mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-27 16:02:16 +03:00
Fixed Messenger with LDAP users.
This commit is contained in:
parent
7dc8900ac7
commit
36b3db0baa
@ -403,7 +403,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
var httpport = ((args.aliasport != null) ? args.aliasport : args.port);
|
||||
|
||||
// Build server information object
|
||||
var serverinfo = { domain: domain.id, name: domain.dns ? domain.dns : parent.certificates.CommonName, mpsname: parent.certificates.AmtMpsName, mpsport: mpsport, mpspass: args.mpspass, port: httpport, emailcheck: ((parent.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (args.lanonly != true) && (parent.certificates.CommonName != null) && (parent.certificates.CommonName.indexOf('.') != -1)), domainauth: (domain.auth == 'sspi'), serverTime: Date.now() };
|
||||
var serverinfo = { domain: domain.id, name: domain.dns ? domain.dns : parent.certificates.CommonName, mpsname: parent.certificates.AmtMpsName, mpsport: mpsport, mpspass: args.mpspass, port: httpport, emailcheck: ((parent.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (args.lanonly != true) && (parent.certificates.CommonName != null) && (parent.certificates.CommonName.indexOf('.') != -1) && (user._id.startsWith('~') == false)), domainauth: (domain.auth == 'sspi'), serverTime: Date.now() };
|
||||
serverinfo.languages = parent.renderLanguages;
|
||||
serverinfo.tlshash = Buffer.from(parent.webCertificateHashs[domain.id], 'binary').toString('hex').toUpperCase(); // SHA384 of server HTTPS certificate
|
||||
if ((parent.parent.config.domains[domain.id].amtacmactivation != null) && (parent.parent.config.domains[domain.id].amtacmactivation.acmmatch != null)) {
|
||||
|
@ -112,6 +112,7 @@ function zeroPad(num, c) { if (c == null) { c = 2; } var s = "00000000" + num; r
|
||||
// String validation
|
||||
function isAlphaNumeric(str) { return (str.match(/^[A-Za-z0-9]+$/) != null); };
|
||||
function isSafeString(str) { return ((typeof str == 'string') && (str.indexOf('<') == -1) && (str.indexOf('>') == -1) && (str.indexOf('&') == -1) && (str.indexOf('"') == -1) && (str.indexOf('\'') == -1) && (str.indexOf('+') == -1) && (str.indexOf('(') == -1) && (str.indexOf(')') == -1) && (str.indexOf('#') == -1) && (str.indexOf('%') == -1) && (str.indexOf(':') == -1)) };
|
||||
function isSafeString2(str) { return ((typeof str == 'string') && (str.indexOf('<') == -1) && (str.indexOf('>') == -1) && (str.indexOf('&') == -1) && (str.indexOf('"') == -1) && (str.indexOf('\'') == -1) && (str.indexOf('+') == -1) && (str.indexOf('(') == -1) && (str.indexOf(')') == -1) && (str.indexOf('#') == -1) && (str.indexOf('%') == -1)) };
|
||||
|
||||
// Parse URL arguments, only keep safe values
|
||||
function parseUriArgs() {
|
||||
@ -124,7 +125,7 @@ function parseUriArgs() {
|
||||
case 0: { name = decodeURIComponent(parsedUri[x]); break; }
|
||||
case 1: {
|
||||
r[name] = decodeURIComponent(parsedUri[x]);
|
||||
if (!isSafeString(r[name])) { delete r[name]; } else { var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } }
|
||||
if (!isSafeString2(r[name])) { delete r[name]; } else { var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } }
|
||||
break;
|
||||
} default: { break; }
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user