fill")) {
// generating a new loaded URL entry // generating a new loaded URL entry
indexURLEntry entry = switchboard.wordIndex.loadedURL.newEntry(propStr); indexURLEntry entry = switchboard.wordIndex.loadedURL.newEntry(propStr);
@ -152,7 +152,7 @@ public final class crawlReceipt {
} }
} }
// ready for more // ready for more
prop.put("delay", "10"); prop.putASIS("delay", "10");
} else { } else {
try { try {
plasmaCrawlNURL.Entry en = switchboard.noticeURL.getEntry(receivedUrlhash); plasmaCrawlNURL.Entry en = switchboard.noticeURL.getEntry(receivedUrlhash);
@ -163,7 +163,7 @@ public final class crawlReceipt {
} catch (IOException e) { } catch (IOException e) {
} }
prop.put("delay", "100"); // what shall we do with that??? prop.putASIS("delay", "100"); // what shall we do with that???
} }
// return rewrite properties // return rewrite properties

16
htroot/yacy/hello.java
Unescape View File

@ -100,7 +100,7 @@ public final class hello {
serverCore.checkInterruption(); serverCore.checkInterruption();
// try first the reportedip, since this may be a connect from a port-forwarding host // try first the reportedip, since this may be a connect from a port-forwarding host
prop.put(yacySeed.YOURIP, reportedip); prop.putASIS(yacySeed.YOURIP, reportedip);
remoteSeed.put(yacySeed.IP, reportedip); remoteSeed.put(yacySeed.IP, reportedip);
urls = yacyClient.queryUrlCount(remoteSeed); urls = yacyClient.queryUrlCount(remoteSeed);
} }
@ -117,7 +117,7 @@ public final class hello {
if(isNotLocal) { if(isNotLocal) {
serverCore.checkInterruption(); serverCore.checkInterruption();
prop.put(yacySeed.YOURIP, clientip); prop.putASIS(yacySeed.YOURIP, clientip);
remoteSeed.put(yacySeed.IP, clientip); remoteSeed.put(yacySeed.IP, clientip);
urls = yacyClient.queryUrlCount(remoteSeed); urls = yacyClient.queryUrlCount(remoteSeed);
} }
@ -128,18 +128,18 @@ public final class hello {
// assign status // assign status
if (urls >= 0) { if (urls >= 0) {
if (remoteSeed.get(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR) == null) { if (remoteSeed.get(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR) == null) {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR); prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR);
remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR); remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR);
} else if (remoteSeed.get(yacySeed.PEERTYPE, yacySeed.PEERTYPE_PRINCIPAL).equals(yacySeed.PEERTYPE_PRINCIPAL)) { } else if (remoteSeed.get(yacySeed.PEERTYPE, yacySeed.PEERTYPE_PRINCIPAL).equals(yacySeed.PEERTYPE_PRINCIPAL)) {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_PRINCIPAL); prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_PRINCIPAL);
} else { } else {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR); prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_SENIOR);
remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR); remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_SENIOR);
} }
// connect the seed // connect the seed
yacyCore.peerActions.peerArrival(remoteSeed, true); yacyCore.peerActions.peerArrival(remoteSeed, true);
} else { } else {
prop.put(yacySeed.YOURTYPE, yacySeed.PEERTYPE_JUNIOR); prop.putASIS(yacySeed.YOURTYPE, yacySeed.PEERTYPE_JUNIOR);
remoteSeed.put(yacySeed.LASTSEEN, yacyCore.universalDateShortString(new Date(System.currentTimeMillis() + serverDate.UTCDiff() - remoteSeed.getUTCDiff())) ); remoteSeed.put(yacySeed.LASTSEEN, yacyCore.universalDateShortString(new Date(System.currentTimeMillis() + serverDate.UTCDiff() - remoteSeed.getUTCDiff())) );
yacyCore.peerActions.juniorConnects++; // update statistics yacyCore.peerActions.juniorConnects++; // update statistics
remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_JUNIOR); remoteSeed.put(yacySeed.PEERTYPE, yacySeed.PEERTYPE_JUNIOR);
@ -186,8 +186,8 @@ public final class hello {
seeds.append("seed0=").append(yacyCore.seedDB.mySeed.genSeedStr(key)).append(serverCore.crlfString); seeds.append("seed0=").append(yacyCore.seedDB.mySeed.genSeedStr(key)).append(serverCore.crlfString);
} }
prop.put(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date())); prop.putASIS(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date()));
prop.put("seedlist", seeds.toString()); prop.putASIS("seedlist", seeds.toString());
// return rewrite properties // return rewrite properties
return prop; return prop;
} }

