zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BREAKING CHANGES: (for SeCuRiTy):

Browse Source 
By default:
- `ssid_sessions[socket.ssid]` is now `session_data`
- `require` is no longer allowed in user scripts

To access global `socket_sessions` and `ssid_sessions`, as well as `require` additional modules, you must set `privileged: true` for the specific service. See `config.json`.
This commit is contained in:
zefie
2022-10-09 13:26:14 -04:00
parent 2491f62b89
commit 37f1ab67ad
118 changed files with 577 additions and 530 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
zefie_wtvp_minisrv/ServiceVault/wtv-setup/edit-password.js
View File

@@ -1,11 +1,11 @@
var minisrv_service_file = true;
ssid_sessions[socket.ssid].loadSessionData();
session_data.loadSessionData();
var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : ssid_sessions[socket.ssid].user_id;
var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : session_data.user_id;
// security
if (ssid_sessions[socket.ssid].user_id != 0 && ssid_sessions[socket.ssid].user_id != user_id) {
if (session_data.user_id != 0 && session_data.user_id != user_id) {
user_id = null; // force unset
var errpage = wtvshared.doErrorPage(400, "You are not authorized to change the selected user's password.");
headers = errpage[0];
@@ -14,7 +14,7 @@ if (ssid_sessions[socket.ssid].user_id != 0 && ssid_sessions[socket.ssid].user_i
if (user_id != null) {
var userSession = null;
if (ssid_sessions[socket.ssid].user_id == request_headers.query.user_id) userSession = ssid_sessions[socket.ssid];
if (session_data.user_id == request_headers.query.user_id) userSession = session_data;
else {
userSession = new WTVClientSessionData(minisrv_config, socket.ssid);
userSession.user_id = user_id;
@@ -34,7 +34,7 @@ Content-Type: text/html`;
<HTML>
<HEAD>
<TITLE>
Change ${(user_id == ssid_sessions[socket.ssid].user_id) ? 'your' : 'user'} password
Change ${(user_id == session_data.user_id) ? 'your' : 'user'} password
</TITLE>
<DISPLAY nosave
noscroll>
@@ -74,7 +74,7 @@ noscroll>
<td abswidth=14>
<td abswidth=416 absheight=80 valign=center>
<font size="+2" color="E7CE4A"><blackface><shadow>
Change ${(user_id == ssid_sessions[socket.ssid].user_id) ? 'your' : 'user'} password
Change ${(user_id == session_data.user_id) ? 'your' : 'user'} password
<td abswidth=20>
<tr>
<td>