diff --git a/htroot/Connections_p.java b/htroot/Connections_p.java index 2a759a175..4eb4175a1 100644 --- a/htroot/Connections_p.java +++ b/htroot/Connections_p.java @@ -199,7 +199,7 @@ public final class Connections_p { // TODO Auto-generated catch block e.printStackTrace(); } - prop.put("list_" + idx + "_sessionName", currentSession.getName()); + prop.putHTML("list_" + idx + "_sessionName", currentSession.getName()); prop.put("list_" + idx + "_proto", prot); if (sessionTime > 1000*60) { prop.put("list_" + idx + "_ms", "0"); diff --git a/htroot/yacy/search.java b/htroot/yacy/search.java index c6ad03345..8418250c5 100644 --- a/htroot/yacy/search.java +++ b/htroot/yacy/search.java @@ -180,7 +180,7 @@ public final class search { theQuery = new plasmaSearchQuery(null, queryhashes, excludehashes, rankingProfile, maxdist, prefer, plasmaSearchQuery.contentdomParser(contentdom), false, count, 0, filter, plasmaSearchQuery.SEARCHDOM_LOCAL, null, -1, constraint, false, yacyURL.TLD_any_zone_filter, client); theQuery.domType = plasmaSearchQuery.SEARCHDOM_LOCAL; yacyCore.log.logInfo("INIT HASH SEARCH (query-" + abstracts + "): " + plasmaSearchQuery.anonymizedQueryHashes(theQuery.queryHashes) + " - " + theQuery.displayResults() + " links"); - RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Remote Search Request from " + remoteSeed.getName(), plasmaSearchQuery.anonymizedQueryHashes(theQuery.queryHashes))); + RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Remote Search Request from " + remoteSeed.getName(), plasmaSearchQuery.anonymizedQueryHashes(theQuery.queryHashes))); // make event theSearch = plasmaSearchEvent.getEvent(theQuery, rankingProfile, sb.wordIndex, sb.crawlResults, null, true); diff --git a/htroot/yacysearchitem.java b/htroot/yacysearchitem.java index a3aee77e1..144b95d91 100644 --- a/htroot/yacysearchitem.java +++ b/htroot/yacysearchitem.java @@ -225,7 +225,7 @@ public class yacysearchitem { ((yacyURL.probablyRootURL(result.hash())) ? ", probablyRootURL" : "") + (((wordURL = yacyURL.probablyWordURL(result.hash(), query[0])) != null) ? ", probablyWordURL=" + wordURL.toNormalform(false, true) : "")); plasmaSnippetCache.TextSnippet snippet = result.textSnippet(); - prop.put("content_snippet", (snippet == null) ? "(snippet not found)" : snippet.getLineMarked(theQuery.queryHashes)); + prop.putHTML("content_snippet", (snippet == null) ? "(snippet not found)" : snippet.getLineMarked(theQuery.queryHashes)); serverProfiling.update("SEARCH", new plasmaProfiling.searchEvent(theQuery.id(true), plasmaSearchEvent.FINALIZATION + "-" + item, 0, 0)); return prop; diff --git a/source/de/anomic/plasma/plasmaWordIndex.java b/source/de/anomic/plasma/plasmaWordIndex.java index 54c0fa19a..060f0796c 100644 --- a/source/de/anomic/plasma/plasmaWordIndex.java +++ b/source/de/anomic/plasma/plasmaWordIndex.java @@ -61,6 +61,7 @@ import de.anomic.server.serverMemory; import de.anomic.server.logging.serverLog; import de.anomic.xml.RSSFeed; import de.anomic.xml.RSSMessage; +import de.anomic.yacy.yacyCore; import de.anomic.yacy.yacyDHTAction; import de.anomic.yacy.yacySeedDB; import de.anomic.yacy.yacyURL; @@ -665,7 +666,7 @@ public final class plasmaWordIndex implements indexRI { "Anchors: " + ((document.getAnchors() == null) ? 0 : document.getAnchors().size()) + "\n\tLinkStorageTime: " + (storageEndTime - startTime) + " ms | " + "indexStorageTime: " + (indexingEndTime - storageEndTime) + " ms"); - RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Indexed web page", entry.url().toNormalform(true, false))); + RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Indexed web page", entry.url().toNormalform(true, false))); } // finished diff --git a/source/de/anomic/yacy/yacyCore.java b/source/de/anomic/yacy/yacyCore.java index 99a4d7cb3..16abdfe62 100644 --- a/source/de/anomic/yacy/yacyCore.java +++ b/source/de/anomic/yacy/yacyCore.java @@ -76,6 +76,8 @@ import de.anomic.server.serverDate; import de.anomic.server.serverSemaphore; import de.anomic.server.serverSwitch; import de.anomic.server.logging.serverLog; +import de.anomic.xml.RSSFeed; +import de.anomic.xml.RSSMessage; public class yacyCore { @@ -99,6 +101,7 @@ public class yacyCore { private static final int PING_MIN_DBSIZE = 5; private static final int PING_MIN_PEERSEEN = 1; // min. accessible to