2
htroot/yacy/list.java
Unescape View File

@ -84,7 +84,7 @@ public final class list {
prop.put("list",out); prop.put("list",out);
} else { } else {
prop.put("list",""); prop.putASIS("list","");
} }
return prop; return prop;

18
htroot/yacy/message.java
Unescape View File

@ -87,8 +87,8 @@ public final class message {
int messagesize = 10240; int messagesize = 10240;
int attachmentsize = 0; int attachmentsize = 0;
prop.put("messagesize", "0"); prop.putASIS("messagesize", "0");
prop.put("attachmentsize", "0"); prop.putASIS("attachmentsize", "0");
// System.out.println("DEBUG yacy/message: message post values = " + post.toString()); // System.out.println("DEBUG yacy/message: message post values = " + post.toString());
@ -97,17 +97,17 @@ public final class message {
if ((yacyCore.seedDB.mySeed == null) || (!(yacyCore.seedDB.mySeed.hash.equals(youare)))) { if ((yacyCore.seedDB.mySeed == null) || (!(yacyCore.seedDB.mySeed.hash.equals(youare)))) {
// this request has a wrong target // this request has a wrong target
// System.out.println("DEBUG yacy/message: authenticate failed"); // System.out.println("DEBUG yacy/message: authenticate failed");
prop.put("response", "-1"); // request rejected prop.putASIS("response", "-1"); // request rejected
return prop; return prop;
} }
prop.put("messagesize", Integer.toString(messagesize)); prop.putASIS("messagesize", Integer.toString(messagesize));
prop.put("attachmentsize", Integer.toString(attachmentsize)); prop.putASIS("attachmentsize", Integer.toString(attachmentsize));
if (process.equals("permission")) { if (process.equals("permission")) {
// permission: respond with acceptable message and attachment size // permission: respond with acceptable message and attachment size
// String iam = (String) post.get("iam", ""); // seed hash of requester // String iam = (String) post.get("iam", ""); // seed hash of requester
prop.put("response", "Welcome to my peer!"); prop.putASIS("response", "Welcome to my peer!");
// that's it! // that's it!
} }
@ -115,7 +115,7 @@ public final class message {
// post: post message to message board // post: post message to message board
String otherSeedString = post.get("myseed", ""); String otherSeedString = post.get("myseed", "");
if (otherSeedString.length() == 0) { if (otherSeedString.length() == 0) {
prop.put("response", "-1"); // request rejected prop.putASIS("response", "-1"); // request rejected
return prop; return prop;
} }
//Date remoteTime = yacyCore.parseUniversalDate((String) post.get(yacySeed.MYTIME)); // read remote time //Date remoteTime = yacyCore.parseUniversalDate((String) post.get(yacySeed.MYTIME)); // read remote time
@ -127,11 +127,11 @@ public final class message {
message = message.trim(); message = message.trim();
if (subject.length() == 0 && message.length() == 0) { if (subject.length() == 0 && message.length() == 0) {
prop.put("response", "-1"); // don't accept empty messages prop.putASIS("response", "-1"); // don't accept empty messages
return prop; return prop;
} }
prop.put("response", "Thank you!"); prop.putASIS("response", "Thank you!");
// save message // save message
messageBoard.entry msgEntry = null; messageBoard.entry msgEntry = null;

