[freenet-cvs] r11159 - trunk/freenet/src/freenet/clients/http

[toad at freenetproject.org]

Author: toad
Date: 2006-12-01 01:23:30 +0000 (Fri, 01 Dec 2006)
New Revision: 11159

Modified:
   trunk/freenet/src/freenet/clients/http/FProxyToadlet.java
Log:
Proper RSS warning. Also fix infinite loop.

Modified: trunk/freenet/src/freenet/clients/http/FProxyToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/FProxyToadlet.java	2006-12-01 00:40:55 UTC (rev 11158)
+++ trunk/freenet/src/freenet/clients/http/FProxyToadlet.java	2006-12-01 01:23:30 UTC (rev 11159)
@@ -103,7 +103,41 @@
 			}
 			
 			if(!forceDownload) {
-				forceDownload = horribleEvilHack(data);
+				if(horribleEvilHack(data) && !(mimeType.startsWith("application/rss+xml"))) {
+					HTMLNode pageNode = context.getPageMaker().getPageNode("Potentially Dangerous Content (RSS)");
+					HTMLNode contentNode = context.getPageMaker().getContentNode(pageNode);
+					
+					HTMLNode infobox = contentNode.addChild("div", "class", "infobox infobox-alert");
+					infobox.addChild("div", "class", "infobox-header", "RSS feed may be dangerous");
+					HTMLNode infoboxContent = infobox.addChild("div", "class", "infobox-content");
+					infoboxContent.addChild("#", "Freenet has detected that the file you are trying to fetch might be RSS. "+
+							"RSS cannot be properly filtered by Freenet, and may contain web-bugs (inline images etc which may "+
+							"expose your IP address to a malicious site author and therefore break your anonymity). "+
+							"Firefox 2.0 and Internet Explorer 7.0 will open the file as RSS even though its content type is \""+HTMLEncoder.encode(mimeType)+"\".");
+					infoboxContent.addChild("p", "Your options are:");
+					HTMLNode optionList = infoboxContent.addChild("ul");
+					HTMLNode option = optionList.addChild("li");
+					
+					option.addChild("a", "href", basePath + key.toString(false) + "?type=text/plain&force=" + getForceValue(key, now)+extras, "Click here");
+					option.addChild("#", " to open the file as plain text (this <b>may be dangerous</b> if you are running IE7 or FF2).");
+					// 	FIXME: is this safe? See bug #131
+					option = optionList.addChild("li");
+					option.addChild("a", "href", basePath + key.toString(false) + "?forcedownload"+extras, "Click here");
+					option.addChild("#", " to force your browser to download the file to disk.");
+					if(!mimeType.startsWith("text/plain")) {
+						option = optionList.addChild("li");
+						option.addChild("a", "href", basePath + key.toString(false) + "?force=" + getForceValue(key, now)+extras, "Click here");
+						option.addChild("#", " to open the file as " + mimeType + '.');
+					}
+					option = optionList.addChild("li");
+					option.addChild("a", "href", "/", "Click here");
+					option.addChild("#", " to go to the FProxy home page.");
+					
+					byte[] pageBytes = pageNode.generate().getBytes();
+					context.sendReplyHeaders(200, "OK", new MultiValueTable(), "text/html; charset=utf-8", pageBytes.length);
+					context.writeData(pageBytes);
+					return;
+				}
 			}
 			
 			if (forceDownload) {
@@ -187,7 +221,8 @@
 				if(bufProgress == find.length()) return true;
 			} else {
 				bufProgress = 0;
-				continue; // check if this byte is equal to the first one
+				if(bufProgress != 0)
+					continue; // check if this byte is equal to the first one
 			}
 			offset++;
 		}