Author: nextgens
Date: 2006-08-27 18:59:16 +0000 (Sun, 27 Aug 2006)
New Revision: 10286
Modified:
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
Log:
Whitelist allowed protocols ... I might have forgotten a few
Modified:
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
===================================================================
---
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
2006-08-27 18:28:32 UTC (rev 10285)
+++
trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
2006-08-27 18:59:16 UTC (rev 10286)
@@ -5,6 +5,7 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
+import java.util.HashSet;
import freenet.clients.http.HTTPRequest;
import freenet.keys.FreenetURI;
@@ -14,6 +15,21 @@
public class GenericReadFilterCallback implements FilterCallback {
public static final String magicHTTPEscapeString = "_CHECKED_HTTP_";
+ public static final HashSet allowedProtocols;
+
+ static {
+ allowedProtocols = new HashSet();
+ allowedProtocols.add("http");
+ allowedProtocols.add("https");
+ allowedProtocols.add("ftp");
+ allowedProtocols.add("mailto");
+ allowedProtocols.add("nntp");
+ allowedProtocols.add("news");
+ allowedProtocols.add("snews");
+ allowedProtocols.add("about");
+ allowedProtocols.add("irc");
+ // file:// ?
+ }
private URI baseURI;
private final FoundURICallback cb;
@@ -112,11 +128,11 @@
} catch (MalformedURLException e) {
// Not a FreenetURI
}
-
- // REDFLAG: FIXME: check if it's an authorized protocol
- return
"/?"+GenericReadFilterCallback.magicHTTPEscapeString+"="+uri;
- //return null;
+
if(GenericReadFilterCallback.allowedProtocols.contains(uri.getScheme()))
+ return
"/?"+GenericReadFilterCallback.magicHTTPEscapeString+"="+uri;
+ else
+ return null;
}
private String finishProcess(HTTPRequest req, String overrideType,
String path, URI u, boolean noRelative) {