4
htroot/yacy/profile.java
Unescape View File

@ -85,8 +85,8 @@ public final class profile {
key=(String)it.next(); key=(String)it.next();
value=profile.getProperty(key, "").replaceAll("\r","").replaceAll("\n","\\\\n"); value=profile.getProperty(key, "").replaceAll("\r","").replaceAll("\n","\\\\n");
if( !(key.equals("")) && !(value.equals("")) ){ if( !(key.equals("")) && !(value.equals("")) ){
prop.put("list_"+count+"_key", key); prop.putASIS("list_"+count+"_key", key);
prop.put("list_"+count+"_value", value); prop.putASIS("list_"+count+"_value", value);
count++; count++;
} }
} }

14
htroot/yacy/query.java
Unescape View File

@ -73,12 +73,12 @@ public final class query {
final String obj = post.get("object", ""); // keyword for query subject final String obj = post.get("object", ""); // keyword for query subject
final String env = post.get("env", ""); // argument to query final String env = post.get("env", ""); // argument to query
prop.put(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date())); prop.putASIS(yacySeed.MYTIME, yacyCore.universalDateShortString(new Date()));
// check if we are the right target and requester has correct information about this peer // check if we are the right target and requester has correct information about this peer
if (yacyCore.seedDB.mySeed == null || !yacyCore.seedDB.mySeed.hash.equals(youare)) { if (yacyCore.seedDB.mySeed == null || !yacyCore.seedDB.mySeed.hash.equals(youare)) {
// this request has a wrong target // this request has a wrong target
prop.put("response", "-1"); // request rejected prop.putASIS("response", "-1"); // request rejected
return prop; return prop;
} }
@ -105,30 +105,30 @@ public final class query {
// requests about requirements // requests about requirements
if (obj.equals("wantedlurls")) { if (obj.equals("wantedlurls")) {
prop.put("response", "0"); // dummy response prop.putASIS("response", "0"); // dummy response
return prop; return prop;
} }
if (obj.equals("wantedpurls")) { if (obj.equals("wantedpurls")) {
prop.put("response", "0"); // dummy response prop.putASIS("response", "0"); // dummy response
return prop; return prop;
} }
if (obj.equals("wantedword")) { if (obj.equals("wantedword")) {
// response returns a list of wanted word hashes // response returns a list of wanted word hashes
prop.put("response", "0"); // dummy response prop.putASIS("response", "0"); // dummy response
return prop; return prop;
} }
if (obj.equals("wantedrwi")) { if (obj.equals("wantedrwi")) {
// <env> shall contain a word hash, the number of wanted lurls for this hash is returned // <env> shall contain a word hash, the number of wanted lurls for this hash is returned
prop.put("response", "0"); // dummy response prop.putASIS("response", "0"); // dummy response
return prop; return prop;
} }
if (obj.equals("wantedseeds")) { if (obj.equals("wantedseeds")) {
// return a number of wanted seed // return a number of wanted seed
prop.put("response", "0"); // dummy response prop.putASIS("response", "0"); // dummy response
return prop; return prop;
} }

