Author: toad
Date: 2009-01-08 16:38:32 +0000 (Thu, 08 Jan 2009)
New Revision: 24978
Modified:
trunk/freenet/src/freenet/clients/http/ToadletContextImpl.java
trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties
Log:
Improve the warning, explain differently for no ?secureid vs for a bogus one,
avoid some bucket leaks, and offer a button to turn off history cloaking.
Modified: trunk/freenet/src/freenet/clients/http/ToadletContextImpl.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/ToadletContextImpl.java
2009-01-07 22:38:24 UTC (rev 24977)
+++ trunk/freenet/src/freenet/clients/http/ToadletContextImpl.java
2009-01-08 16:38:32 UTC (rev 24978)
@@ -464,7 +464,13 @@
HTMLNode warningBoxHeader = warningBox.addChild("div", "class",
"infobox-header");
warningBoxHeader.addChild("#", l10n("browserHistoryWarningBoxTitle"));
HTMLNode warningBoxContent = warningBox.addChild("div", "class",
"infobox-content");
- warningBoxContent.addChild("p", l10n("browserHistoryWarning"));
+ HTMLNode firstPara = warningBoxContent.addChild("p");
+ L10n.addL10nSubstitution(firstPara,
"ToadletContextImpl.browserHistoryWarning", new String[] { "bold", "/bold" },
new String[] { "<b>", "</b>" });
+ if(secureid == null || secureid.length() == 0)
+ firstPara.addChild("#", " " +
l10n("browserHistoryWarningNoSecureID"));
+ else
+ firstPara.addChild("#", " " +
l10n("browserHistoryWarningInvalidSecureID"));
+ warningBoxContent.addChild("p").addChild("b",
l10n("browserHistoryWarningEmptyHistory"));
// Link to the page
if(queries == null) queries = "?secureid="+expectedSecureID;
@@ -475,8 +481,10 @@
new String[] { "<a
href=\""+HTMLEncoder.encode(realPath)+"\">", "</a>" });
if(ctx.isAllowedFullAccess()) {
- // Button to disable the warning
- // FIXME implement
+ warningBoxContent.addChild("p",
l10n("browserHistoryWarningCanDisable"));
+ HTMLNode formNode = ctx.addFormChild(warningBoxContent,
"/config/", "turnOffHistoryCloaking");
+ formNode.addChild("input", new String[] { "type", "name",
"value" }, new String[] { "hidden", "fproxy.enableHistoryCloaking", "false" });
+ formNode.addChild("input", new String[] { "type", "value" },
new String[] { "submit", l10n("browserHistoryWarningDisableButton") });
}
byte[] data;
@@ -488,7 +496,7 @@
ctx.sendReplyHeaders(400, "Bad Request", null, "text/html;
charset=utf-8", data.length);
ctx.writeData(data);
-
+ req.freeParts();
return true;
}
Modified: trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties
===================================================================
--- trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties 2009-01-07
22:38:24 UTC (rev 24977)
+++ trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties 2009-01-08
16:38:32 UTC (rev 24978)
@@ -1273,10 +1273,15 @@
Toadlet.unauthorizedTitle=Unauthorized
Toadlet.unauthorized=You are not permitted access to this page.
Toadlet.homepage=Homepage
-ToadletContextImpl.browserHistoryWarningTitle=Warning: Browser history problem!
-ToadletContextImpl.browserHistoryWarningBoxTitle=Warning: Browser history
problem!
-ToadletContextImpl.browserHistoryWarning=You just followed a link, or entered
a URL, which did not include a valid ?secureid= parameter. This means that this
request is in your browser history, and can be read by any website you visit!
Please empty your browser history. If you will frequently enter URLs by hand,
you should use a dedicated browser for Freenet.
+ToadletContextImpl.browserHistoryWarningTitle=Warning: Possible information
leak!
+ToadletContextImpl.browserHistoryWarningBoxTitle=Warning: Possible information
leak!
+ToadletContextImpl.browserHistoryWarning=You just followed a link, or entered
a URL, which did not include a valid ?secureid= parameter. This means that this
request ${bold} is in your browser history${/bold}, and could be read by any
website you visit!
+ToadletContextImpl.browserHistoryWarningInvalidSecureID=This particular
request seems to have been copied from another node: if a hostile site knows
this URI it can probe your history for it.
+ToadletContextImpl.browserHistoryWarningNoSecureID=You may have copied a URL
directly into the location bar: this is dangerous, please do not do this unless
you have taken appropriate precautions (see below). If you want to visit a
specific freenet key please use the Fetch a Key box on the homepage.
+ToadletContextImpl.browserHistoryWarningEmptyHistory=Please empty your browser
history!
ToadletContextImpl.browserHistoryWarningLink=Click ${link}here${/link} to go
to the page you requested.
+ToadletContextImpl.browserHistoryWarningCanDisable=If you never use the same
browser for Freenet as for the web, if you always have privacy mode enabled, or
if you don't care about websites knowing which freesites you have visited, you
can turn off this warning:
+ToadletContextImpl.browserHistoryWarningDisableButton=Disable this warning
(READ WARNING FIRST!)
ToadletContextImpl.cannotParseContentLength=Content-length parse error:
${error}
ToadletContextImpl.cannotParseContentLengthWithError=Cannot parse the
content-length: ${error}
ToadletContextImpl.headersLineTooLong=Line too long parsing headers
_______________________________________________
cvs mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
