MirrorMirror
/
lufi
mirror of https://framagit.org/fiat-tux/hat-softwares/lufi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🔒 Fix XSS where using zip feature (#254)

This commit is contained in:
Luc Didry 2021-11-02 14:50:23 +01:00
parent 41722d9161
commit e32ef3685f
No known key found for this signature in database
GPG Key ID: EA868E12D0257E3C
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -4,6 +4,7 @@ Revision history for Lufi
- 🐛 Fix mail signature separator - 🐛 Fix mail signature separator
- 💄 Disable signature when using LDAP (#249) - 💄 Disable signature when using LDAP (#249)
- 🌐 Update translations - 🌐 Update translations
- 🔒 Fix XSS where using zip feature (#254)
0.05.14 2021-06-16 0.05.14 2021-06-16
- 🔧 Set default morbo port to 3000 (as it should have stay) - 🔧 Set default morbo port to 3000 (as it should have stay)

4
themes/default/public/js/lufi-down.js
View File

@ -145,9 +145,9 @@ function spawnWebsocket(pa) {
zip.forEach(function (relativePath, zipEntry) { zip.forEach(function (relativePath, zipEntry) {
innerHTML.push( innerHTML.push(
'<li>', '<li>',
zipEntry.name, escapeHtml(zipEntry.name),
' (', filesize(zipEntry._data.uncompressedSize, {base: 10}), ') ', ' (', filesize(zipEntry._data.uncompressedSize, {base: 10}), ') ',
'<a href="#" download="', zipEntry.name, '" class="download-zip-content" title="', i18n.download, '">', '<a href="#" download="', escapeHtml(zipEntry.name), '" class="download-zip-content" title="', i18n.download, '">',
'<i class="mdi-file-file-download"></i>', '<i class="mdi-file-file-download"></i>',
'</a>', '</a>',
'</li>' '</li>'

4
themes/default/public/js/lufi-up.js
View File

@ -102,7 +102,7 @@ function firstViewClicking() {
} }
// When clicking on zip checkbox // When clicking on zip checkbox
function zipClicking () { function zipClicking() {
if ($('#zip-files').attr('data-checked') && $('#zip-files').attr('data-checked') === 'data-checked') { if ($('#zip-files').attr('data-checked') && $('#zip-files').attr('data-checked') === 'data-checked') {
window.zipSize = 0; window.zipSize = 0;
window.zip = null; window.zip = null;
@ -249,7 +249,7 @@ function handleFiles(f) {
$('#zip-size').text(filesize(window.zipSize)); $('#zip-size').text(filesize(window.zipSize));
$('#zip-parts').append([ $('#zip-parts').append([
'<li>', '<li>',
'— ', filename, ' (', filesize(element.size), ')', '— ', escapeHtml(filename), ' (', filesize(element.size), ')',
'</li>' '</li>'
].join('')); ].join(''));
} }