zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Various cleanup and fixes

Browse Source
This commit is contained in:
zefie
2023-08-29 18:53:49 -04:00
parent a1925dfa46
commit 477ad25cd1
2 changed files with 7 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
zefie_wtvp_minisrv/includes/ServiceVault/wtv-mail/readmail.js
View File

@@ -46,9 +46,8 @@ Content-type: text/html`;
if (message.body.indexOf("<body")) { if (message.body.indexOf("<body")) {
var default_colors = session_data.mailstore.defaultColors; var default_colors = session_data.mailstore.defaultColors;
var message_colors = session_data.mailstore.getSignatureColors(message.body); var message_colors = session_data.mailstore.getSignatureColors(message.body);
if (message_colors == default_colors) message_colors = null;
} }
if (!message_colors) message_colors = session_data.mailstore.getSignatureColors(message.signature); if (message.signature) message_colors = session_data.mailstore.getSignatureColors(message.signature);
if (typeof message.subject == "object" && message.subject) message.subject = wtvshared.decodeBufferText(message.subject); if (typeof message.subject == "object" && message.subject) message.subject = wtvshared.decodeBufferText(message.subject);
data = `<wtvnoscript> data = `<wtvnoscript>

20
zefie_wtvp_minisrv/includes/classes/WTVShared.js
View File

@@ -253,24 +253,14 @@ class WTVShared {
sanitizeSignature(string) { sanitizeSignature(string) {
var allowedSchemes = ['http', 'https', 'ftp', 'mailto']; var allowedSchemes = ['http', 'https', 'ftp', 'mailto'];
var self = this; var self = this;
Object.keys(this.minisrv_config.services).forEach(function (k) {
var flags = self.minisrv_config.services[k].flags;
if (flags) {
if (flags == "0x00000004" || flags == "0x00000007") {
allowedSchemes.push(self.minisrv_config.services[k].name);
}
}
});
var allowedProtocols = allowedSchemes;
// allow links to services flagged as "wideopen" // allow links to services flagged as "wideopen"
Object.keys(this.minisrv_config.services).forEach((k) => { Object.keys(this.minisrv_config.services).forEach((k) => {
var flag = parseInt(this.minisrv_config.services[k].flags, 16); var flag = parseInt(this.minisrv_config.services[k].flags, 16);
if (flag === 4 || flag === 7) { if (flag === 4 || flag === 7) {
if (!allowedProtocols.includes(k)) allowedProtocols.push(k); if (!allowedSchemes.includes(k)) allowedSchemes.push(k);
} }
}); });
self.debug("sanitizeSignature", "allowed protocols:", allowedProtocols); self.debug("sanitizeSignature", "allowed protocols:", allowedSchemes);
if (this.shenanigans.checkShenanigan(this.shenanigans.shenanigans.DISABLE_HTML_SANITIZER)) { if (this.shenanigans.checkShenanigan(this.shenanigans.shenanigans.DISABLE_HTML_SANITIZER)) {
// shenanigans level matches, don't filter // shenanigans level matches, don't filter
@@ -305,8 +295,8 @@ class WTVShared {
return false; return false;
} }
} }
Object.keys(allowedProtocols).forEach((j) => { Object.keys(allowedSchemes).forEach((j) => {
if (value.startsWith(allowedProtocols[j])) { if (value.startsWith(allowedSchemes[j])) {
allowed = true; allowed = true;
return false; return false;
} }
@@ -1124,7 +1114,7 @@ class WTVShared {
* @param {string} username String to filter * @param {string} username String to filter
*/ */
makeSafeUsername(username) { makeSafeUsername(username) {
return username.replace(/^([A-Za-z0-9\-\_]{5,16})$/, ''); return username.replace(/^([A-Za-z0-9\-\_])$/g, '');
} }
/** /**