[freenet-cvs] r11289 - trunk/freenet/src/freenet/clients/http/filter

Thu Dec 7 21:08:21 UTC 2006

Author: toad
Date: 2006-12-07 21:08:20 +0000 (Thu, 07 Dec 2006)
New Revision: 11289

Modified:
   trunk/freenet/src/freenet/clients/http/filter/FilterCallback.java
   trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
   trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
   trunk/freenet/src/freenet/clients/http/filter/NullFilterCallback.java
Log:
Move the decision on whether a <form> is allowed to the filter callback, which is where it should be.
Force the enctype and accept-encoding.
Drop support for accept until we get around to filtering it properly.

Modified: trunk/freenet/src/freenet/clients/http/filter/FilterCallback.java
===================================================================

--- trunk/freenet/src/freenet/clients/http/filter/FilterCallback.java	2006-12-07 20:49:39 UTC (rev 11288)
+++ trunk/freenet/src/freenet/clients/http/filter/FilterCallback.java	2006-12-07 21:08:20 UTC (rev 11289)
@@ -15,16 +15,6 @@
 	public String processURI(String uri, String overrideType) throws CommentException;
 
 	/**
-	 * Should we allow GET forms?
-	 */
-	public boolean allowGetForms();
-	
-	/**
-	 * Should we allow POST forms?
-	 */
-	public boolean allowPostForms();
-
-	/**
 	 * Process a base URI in the page. Not only is this filtered, it affects all
 	 * relative uri's on the page.
 	 */
@@ -36,5 +26,13 @@
 	 *    (for example: "title")
 	 */
 	public void onText(String s, String type);
+
+	/**
+	 * Process a form on the page.
+	 * @param method The form sending method. Normally GET or POST.
+	 * @param action The URI to send the form to.
+	 * @return The new action URI, or null if the form is not allowed.
+	 */
+	public String processForm(String method, String action);
 	
 }

Modified: trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java	2006-12-07 20:49:39 UTC (rev 11288)
+++ trunk/freenet/src/freenet/clients/http/filter/GenericReadFilterCallback.java	2006-12-07 21:08:20 UTC (rev 11289)
@@ -215,5 +215,26 @@
 		if(cb != null)
 			cb.onText(s, type, baseURI);
 	}
+
+	/**
+	 * Process a form.
+	 * Current strategy:
+	 * - Both POST and GET forms are allowed to /
+	 * Anything that is hazardous should be protected through formPassword.
+	 */
+	public String processForm(String method, String action) {
+		if(action == null) return null;
+		method = method.toUpperCase();
+		if(!(method.equals("POST") || method.equals("GET"))) 
+			return null; // no irregular form sending methods
+		// Everything is allowed to / - updating the node, shutting it down, everything.
+		// Why? Becuase it's all protected by formPassword anyway.
+		// FIXME whitelist? Most things are okay if the user is prompted for a confirmation...
+		// FIXME what about /queue/ /darknet/ etc?
+		if(action.equals("/")) 
+			return action;
+		// Otherwise disallow.
+		return null;
+	}
 	
 }

Modified: trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java	2006-12-07 20:49:39 UTC (rev 11288)
+++ trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java	2006-12-07 21:08:20 UTC (rev 11289)
@@ -951,12 +951,9 @@
 			new FormTagVerifier(
 				"form",
 				new String[] {
-					"method",
-					"name",
-					"enctype",
-					"accept",
-					"accept-charset" },
-				new String[] { "action" },
+					"name" }, // FIXME add a whitelist filter for accept
+					// All other attributes are handled by FormTagVerifier.
+				new String[] { },
 				new String[] { "onsubmit", "onreset" }));
 		allowedTagsVerifiers.put(
 			"input",
@@ -1571,9 +1568,15 @@
 			ParsedTag p,
 			HTMLParseContext pc) throws DataFilterException {
 			Hashtable hn = super.sanitizeHash(h, p, pc);
-			// Action has been previously sanitized, we force it :p
-			hn.put("action","/");
-			
+			String method = (String) h.get("method");
+			String action = (String) h.get("action");
+			String finalAction = pc.cb.processForm(method, action);
+			if(finalAction == null) return null;
+			hn.put("method", method);
+			hn.put("action", finalAction);
+			// Force enctype and accept-charset to acceptable values.
+			hn.put("enctype", "multipart/form-data");
+			hn.put("accept-charset", "UTF-8");
 			return hn;
 		}
 	}

Modified: trunk/freenet/src/freenet/clients/http/filter/NullFilterCallback.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/NullFilterCallback.java	2006-12-07 20:49:39 UTC (rev 11288)
+++ trunk/freenet/src/freenet/clients/http/filter/NullFilterCallback.java	2006-12-07 21:08:20 UTC (rev 11289)
@@ -5,14 +5,6 @@
 
 public class NullFilterCallback implements FilterCallback {
 
-	public boolean allowGetForms() {
-		return false;
-	}
-
-	public boolean allowPostForms() {
-		return false;
-	}
-
 	public String processURI(String uri, String overrideType) {
 		return null;
 	}
@@ -25,4 +17,8 @@
 		// Do nothing
 	}
 
+	public String processForm(String method, String action) {
+		return null;
+	}
+
 }