34
htroot/yacy/search.java
Unescape View File

@ -164,7 +164,7 @@ public final class search {
} }
} }
prop.put("indexcount", ""); prop.putASIS("indexcount", "");
prop.put("joincount", 0); prop.put("joincount", 0);
} else { } else {
// retrieve index containers from search request // retrieve index containers from search request
@ -185,8 +185,8 @@ public final class search {
// set statistic details of search result and find best result index set // set statistic details of search result and find best result index set
if (containers == null) { if (containers == null) {
prop.put("indexcount", ""); prop.putASIS("indexcount", "");
prop.put("joincount", "0"); prop.putASIS("joincount", "0");
} else { } else {
Iterator ci = containers.entrySet().iterator(); Iterator ci = containers.entrySet().iterator();
StringBuffer indexcount = new StringBuffer(); StringBuffer indexcount = new StringBuffer();
@ -213,7 +213,7 @@ public final class search {
indexabstract.append("indexabstract." + wordhash + "=").append(plasmaURL.compressIndex(container, null,1000).toString()).append(serverCore.crlfString); indexabstract.append("indexabstract." + wordhash + "=").append(plasmaURL.compressIndex(container, null,1000).toString()).append(serverCore.crlfString);
} }
} }
prop.put("indexcount", new String(indexcount)); prop.putASIS("indexcount", new String(indexcount));
// join and order the result // join and order the result
indexContainer localResults = theSearch.localSearchJoin(containers.values()); indexContainer localResults = theSearch.localSearchJoin(containers.values());
@ -223,14 +223,14 @@ public final class search {
acc = null; acc = null;
} else { } else {
joincount = localResults.size(); joincount = localResults.size();
prop.put("joincount", Integer.toString(joincount)); prop.putASIS("joincount", Integer.toString(joincount));
acc = theSearch.orderFinal(localResults); acc = theSearch.orderFinal(localResults);
} }
// generate compressed index for maxcounthash // generate compressed index for maxcounthash
// this is not needed if the search is restricted to specific // this is not needed if the search is restricted to specific
// urls, because it is a re-search // urls, because it is a re-search
if ((maxcounthash == null) || (urls.length() != 0) || (keyhashes.size() == 1) || (abstracts.length() == 0)) { if ((maxcounthash == null) || (urls.length() != 0) || (keyhashes.size() == 1) || (abstracts.length() == 0)) {
prop.put("indexabstract", ""); prop.putASIS("indexabstract", "");
} else if (abstracts.equals("auto")) { } else if (abstracts.equals("auto")) {
indexabstract.append("indexabstract." + maxcounthash + "=").append(plasmaURL.compressIndex(((indexContainer) containers.get(maxcounthash)),localResults, 1000).toString()).append(serverCore.crlfString); indexabstract.append("indexabstract." + maxcounthash + "=").append(plasmaURL.compressIndex(((indexContainer) containers.get(maxcounthash)),localResults, 1000).toString()).append(serverCore.crlfString);
if ((neardhthash != null) if ((neardhthash != null)
@ -243,7 +243,7 @@ public final class search {
