Server fixes.

This commit is contained in:
Ylian Saint-Hilaire 2020-06-21 14:27:10 -07:00
parent 1c10b9c023
commit 923d85a5b9
3 changed files with 7 additions and 4 deletions

View File

@ -4074,6 +4074,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'userWebState': { case 'userWebState': {
if (common.validateString(command.state, 1, 10000) == false) break; // Check state size, no more than 10k if (common.validateString(command.state, 1, 10000) == false) break; // Check state size, no more than 10k
command.state = parent.filterUserWebState(command.state); // Filter the state to remove anything bad command.state = parent.filterUserWebState(command.state); // Filter the state to remove anything bad
if ((command.state == null) || (typeof command.state !== 'object')) break; // If state did not validate correctly, quit here.
db.Set({ _id: 'ws' + user._id, state: command.state }); db.Set({ _id: 'ws' + user._id, state: command.state });
parent.parent.DispatchEvent([user._id], obj, { action: 'userWebState', nolog: 1, domain: domain.id, state: command.state }); parent.parent.DispatchEvent([user._id], obj, { action: 'userWebState', nolog: 1, domain: domain.id, state: command.state });
break; break;

View File

@ -1188,6 +1188,7 @@
// Process server-side web state // Process server-side web state
var webState = '{{{webstate}}}'; var webState = '{{{webstate}}}';
if (webState != '') { webState = JSON.parse(decodeURIComponent(webState)); } if (webState != '') { webState = JSON.parse(decodeURIComponent(webState)); }
if ((webState == null) || (typeof webState != 'object')) { webState = {}; }
for (var i in webState) { if (i != 'desktopsettings') { localStorage.setItem(i, webState[i]); } } for (var i in webState) { if (i != 'desktopsettings') { localStorage.setItem(i, webState[i]); } }
if (!webState.loctag) { try { delete localStorage.removeItem('loctag'); } catch (ex) { } } if (!webState.loctag) { try { delete localStorage.removeItem('loctag'); } catch (ex) { } }

View File

@ -1747,9 +1747,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (!user) { parent.debug('web', 'handleDeleteAccountRequest: user not found.'); res.sendStatus(404); return; } if (!user) { parent.debug('web', 'handleDeleteAccountRequest: user not found.'); res.sendStatus(404); return; }
// Check if the password is correct // Check if the password is correct
obj.authenticate(user.name, req.body.apassword1, domain, function (err, userid) { obj.authenticate(user._id.split('/')[2], req.body.apassword1, domain, function (err, userid) {
var deluser = obj.users[userid]; var deluser = obj.users[userid];
if ((deluser != null) || (userid == null)) { if ((userid != null) && (deluser != null)) {
// Remove all links to this user // Remove all links to this user
if (deluser.links != null) { if (deluser.links != null) {
for (var i in deluser.links) { for (var i in deluser.links) {
@ -2813,10 +2813,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Download a desktop recording // Download a desktop recording
function handleGetRecordings(req, res) { function handleGetRecordings(req, res) {
const domain = checkUserIpAddress(req, res); const domain = checkUserIpAddress(req, res);
if (domain == null) { return; } if (domain == null) return;
// Check the query // Check the query
if (req.query.file == null) { res.sendStatus(401); return; } if ((req.query.file == null) || (obj.common.IsFilenameValid(req.query.file) !== true)) { res.sendStatus(401); return; }
// Get the recording path // Get the recording path
var recordingsPath = null; var recordingsPath = null;
@ -5608,6 +5608,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
const acceptableUserWebStateDesktopStrings = ['encoding', 'showfocus', 'showmouse', 'showcad', 'limitFrameRate', 'noMouseRotate', 'quality', 'scaling'] const acceptableUserWebStateDesktopStrings = ['encoding', 'showfocus', 'showmouse', 'showcad', 'limitFrameRate', 'noMouseRotate', 'quality', 'scaling']
obj.filterUserWebState = function (state) { obj.filterUserWebState = function (state) {
if (typeof state == 'string') { try { state = JSON.parse(state); } catch (ex) { return null; } } if (typeof state == 'string') { try { state = JSON.parse(state); } catch (ex) { return null; } }
if ((state == null) || (typeof state != 'object')) { return null; }
var out = {}; var out = {};
for (var i in acceptableUserWebStateStrings) { for (var i in acceptableUserWebStateStrings) {
var n = acceptableUserWebStateStrings[i]; var n = acceptableUserWebStateStrings[i];