diff --git a/webui/src/main/java/com/muwire/webui/DownloadServlet.java b/webui/src/main/java/com/muwire/webui/DownloadServlet.java index b1e8518f..d3b1e877 100644 --- a/webui/src/main/java/com/muwire/webui/DownloadServlet.java +++ b/webui/src/main/java/com/muwire/webui/DownloadServlet.java @@ -78,8 +78,9 @@ public class DownloadServlet extends HttpServlet { resp.setDateHeader("Expires", 0); resp.setHeader("Pragma", "no-cache"); resp.setHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate"); - resp.getWriter().write(sb.toString()); - resp.getWriter().flush(); + byte[] out = sb.toString().getBytes("UTF-8"); + resp.setContentLength(out.length); + resp.getOutputStream().write(out); } diff --git a/webui/src/main/java/com/muwire/webui/FilesServlet.java b/webui/src/main/java/com/muwire/webui/FilesServlet.java index 6741723e..fcc6c45e 100644 --- a/webui/src/main/java/com/muwire/webui/FilesServlet.java +++ b/webui/src/main/java/com/muwire/webui/FilesServlet.java @@ -22,6 +22,10 @@ public class FilesServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String section = req.getParameter("section"); + if (section == null) { + resp.sendError(403, "Bad section param"); + return; + } StringBuilder sb = new StringBuilder(); sb.append(""); if (section.equals("status")) { @@ -37,9 +41,13 @@ public class FilesServlet extends HttpServlet { String encodedPath = req.getParameter("path"); File current = null; if (encodedPath != null) { - String[] split = encodedPath.split(","); + String[] split = DataHelper.split(encodedPath, ","); for (String element : split) { element = Base64.decodeToString(element); + if (element == null) { + resp.sendError(403, "bad path"); + return; + } if (current == null) { current = new File(element); continue; @@ -55,8 +63,9 @@ public class FilesServlet extends HttpServlet { resp.setDateHeader("Expires", 0); resp.setHeader("Pragma", "no-cache"); resp.setHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate"); - resp.getWriter().write(sb.toString()); - resp.flushBuffer(); + byte[] out = sb.toString().getBytes("UTF-8"); + resp.setContentLength(out.length); + resp.getOutputStream().write(out); } @Override diff --git a/webui/src/main/java/com/muwire/webui/MuWireServlet.java b/webui/src/main/java/com/muwire/webui/MuWireServlet.java index af824680..b65cb6b8 100644 --- a/webui/src/main/java/com/muwire/webui/MuWireServlet.java +++ b/webui/src/main/java/com/muwire/webui/MuWireServlet.java @@ -57,7 +57,16 @@ public class MuWireServlet extends HttpServlet { "\n" + "\n" + "
\n" + - "MuWire is initializing, please wait
\n" + + "