Author: nextgens
Date: 2006-10-31 20:19:28 +0000 (Tue, 31 Oct 2006)
New Revision: 10770
Modified:
trunk/freenet/src/freenet/clients/http/StatisticsToadlet.java
trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
Log:
Secure the ?getThreadDump, switching to POST and requiering the formPassword
Modified: trunk/freenet/src/freenet/clients/http/StatisticsToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/StatisticsToadlet.java
2006-10-31 20:07:25 UTC (rev 10769)
+++ trunk/freenet/src/freenet/clients/http/StatisticsToadlet.java
2006-10-31 20:19:28 UTC (rev 10770)
@@ -99,7 +99,8 @@
if(node.isUsingWrapper()){
HTMLNode infobox =
contentNode.addChild(ctx.getPageMaker().getInfobox("Request a Thread Dump to be
generated"));
// Yes, we want it to be a GET so that we can use
external tools to trigger it.
- HTMLNode threadDumpForm =
ctx.getPageMaker().getContentNode(infobox).addChild("form", new String[] {
"action", "method" }, new String[] { "/", "GET" });
+ HTMLNode threadDumpForm =
ctx.getPageMaker().getContentNode(infobox).addChild("form", new String[] {
"action", "method" }, new String[] { "/", "POST" });
+ threadDumpForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "hidden", "formPassword", core.formPassword
});
threadDumpForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "submit", "getThreadDump", "Generate a Thread
Dump" });
}
Modified: trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java 2006-10-31
20:07:25 UTC (rev 10769)
+++ trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java 2006-10-31
20:19:28 UTC (rev 10770)
@@ -122,7 +122,23 @@
shutdownForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "submit", "shutdownconfirm", "Shut down" });
writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
return;
- } else if (request.isParameterSet("addbookmark")) {
+ }else if(request.isParameterSet("getThreadDump")) {
+ String pass = request.getParam("formPassword");
+ if(!pass.equals(core.formPassword)) return;
+ HTMLNode pageNode = ctx.getPageMaker().getPageNode("Get
a Thread Dump");
+ HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
+ if(node.isUsingWrapper()){
+ HTMLNode infobox =
contentNode.addChild(ctx.getPageMaker().getInfobox("Thread Dump generation"));
+
ctx.getPageMaker().getContentNode(infobox).addChild("#", "A thread dump has
been generated, it's aviable in "+
WrapperManager.getProperties().getProperty("wrapper.logfile"));
+ System.out.println("Thread Dump:");
+ WrapperManager.requestThreadDump();
+ }else{
+ HTMLNode infobox =
contentNode.addChild(ctx.getPageMaker().getInfobox("infobox-error","Thread Dump
generation"));
+
ctx.getPageMaker().getContentNode(infobox).addChild("#", "It's not possible to
make the node generate a thread dump if you aren't using the wrapper!");
+ }
+ this.writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
+ return;
+ }else if (request.isParameterSet("addbookmark")) {
try {
bookmarks.addBookmark(new
Bookmark(request.getParam("key"), request.getParam("name")), true);
} catch (MalformedURLException mue) {
@@ -319,20 +335,6 @@
addForm.addChild("input", new String[] { "type",
"name", "value" }, new String[] { "submit", "addbookmark", "Add bookmark" });
this.writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
return;
- }else if(request.isParameterSet("getThreadDump")) {
- HTMLNode pageNode = ctx.getPageMaker().getPageNode("Get
a Thread Dump");
- HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
- if(node.isUsingWrapper()){
- HTMLNode infobox =
contentNode.addChild(ctx.getPageMaker().getInfobox("Thread Dump generation"));
-
ctx.getPageMaker().getContentNode(infobox).addChild("#", "A thread dump is
being generated, it will be available in "+
WrapperManager.getProperties().getProperty("wrapper.logfile"));
- System.out.println("Thread Dump:");
- WrapperManager.requestThreadDump();
- }else{
- HTMLNode infobox =
contentNode.addChild(ctx.getPageMaker().getInfobox("infobox-error","Thread Dump
generation"));
-
ctx.getPageMaker().getContentNode(infobox).addChild("#", "It's not possible to
make the node generate a thread dump if you aren't using the wrapper!");
- }
- this.writeReply(ctx, 200, "text/html", "OK",
pageNode.generate());
- return;
} else if
(request.getParam(GenericReadFilterCallback.magicHTTPEscapeString).length() >
0) {
HTMLNode pageNode =
ctx.getPageMaker().getPageNode("Link to external resources");
HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