} }
} }
} }
prop.put("indexabstract", indexabstract.toString()); prop.putASIS("indexabstract", indexabstract.toString());
// prepare search statistics // prepare search statistics
Long trackerHandle = new Long(System.currentTimeMillis()); Long trackerHandle = new Long(System.currentTimeMillis());
@ -260,9 +260,9 @@ public final class search {
if ((joincount == 0) || (acc == null)) { if ((joincount == 0) || (acc == null)) {
// no results // no results
prop.put("links", ""); prop.putASIS("links", "");
prop.put("linkcount", "0"); prop.putASIS("linkcount", "0");
prop.put("references", ""); prop.putASIS("references", "");
} else { } else {
// result is a List of urlEntry elements // result is a List of urlEntry elements
@ -288,26 +288,26 @@ public final class search {
i++; i++;
} }
} }
prop.put("links", new String(links)); prop.putASIS("links", new String(links));
prop.put("linkcount", Integer.toString(i)); prop.putASIS("linkcount", Integer.toString(i));
// prepare reference hints // prepare reference hints
Object[] ws = acc.getReferences(16); Object[] ws = acc.getReferences(16);
StringBuffer refstr = new StringBuffer(); StringBuffer refstr = new StringBuffer();
for (int j = 0; j < ws.length; j++) for (int j = 0; j < ws.length; j++)
refstr.append(",").append((String) ws[j]); refstr.append(",").append((String) ws[j]);
prop.put("references", (refstr.length() > 0) ? refstr.substring(1) : refstr.toString()); prop.putASIS("references", (refstr.length() > 0) ? refstr.substring(1) : refstr.toString());
} }
// add information about forward peers // add information about forward peers
prop.put("fwhop", ""); // hops (depth) of forwards that had been performed to construct this result prop.putASIS("fwhop", ""); // hops (depth) of forwards that had been performed to construct this result
prop.put("fwsrc", ""); // peers that helped to construct this result prop.putASIS("fwsrc", ""); // peers that helped to construct this result
prop.put("fwrec", ""); // peers that would have helped to construct this result (recommendations) prop.putASIS("fwrec", ""); // peers that would have helped to construct this result (recommendations)
// log // log
yacyCore.log.logInfo("EXIT HASH SEARCH: " + plasmaSearchQuery.anonymizedQueryHashes(squery.queryHashes) + " - " + joincount + " links found, " + prop.get("linkcount", "?") + " links selected, " + ((System.currentTimeMillis() - timestamp1) / 1000) + " seconds"); yacyCore.log.logInfo("EXIT HASH SEARCH: " + plasmaSearchQuery.anonymizedQueryHashes(squery.queryHashes) + " - " + joincount + " links found, " + prop.get("linkcount", "?") + " links selected, " + ((System.currentTimeMillis() - timestamp1) / 1000) + " seconds");
prop.put("searchtime", Long.toString(System.currentTimeMillis() - timestamp)); prop.putASIS("searchtime", Long.toString(System.currentTimeMillis() - timestamp));
final int links = Integer.parseInt(prop.get("linkcount","0")); final int links = Integer.parseInt(prop.get("linkcount","0"));
yacyCore.seedDB.mySeed.incSI(links); yacyCore.seedDB.mySeed.incSI(links);

