oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rev949, Newsfeed allows items 2min from future, Switch sidebar content.json list to input for faster opening, Promise based sidebar rendering to make it more reliable on slow connections, RateLimit sidebar globe updating, Some PEP8 formatting

Browse source
This commit is contained in:
HelloZeroNet 2016-03-06 19:28:22 +01:00
parent bfdccb809c
commit 2901f1e1ba
7 changed files with 77 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Config.py
View file

@ -8,7 +8,7 @@ class Config(object):
def __init__(self, argv):
self.version = "0.3.6"
self.rev = 948
self.rev = 949
self.argv = argv
self.action = None
self.config_file = "zeronet.conf"

9
src/Ui/UiRequest.py
View file

@ -190,8 +190,6 @@ class UiRequest(object):
return self.actionSiteMedia("/media" + path) # Only serve html files with frame
if self.isAjaxRequest():
return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper
# if self.env.get("HTTP_ORIGIN") and self.env.get("HTTP_ORIGIN").strip("/") != self.env.get("HTTP_HOST", "").strip("/"):
# return self.error403("Origin does not match")
site = SiteManager.site_manager.get(address)
@ -261,7 +259,6 @@ class UiRequest(object):
if content.get("postmessage_nonce_security"):
postmessage_nonce_security = "true"
if site.settings.get("own"):
sandbox_permissions = "allow-modals" # For coffeescript compile errors
else:
@ -328,9 +325,9 @@ class UiRequest(object):
allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed
data_dir = os.path.abspath("data") # No files from data/ allowed
if (
".." in file_path
or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir)
or allowed_dir == data_dir
".." in file_path or
not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or
allowed_dir == data_dir
): # File not in allowed path
return self.error403()
else: