Sulkta-OSS/dynmap-neoforge
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make sure all JSON/web text interactions are escaped and/or UTF-8

Browse source
This commit is contained in:
Mike Primm 2011-06-02 00:20:25 -05:00
parent 3c793b5302
commit 0fdeee5177
5 changed files with 18 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/main/java/org/dynmap/web/Json.java
View file

@ -6,6 +6,8 @@ import java.lang.reflect.Modifier;
import java.util.List;
import java.util.Map;
import org.json.simple.JSONObject;
public class Json {
public static String stringifyJson(Object o) {
StringBuilder sb = new StringBuilder();
@ -19,7 +21,7 @@ public class Json {
} else if (o instanceof Boolean) {
s.append(((Boolean) o) ? "true" : "false");
} else if (o instanceof String) {
s.append("\"" + ((String)o).replace("\"", "\\\"") + "\"");
s.append("\"" + JSONObject.escape((String)o) + "\"");
} else if (o instanceof Integer || o instanceof Long || o instanceof Float || o instanceof Double) {
s.append(o.toString());
} else if (o instanceof Map<?, ?>) {

4
src/main/java/org/dynmap/web/handlers/ClientConfigurationHandler.java
View file

@ -33,12 +33,12 @@ public class ClientConfigurationHandler implements HttpHandler {
String s = configurationObject.toJSONString();
cachedConfiguration = s.getBytes();
cachedConfiguration = s.getBytes("UTF-8");
}
String dateStr = new Date().toString();
response.fields.put("Date", dateStr);
response.fields.put("Content-Type", "text/plain");
response.fields.put("Content-Type", "text/plain; charset=utf-8");
response.fields.put("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");
response.fields.put("Last-modified", dateStr);
response.fields.put("Content-Length", Integer.toString(cachedConfiguration.length));

4
src/main/java/org/dynmap/web/handlers/ClientUpdateHandler.java
View file

@ -67,11 +67,11 @@ public class ClientUpdateHandler implements HttpHandler {
s(u, "timestamp", current);
plugin.events.trigger("buildclientupdate", new ClientUpdateEvent(since, dynmapWorld, u));
byte[] bytes = u.toJSONString().getBytes();
byte[] bytes = u.toJSONString().getBytes("UTF-8");
String dateStr = new Date().toString();
response.fields.put(HttpField.Date, dateStr);
response.fields.put(HttpField.ContentType, "text/plain");
response.fields.put(HttpField.ContentType, "text/plain; charset=utf-8");
response.fields.put(HttpField.Expires, "Thu, 01 Dec 1994 16:00:00 GMT");
response.fields.put(HttpField.LastModified, dateStr);
response.fields.put(HttpField.ContentLength, Integer.toString(bytes.length));

5
src/main/java/org/dynmap/web/handlers/SendMessageHandler.java
View file

@ -1,6 +1,7 @@
package org.dynmap.web.handlers;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.logging.Logger;
@ -21,7 +22,7 @@ public class SendMessageHandler implements HttpHandler {
private static final JSONParser parser = new JSONParser();
public Event<Message> onMessageReceived = new Event<SendMessageHandler.Message>();
private Charset cs_utf8 = Charset.forName("UTF-8");
public int maximumMessageInterval = 1000;
public String spamMessage = "\"You may only chat once every %interval% seconds.\"";
private HashMap<String, WebUser> disallowedUsers = new HashMap<String, WebUser>();
@ -36,7 +37,7 @@ public class SendMessageHandler implements HttpHandler {
return;
}
InputStreamReader reader = new InputStreamReader(request.body);
InputStreamReader reader = new InputStreamReader(request.body, cs_utf8);
JSONObject o = (JSONObject)parser.parse(reader);
final Message message = new Message();