Author: nextgens
Date: 2006-08-27 18:16:51 +0000 (Sun, 27 Aug 2006)
New Revision: 10284
Modified:
trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
Log:
Implement a /CHECKED_HTTP toadlet, it might not be secure yet : DO NOT INSERT
IT INTO THE UPDATER before review !
I guess we need at least to whitelist some well known protocols in the
GenericReadFilterCallback
Modified: trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java 2006-08-27
17:02:33 UTC (rev 10283)
+++ trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java 2006-08-27
18:16:51 UTC (rev 10284)
@@ -5,11 +5,11 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Enumeration;
-
import freenet.client.ClientMetadata;
import freenet.client.HighLevelSimpleClient;
import freenet.client.InsertBlock;
import freenet.client.InserterException;
+import freenet.clients.http.filter.GenericReadFilterCallback;
import freenet.config.SubConfig;
import freenet.keys.FreenetURI;
import freenet.node.Node;
@@ -86,6 +86,15 @@
restartForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "submit", "restartconfirm", "Restart" });
writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
return;
+ }else if
(request.getParam(GenericReadFilterCallback.magicHTTPEscapeString).length()>0){
+ String pass = request.getParam("formPassword");
+ MultiValueTable headers = new MultiValueTable();
+ String url = null;
+ if(((pass != null) || pass.equals(core.formPassword))
&& request.getParam("Go").length() > 0)
+ url =
request.getParam(GenericReadFilterCallback.magicHTTPEscapeString);
+ headers.put("Location", url==null ? "/" : url);
+ ctx.sendReplyHeaders(302, "Found", headers, null, 0);
+ return;
}else if (request.getParam("update").length() > 0) {
HTMLNode pageNode =
ctx.getPageMaker().getPageNode("Node Update");
HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
@@ -225,7 +234,7 @@
HTMLNode pageNode = ctx.getPageMaker().getPageNode("Add
a Bookmark");
HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
HTMLNode infobox =
contentNode.addChild(ctx.getPageMaker().getInfobox("Confirm Bookmark
Addition"));
- HTMLNode addForm =
ctx.getPageMaker().getContentNode(infobox).addChild("form", new String[] {
"action", "method" }, new String[] { ".", "post" });
+ HTMLNode addForm =
ctx.getPageMaker().getContentNode(infobox).addChild("form", new String[] {
"action", "method" }, new String[] { "/", "post" });
addForm.addChild("#", "Please confirm that you want to
add the key " + request.getParam("newbookmark") + " to your bookmarks and enter
the description that you would prefer:");
addForm.addChild("br");
addForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "hidden", "key",
request.getParam("newbookmark") });
@@ -233,6 +242,22 @@
addForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "submit", "addbookmark", "Add bookmark" });
this.writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
return;
+ } else if
(request.getParam(GenericReadFilterCallback.magicHTTPEscapeString).length() >
0) {
+ HTMLNode pageNode =
ctx.getPageMaker().getPageNode("Link to external resources");
+ HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
+ HTMLNode warnbox =
contentNode.addChild(ctx.getPageMaker().getInfobox("infobox-warning", "External
link"));
+ HTMLNode externalLinkForm =
ctx.getPageMaker().getContentNode(warnbox).addChild("form", new String[] {
"action", "method" }, new String[] { "/", "post" });
+
+ // FIXME: has
request.getParam(GenericReadFilterCallback.magicHTTPEscapeString) been
sanityzed ?
+ final String target =
request.getParam(GenericReadFilterCallback.magicHTTPEscapeString);
+ externalLinkForm.addChild("#", "Please confirm that you
want to go to " + target + ". WARNING: You are leaving FREENET! Clicking on
this link may and WILL comrpomise your anonymity. It is strongly recommended
not to do so!");
+ externalLinkForm.addChild("br");
+ externalLinkForm.addChild("input", new String[] {
"type", "name", "value" }, new String[] { "hidden",
GenericReadFilterCallback.magicHTTPEscapeString, target });
+ externalLinkForm.addChild("input", new String[] {
"type", "name", "value" }, new String[] { "hidden", "formPassword",
core.formPassword });
+ externalLinkForm.addChild("input", new String[] {
"type", "name", "value" }, new String[] { "submit", "cancel", "Cancel" });
+ externalLinkForm.addChild("input", new String[] {
"type", "name", "value" }, new String[] { "submit", "Go", "Go to the specified
link" });
+ this.writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
+ return;
} else if (request.isParameterSet("managebookmarks")) {
HTMLNode pageNode =
ctx.getPageMaker().getPageNode("Bookmark Manager");
HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
Modified:
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
===================================================================
---
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
2006-08-27 17:02:33 UTC (rev 10283)
+++
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
2006-08-27 18:16:51 UTC (rev 10284)
@@ -13,6 +13,7 @@
import freenet.support.URIPreEncoder;
public class GenericReadFilterCallback implements FilterCallback {
+ public static final String magicHTTPEscapeString = "_CHECKED_HTTP_";
private URI baseURI;
private final FoundURICallback cb;
@@ -111,8 +112,11 @@
} catch (MalformedURLException e) {
// Not a FreenetURI
}
+
+ // REDFLAG: FIXME: check if it's an authorized protocol
+ return
"/?"+GenericReadFilterCallback.magicHTTPEscapeString+"="+uri;
- return null;
+ //return null;
}
private String finishProcess(HTTPRequest req, String overrideType,
String path, URI u, boolean noRelative) {
