diff --git a/libi2pd_client/HTTPProxy.cpp b/libi2pd_client/HTTPProxy.cpp
index 8c3a341e..a41320be 100644
--- a/libi2pd_client/HTTPProxy.cpp
+++ b/libi2pd_client/HTTPProxy.cpp
@@ -333,28 +333,39 @@ namespace proxy {
}
else if (!i2p::client::context.GetAddressBook ().FindAddress (m_RequestURL.host) || m_Confirm)
{
- if (m_Confirm)
+ // Referer check to prevent forced overwriting by link with "&update=true" from harmful URL
+ const std::string referer_raw = m_ClientRequest.GetHeader("Referer");
+ i2p::http::URL referer_url;
+ if (!referer_raw.empty ())
{
- // Referer check to prevent forced overwriting by link with "&update=true" from harmful URL
- const std::string referer_raw = m_ClientRequest.GetHeader("Referer");
- i2p::http::URL referer_url;
- if (!referer_raw.empty ())
- {
- referer_url.parse (referer_raw);
- }
- if (m_RequestURL.host != referer_url.host)
+ referer_url.parse (referer_raw);
+ }
+ if (m_RequestURL.host != referer_url.host)
+ {
+ if (m_Confirm)
{
LogPrint (eLogWarning, "HTTPProxy: Address update from addresshelper rejected for ", m_RequestURL.host, " (referer is ", m_RequestURL.host.empty() ? "empty" : "harmful", ")");
std::string full_url = m_RequestURL.to_string();
std::stringstream ss;
ss << tr("Host") << " " << m_RequestURL.host << " " << tr("already in router's addressbook") << ". ";
- ss << "" << tr("Be careful: source of this URL may be harmful") << "! ";
+ ss << "" << tr( /* Trying to overwrite an existing domain in the address book by direct link with "&update=true" is seems like an attack */ "Be careful: source of this URL may be harmful") << "! ";
ss << tr(/* tr: The "record" means addressbook's record. That message appears when domain was already added to addressbook, but helper link is opened for it. */ "Click here to update record:" );
ss << " " << tr("Continue") << ".";
GenericProxyInfo(tr("Addresshelper forced update rejected"), ss.str());
- return true; /* request processed */
}
+ else
+ {
+ LogPrint (eLogDebug, "HTTPProxy: Adding address from addresshelper for ", m_RequestURL.host, " (generate refer-base page)");
+ std::string full_url = m_RequestURL.to_string();
+ std::stringstream ss;
+ ss << tr("To add host") << " " << m_RequestURL.host << " " << tr("in router's addressbook") << ", ";
+ ss << tr("click here") << ":";
+ ss << " " << tr("Continue") << ".";
+ GenericProxyInfo(tr("Addresshelper request"), ss.str());
+ }
+ return true; /* request processed */
}
i2p::client::context.GetAddressBook ().InsertAddress (m_RequestURL.host, jump);
@@ -363,7 +374,7 @@ namespace proxy {
std::stringstream ss;
ss << tr("Host") <<" " << m_RequestURL.host << " " << tr("added to router's addressbook from helper") << ". ";
ss << tr("Click here to proceed:") << " " << tr("Continue") << ".";
- GenericProxyInfo(tr("Addresshelper found"), ss.str());
+ GenericProxyInfo(tr("Addresshelper adding"), ss.str());
return true; /* request processed */
}
else
@@ -374,7 +385,7 @@ namespace proxy {
ss << tr(/* tr: The "record" means addressbook's record. That message appears when domain was already added to addressbook, but helper link is opened for it. */ "Click here to update record:" );
ss << " " << tr("Continue") << ".";
- GenericProxyInfo(tr("Addresshelper found"), ss.str());
+ GenericProxyInfo(tr("Addresshelper update"), ss.str());
return true; /* request processed */
}
}