36
htroot/yacy/transfer.java
Unescape View File

@ -72,12 +72,12 @@ public final class transfer {
//long filesize = Long.parseLong((String) post.get("filesize", "")); // the size of the file //long filesize = Long.parseLong((String) post.get("filesize", "")); // the size of the file
prop.put("process", 0); prop.put("process", 0);
prop.put("response", "denied"); // reject is default and is overwritten if ok prop.putASIS("response", "denied"); // reject is default and is overwritten if ok
prop.put("process_access", ""); prop.putASIS("process_access", "");
prop.put("process_address", ""); prop.putASIS("process_address", "");
prop.put("process_protocol", ""); prop.putASIS("process_protocol", "");
prop.put("process_path", ""); prop.putASIS("process_path", "");
prop.put("process_maxsize", "0"); prop.putASIS("process_maxsize", "0");
if (!sb.rankingOn) { return prop; } if (!sb.rankingOn) { return prop; }
@ -99,12 +99,12 @@ public final class transfer {
//System.out.println("yacy/transfer:post=" + post.toString()); //System.out.println("yacy/transfer:post=" + post.toString());
//String cansendprotocol = (String) post.get("can-send-protocol", "http"); //String cansendprotocol = (String) post.get("can-send-protocol", "http");
String access = kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw(otherpeer + ":" + filename)) + ":" + kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw("" + System.currentTimeMillis())); String access = kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw(otherpeer + ":" + filename)) + ":" + kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw("" + System.currentTimeMillis()));
prop.put("response", "ok"); prop.putASIS("response", "ok");
prop.put("process_access", access); prop.putASIS("process_access", access);
prop.put("process_address", yacyCore.seedDB.mySeed.getAddress()); prop.putASIS("process_address", yacyCore.seedDB.mySeed.getAddress());
prop.put("process_protocol", "http"); prop.putASIS("process_protocol", "http");
prop.put("process_path", ""); // currently empty; the store process will find a path prop.putASIS("process_path", ""); // currently empty; the store process will find a path
prop.put("process_maxsize", "-1"); // if response is too big we return the size of the file prop.putASIS("process_maxsize", "-1"); // if response is too big we return the size of the file
sb.rankingPermissions.put(serverCodings.encodeMD5Hex(kelondroBase64Order.standardCoder.encodeString(access)), filename); sb.rankingPermissions.put(serverCodings.encodeMD5Hex(kelondroBase64Order.standardCoder.encodeString(access)), filename);
sb.getLog().logFine("RankingTransmission: granted peer " + otherpeerName + " to send CR file " + filename); sb.getLog().logFine("RankingTransmission: granted peer " + otherpeerName + " to send CR file " + filename);
} }
@ -120,10 +120,10 @@ public final class transfer {
//java.util.HashMap perm = sb.rankingPermissions; //java.util.HashMap perm = sb.rankingPermissions;
//System.out.println("PERMISSIONDEBUG: accesscode=" + accesscode + ", permissions=" + perm.toString()); //System.out.println("PERMISSIONDEBUG: accesscode=" + accesscode + ", permissions=" + perm.toString());
String grantedFile = (String) sb.rankingPermissions.get(accesscode); String grantedFile = (String) sb.rankingPermissions.get(accesscode);
prop.put("process_tt", ""); prop.putASIS("process_tt", "");
if ((grantedFile == null) || (!(grantedFile.equals(filename)))) { if ((grantedFile == null) || (!(grantedFile.equals(filename)))) {
// fraud-access of this interface // fraud-access of this interface
prop.put("response", "denied"); prop.putASIS("response", "denied");
sb.getLog().logFine("RankingTransmission: denied " + otherpeerName + " to send CR file " + filename + ": wrong access code"); sb.getLog().logFine("RankingTransmission: denied " + otherpeerName + " to send CR file " + filename + ": wrong access code");
} else { } else {
sb.rankingPermissions.remove(accesscode); // not needed any more sb.rankingPermissions.remove(accesscode); // not needed any more
@ -135,19 +135,19 @@ public final class transfer {
serverFileUtils.write(filebytes, file); serverFileUtils.write(filebytes, file);
String md5t = serverCodings.encodeMD5Hex(file); String md5t = serverCodings.encodeMD5Hex(file);
if (md5t.equals(md5)) { if (md5t.equals(md5)) {
prop.put("response", "ok"); prop.putASIS("response", "ok");
sb.getLog().logFine("RankingTransmission: received from peer " + otherpeerName + " CR file " + filename); sb.getLog().logFine("RankingTransmission: received from peer " + otherpeerName + " CR file " + filename);
} else { } else {
prop.put("response", "transfer failure"); prop.putASIS("response", "transfer failure");
sb.getLog().logFine("RankingTransmission: transfer failure from peer " + otherpeerName + " for CR file " + filename); sb.getLog().logFine("RankingTransmission: transfer failure from peer " + otherpeerName + " for CR file " + filename);
} }
}else{ }else{
//exploit? //exploit?
prop.put("response", "io error"); prop.putASIS("response", "io error");
return prop; return prop;
} }
} catch (IOException e) { } catch (IOException e) {
prop.put("response", "io error"); prop.putASIS("response", "io error");
} }
} }
} }

6
htroot/yacy/transferRWI.java
Unescape View File

@ -215,9 +215,9 @@ public final class transferRWI {
} }
} }
prop.put("unknownURL", unknownURLs.toString()); prop.putASIS("unknownURL", unknownURLs.toString());
prop.put("result", result); prop.putASIS("result", result);
prop.put("pause", Integer.toString(pause)); prop.putASIS("pause", Integer.toString(pause));
// return rewrite properties // return rewrite properties
return prop; return prop;

4
htroot/yacy/transferURL.java
Unescape View File

@ -153,8 +153,8 @@ public final class transferURL {
result = "error_not_granted"; result = "error_not_granted";
} }
prop.put("double", doublevalues); prop.putASIS("double", doublevalues);
prop.put("result", result); prop.putASIS("result", result);
return prop; return prop;
} }
} }

