fixed some XSS bugs reported by Marius from http://ctf365.com/

11 years ago · ff86cb683f
parent da33ee0d77
commit ff86cb683f
3 changed files with 5 additions and 4 deletions
--- a/htroot/User.java
+++ b/htroot/User.java
@ -96,7 +96,7 @@ public class User{
        		prop.putHTML("logged-in_returnto", post.get("returnto"));
            final String username=post.get("username");
            final String password=post.get("password");
-            prop.put("logged-in_username", username);
+            prop.putHTML("logged-in_username", username);

            entry=sb.userDB.passwordAuth(username, password);
            final boolean staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals(
@ -160,7 +160,7 @@ public class User{
            	prop.authenticationRequired();
            }
            if(post.containsKey("returnto")){
-                prop.put(serverObjects.ACTION_LOCATION, post.get("returnto"));
+                prop.putHTML(serverObjects.ACTION_LOCATION, post.get("returnto"));
            }
        }
        // return rewrite properties
--- a/htroot/ViewProfile.java
+++ b/htroot/ViewProfile.java
@ -69,7 +69,7 @@ public class ViewProfile {
            prop.put("success", "0");
            return prop;
        }
-        prop.put("hash", hash);
+        prop.putHTML("hash", hash);

        // get the profile
        Map<String, String> profile = null;
--- a/source/net/yacy/server/http/HTTPDFileHandler.java
+++ b/source/net/yacy/server/http/HTTPDFileHandler.java
@ -109,6 +109,7 @@ import net.yacy.cora.util.ConcurrentLog;
 import net.yacy.cora.util.NumberTools;
 import net.yacy.data.UserDB;
 import net.yacy.document.parser.htmlParser;
+import net.yacy.document.parser.html.CharacterCoding;
 import net.yacy.document.parser.html.ContentScraper;
 import net.yacy.document.parser.html.ScraperInputStream;
 import net.yacy.kelondro.util.FileUtils;
@ -484,7 +485,7 @@ public final class HTTPDFileHandler {
                //no defaultfile, send a dirlisting
                if (targetFile == null || !targetFile.exists() || (targetFile.exists() && targetFile.isDirectory())) {
                    final StringBuilder aBuffer = new StringBuilder();
-                    aBuffer.append("<html>\n<head>\n</head>\n<body>\n<h1>Index of " + path + "</h1>\n  <ul>\n");
+                    aBuffer.append("<html>\n<head>\n</head>\n<body>\n<h1>Index of " + CharacterCoding.unicode2html(path, true) + "</h1>\n  <ul>\n");
                    String[] list = targetFile.list();
                    if (list == null) list = new String[0]; // should not occur!
                    File f;