force senior private static final long PING_MAX_DBAGE = 15 * 60 * 1000; // in milliseconds + public static final String channelName = "PEERNEWS"; // public static yacyShare shareManager = null; // public static boolean terminate = false; @@ -122,6 +125,11 @@ public class yacyCore { this.switchboard = sb; switchboard.setConfig("yacyStatus", ""); + + // create a peer news channel + RSSFeed peernews = RSSFeed.channels(channelName); + peernews.setMaxsize(100); + peernews.addMessage(new RSSMessage("YaCy started", "")); // set log level log = new serverLog("YACY"); diff --git a/source/de/anomic/yacy/yacyNewsAction.java b/source/de/anomic/yacy/yacyNewsAction.java index c8db8a504..b07364fa8 100644 --- a/source/de/anomic/yacy/yacyNewsAction.java +++ b/source/de/anomic/yacy/yacyNewsAction.java @@ -66,7 +66,7 @@ public class yacyNewsAction implements yacyPeerAction { String decodedString = de.anomic.tools.crypt.simpleDecode(recordString, ""); yacyNewsRecord record = yacyNewsRecord.newRecord(decodedString); if (record != null) { - RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Peer Arrival", peer.getName() + " has joined the network")); + RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Peer Arrival", peer.getName() + " has joined the network")); //System.out.println("### news arrival from peer " + peer.getName() + ", decoded=" + decodedString + ", record=" + recordString + ", news=" + record.toString()); String cre1 = (String) serverCodings.string2map(decodedString, ",").get("cre"); String cre2 = (String) serverCodings.string2map(record.toString(), ",").get("cre"); @@ -83,7 +83,7 @@ public class yacyNewsAction implements yacyPeerAction { } public void processPeerDeparture(yacySeed peer) { - RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Peer Departure", peer.getName() + " has left the network")); + RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Peer Departure", peer.getName() + " has left the network")); } public void processPeerPing(yacySeed peer) { diff --git a/source/de/anomic/yacy/yacyNewsPool.java b/source/de/anomic/yacy/yacyNewsPool.java index 03f17b8f5..7ab3d9a4f 100644 --- a/source/de/anomic/yacy/yacyNewsPool.java +++ b/source/de/anomic/yacy/yacyNewsPool.java @@ -342,7 +342,7 @@ public class yacyNewsPool { incomingNews.push(record); // add message to feed channel - //RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Incoming News: " + record.category() + " from " + record.originator(), record.attributes().toString())); + //RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Incoming News: " + record.category() + " from " + record.originator(), record.attributes().toString())); } public int size(int dbKey) { diff --git a/source/de/anomic/yacy/yacySeed.java b/source/de/anomic/yacy/yacySeed.java index 4779fcfed..492d46f7b 100644 --- a/source/de/anomic/yacy/yacySeed.java +++ b/source/de/anomic/yacy/yacySeed.java @@ -191,6 +191,7 @@ public class yacySeed { final String flags = (String) this.dna.get(yacySeed.FLAGS); if ((flags == null) || (flags.length() != 4)) { this.dna.put(yacySeed.FLAGS, yacySeed.FLAGSZERO); } this.available = 0; + this.dna.put(yacySeed.NAME, checkPeerName(get(yacySeed.NAME, "∅"))); } public yacySeed(String theHash) { @@ -263,6 +264,17 @@ public class yacySeed { return name; } + /** + * check the peer name: protect against usage as XSS hack + * @param name + * @return a checked name without "<" and ">" + */ + private static String checkPeerName(String name) { + name.replaceAll("<", "_"); + name.replaceAll(">", "_"); + return name; + } + /** * Checks for the static fragments of a generated default peer name, such as the string 'dpn' * @see #makeDefaultPeerName() @@ -363,7 +375,7 @@ public class yacySeed { } public final String getName() { - return get(yacySeed.NAME, "∅"); + return checkPeerName(get(yacySeed.NAME, "∅")); } public final String getHexHash() { @@ -811,6 +823,9 @@ public class yacySeed { final String seed = crypt.simpleDecode(seedStr, key); if (seed == null) { return null; } final HashMap dna = serverCodings.string2map(seed, ","); + String peerName = dna.get(yacySeed.NAME); + if (peerName == null) return null; + dna.put(yacySeed.NAME, checkPeerName(peerName)); final String hash = (String) dna.remove(yacySeed.HASH); final yacySeed resultSeed = new yacySeed(hash, dna); if (properTest) {