From 7c99bb702e4c4744da2a8f52cced1513ddd6bf82 Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 25 Apr 2026 18:19:26 -0400 Subject: [PATCH] Console: Sanitize plugin name in ConfigClientsHandler reported by: bottomlineit.co.za --- .../src/net/i2p/router/web/helpers/ConfigClientsHandler.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigClientsHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigClientsHandler.java index 26bd2216d..fbb1db035 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigClientsHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigClientsHandler.java @@ -103,6 +103,7 @@ public class ConfigClientsHandler extends FormHandler { // value if (_action.startsWith("Start ")) { String app = _action.substring(6); + app = DataHelper.stripHTML(app); int appnum = -1; try { appnum = Integer.parseInt(app); @@ -126,6 +127,7 @@ public class ConfigClientsHandler extends FormHandler { // value if (_action.startsWith("Delete ")) { String app = _action.substring(7); + app = DataHelper.stripHTML(app); int appnum = -1; try { appnum = Integer.parseInt(app); @@ -165,6 +167,7 @@ public class ConfigClientsHandler extends FormHandler { if (_action.startsWith("Stop ")) { String app = _action.substring(5); + app = DataHelper.stripHTML(app); int appnum = -1; try { appnum = Integer.parseInt(app); @@ -197,6 +200,7 @@ public class ConfigClientsHandler extends FormHandler { if (_action.startsWith("Update ")) { if (pluginsEnabled) { String app = _action.substring(7); + app = DataHelper.stripHTML(app); updatePlugin(app); } else { addFormError("Plugins disabled"); @@ -208,6 +212,7 @@ public class ConfigClientsHandler extends FormHandler { if (_action.startsWith("Check ")) { if (pluginsEnabled) { String app = _action.substring(6); + app = DataHelper.stripHTML(app); checkPlugin(app); } else { addFormError("Plugins disabled");