boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

fix for xss bugs found by CTF365

Browse Source
pull/1/head
Michael Peter Christen 10 years ago
parent 6ee5b4352d
commit e4ccca9497
2 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File

4
htroot/yacyinteractive.java
Unescape View File

@ -53,8 +53,8 @@ public class yacyinteractive {
final String maximumRecords = (post == null) ? sb.getConfig(SwitchboardConstants.SEARCH_ITEMS, "10") : post.get("maximumRecords", "");
final boolean focus = (post == null) ? true : post.get("focus", "1").equals("1");
prop.putHTML("query", query);
prop.put("startRecord", startRecord);
prop.put("maximumRecords", maximumRecords);
prop.putHTML("startRecord", startRecord);
prop.putHTML("maximumRecords", maximumRecords);
prop.putHTML("querys", query.replaceAll(" ", "+"));
prop.put("serverlist", query.isEmpty() ? 1 : 0);
prop.put("focus", focus ? 1 : 0);

15
htroot/yacysearch.java
Unescape View File

@ -28,7 +28,6 @@
// if the shell's current path is HTROOT
import java.io.IOException;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Collection;
import java.util.ConcurrentModificationException;
@ -868,13 +867,9 @@ public class yacysearch {
prop.putHTML("prefermaskfilter", prefermask);
prop.put("indexof", (indexof) ? "on" : "off");
prop.put("constraint", (constraint == null) ? "" : constraint.exportB64());
prop.put("search.verify", snippetFetchStrategy == null
? sb.getConfig("search.verify", "iffresh")
: snippetFetchStrategy.toName());
prop.put(
"search.navigation",
(post == null) ? sb.getConfig("search.navigation", "all") : post.get("nav", "all"));
prop.put("contentdom", (post == null ? "text" : post.get("contentdom", "text")));
prop.put("search.verify", snippetFetchStrategy == null ? sb.getConfig("search.verify", "iffresh") : snippetFetchStrategy.toName());
prop.put("search.navigation", (post == null) ? sb.getConfig("search.navigation", "all") : post.get("nav", "all"));
prop.putHTML("contentdom", (post == null ? "text" : post.get("contentdom", "text")));
// for RSS: don't HTML encode some elements
prop.putXML("rss_query", originalquerystring);
@ -883,8 +878,8 @@ public class yacysearch {
sb.localSearchLastAccess = System.currentTimeMillis();
// hostname and port (assume locahost if nothing helps)
final InetAddress hostIP = Domains.myPublicLocalIP();
prop.put("myhost", hostIP != null ? hostIP.getHostAddress() : Domains.LOCALHOST);
final String hostIP = sb.peers.mySeed().getIP();
prop.put("myhost", hostIP != null ? hostIP : Domains.LOCALHOST);
prop.put("myport", sb.getConfig("port", "8090"));
// return rewrite properties

Write Preview
Loading…
Cancel
Save