2
htroot/yacysearch.java
Unescape View File

@ -398,7 +398,7 @@ public class yacysearch {
prop.put("type_results_" + i + "_authorized", (authenticated) ? 1 : 0); prop.put("type_results_" + i + "_authorized", (authenticated) ? 1 : 0);
prop.put("promoteSearchPageGreeting", promoteSearchPageGreeting); prop.put("promoteSearchPageGreeting", promoteSearchPageGreeting);
prop.put("former", wikiCode.replaceHTMLonly(post.get("search", ""))); prop.put("former", wikiCode.replaceXMLEntities(post.get("search", "")));
prop.put("count", count); prop.put("count", count);
prop.put("order", order); prop.put("order", order);
prop.put("resource", (global) ? "global" : "local"); prop.put("resource", (global) ? "global" : "local");

18
source/de/anomic/data/wikiCode.java
Unescape View File

@ -128,8 +128,8 @@ public class wikiCode {
*/ */
//[MN] //[MN]
public static String replaceHTML(String text) { public static String replaceHTML(String text) {
text = replace(text, xmlentities);
text = replace(text, htmlentities); text = replace(text, htmlentities);
text = replace(text, characters);
return text; return text;
} }
@ -139,8 +139,8 @@ public class wikiCode {
* @return the string with all special characters encoded * @return the string with all special characters encoded
*/ */
//[MN] //[MN]
public static String replaceCharacters(String text) { public static String replaceHTMLEntities(String text) {
text = replace(text, characters); text = replace(text, htmlentities);
return text; return text;
} }
@ -149,8 +149,8 @@ public class wikiCode {
* @return the string without any HTML-tags that can be used for XSS * @return the string without any HTML-tags that can be used for XSS
*/ */
//[MN] //[MN]
public static String replaceHTMLonly(String text) { public static String replaceXMLEntities(String text) {
text = replace(text, htmlentities); text = replace(text, xmlentities);
return text; return text;
} }
@ -175,7 +175,7 @@ public class wikiCode {
//This array contains codes (see http://mindprod.com/jgloss/unicode.html for details) //This array contains codes (see http://mindprod.com/jgloss/unicode.html for details)
//that will be replaced. To add new codes or patterns, just put them at the end //that will be replaced. To add new codes or patterns, just put them at the end
//of the list. Codes or patterns in this list can not be escaped with [= or <pre> //of the list. Codes or patterns in this list can not be escaped with [= or <pre>
public static String[] htmlentities={ public static String[] xmlentities={
// Ampersands _have_ to be replaced first. If they were replaced later, // Ampersands _have_ to be replaced first. If they were replaced later,
// other replaced characters containing ampersands would get messed up. // other replaced characters containing ampersands would get messed up.
"\u0026","&amp;", //ampersand "\u0026","&amp;", //ampersand
@ -187,7 +187,7 @@ public class wikiCode {
//This array contains codes (see http://mindprod.com/jgloss/unicode.html for details) and //This array contains codes (see http://mindprod.com/jgloss/unicode.html for details) and
//patterns that will be replaced. To add new codes or patterns, just put them at the end //patterns that will be replaced. To add new codes or patterns, just put them at the end
//of the list. Codes or patterns in this list can not be escaped with [= or <pre> //of the list. Codes or patterns in this list can not be escaped with [= or <pre>
public static String[] characters={ public static String[] htmlentities={
"\u005E","&#094;", // Caret "\u005E","&#094;", // Caret
"\u0060","&#096;", // Accent Grave ` "\u0060","&#096;", // Accent Grave `
@ -1046,12 +1046,12 @@ public class wikiCode {
public String transformLine(String result, plasmaSwitchboard switchboard) { public String transformLine(String result, plasmaSwitchboard switchboard) {
//If HTML has not bee replaced yet (can happen if method gets called in recursion), replace now! //If HTML has not bee replaced yet (can happen if method gets called in recursion), replace now!
if (!replacedHTML || preformattedSpan){ if (!replacedHTML || preformattedSpan){
result = replaceHTMLonly(result); result = replaceXMLEntities(result);
replacedHTML = true; replacedHTML = true;
} }
//If special characters have not bee replaced yet, replace now! //If special characters have not bee replaced yet, replace now!
if (!replacedCharacters || preformattedSpan){ if (!replacedCharacters || preformattedSpan){
result = replaceCharacters(result); result = replaceHTMLEntities(result);
replacedCharacters = true; replacedCharacters = true;
} }

