oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rev4188, Allow only white listed values for open_browser

Browse source
This commit is contained in:
shortcutme 2019-08-19 13:42:49 +02:00
parent c7822ed6e6
commit 155d8d4dfd
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Config.py
View file

@ -13,7 +13,7 @@ class Config(object):
def __init__(self, argv): def __init__(self, argv):
self.version = "0.7.0" self.version = "0.7.0"
self.rev = 4187 self.rev = 4188
self.argv = argv self.argv = argv
self.action = None self.action = None
self.pending_changes = {} self.pending_changes = {}

7
src/Ui/UiWebsocket.py
View file

@ -1137,9 +1137,14 @@ class UiWebsocket(object):
def actionConfigSet(self, to, key, value): def actionConfigSet(self, to, key, value):
import main import main
if key not in config.keys_api_change_allowed: if key not in config.keys_api_change_allowed:
self.response(to, {"error": "Forbidden you cannot set this config key"}) self.response(to, {"error": "Forbidden: You cannot set this config key"})
return return
if key == "open_browser":
if value not in ["default_browser", "False"]:
self.response(to, {"error": "Forbidden: Invalid value"})
return
# Remove empty lines from lists # Remove empty lines from lists
if type(value) is list: if type(value) is list:
value = [line for line in value if line] value = [line for line in value if line]