6
source/de/anomic/http/httpd.java
Unescape View File

@ -804,12 +804,12 @@ public final class httpd implements serverHandler {
// 06.01.2007: decode HTML entities by [FB] // 06.01.2007: decode HTML entities by [FB]
public static String decodeHtmlEntities(String s) { public static String decodeHtmlEntities(String s) {
// replace all entities defined in wikiCode.characters and htmlentities // replace all entities defined in wikiCode.characters and htmlentities
for (int i=1; i<wikiCode.characters.length; i+=2) {
s = s.replaceAll(wikiCode.characters[i], wikiCode.characters[i - 1]);
}
for (int i=1; i<wikiCode.htmlentities.length; i+=2) { for (int i=1; i<wikiCode.htmlentities.length; i+=2) {
s = s.replaceAll(wikiCode.htmlentities[i], wikiCode.htmlentities[i - 1]); s = s.replaceAll(wikiCode.htmlentities[i], wikiCode.htmlentities[i - 1]);
} }
for (int i=1; i<wikiCode.xmlentities.length; i+=2) {
s = s.replaceAll(wikiCode.xmlentities[i], wikiCode.xmlentities[i - 1]);
}
// replace all other // replace all other
CharArrayWriter b = new CharArrayWriter(s.length()); CharArrayWriter b = new CharArrayWriter(s.length());

10
source/de/anomic/server/serverObjects.java
Unescape View File

@ -87,8 +87,8 @@ public class serverObjects extends Hashtable implements Cloneable {
/** /**
* like put, but it replaces any HTML special chars. * like put, but it replaces any HTML special chars.
*/ */
public Object putNoHTML(Object key, String value){ public Object putSafeXML(Object key, String value){
return put(key, wikiCode.replaceHTMLonly(value)); return put(key, wikiCode.replaceXMLEntities(value));
} }
// new put takes also null values // new put takes also null values
@ -111,7 +111,11 @@ public class serverObjects extends Hashtable implements Cloneable {
// string variant // string variant
public String put(String key, String value) { public String put(String key, String value) {
return (String) this.put((Object) key, (Object) value); //return putASIS(key, value);
return (String)putSafeXML(key, value); //XSS Safe!
}
public String putASIS(Object key, String value) {
return (String) this.put(key, (Object) value);
} }
// long variant // long variant

6
source/de/anomic/soap/services/SearchService.java
Unescape View File

@ -161,9 +161,9 @@ public class SearchService extends AbstractService
// Postprocess search ... // Postprocess search ...
int count = Integer.valueOf(searchResult.get("type_results","0")).intValue(); int count = Integer.valueOf(searchResult.get("type_results","0")).intValue();
for (int i=0; i < count; i++) { for (int i=0; i < count; i++) {
searchResult.put("type_results_" + i + "_url",wikiCode.replaceHTMLonly(searchResult.get("type_results_" + i + "_url",""))); searchResult.put("type_results_" + i + "_url",wikiCode.replaceXMLEntities(searchResult.get("type_results_" + i + "_url","")));
searchResult.put("type_results_" + i + "_description",wikiCode.replaceHTMLonly(searchResult.get("type_results_" + i + "_description",""))); searchResult.put("type_results_" + i + "_description",wikiCode.replaceXMLEntities(searchResult.get("type_results_" + i + "_description","")));
searchResult.put("type_results_" + i + "_urlname",wikiCode.replaceHTMLonly(searchResult.get("type_results_" + i + "_urlname",""))); searchResult.put("type_results_" + i + "_urlname",wikiCode.replaceXMLEntities(searchResult.get("type_results_" + i + "_urlname","")));
} }
// format the result // format the result

Write Preview
Loading…
Cancel
Save