mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-23 22:13:14 +03:00
Server fixes.
This commit is contained in:
parent
1c10b9c023
commit
923d85a5b9
@ -4074,6 +4074,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||||||
case 'userWebState': {
|
case 'userWebState': {
|
||||||
if (common.validateString(command.state, 1, 10000) == false) break; // Check state size, no more than 10k
|
if (common.validateString(command.state, 1, 10000) == false) break; // Check state size, no more than 10k
|
||||||
command.state = parent.filterUserWebState(command.state); // Filter the state to remove anything bad
|
command.state = parent.filterUserWebState(command.state); // Filter the state to remove anything bad
|
||||||
|
if ((command.state == null) || (typeof command.state !== 'object')) break; // If state did not validate correctly, quit here.
|
||||||
db.Set({ _id: 'ws' + user._id, state: command.state });
|
db.Set({ _id: 'ws' + user._id, state: command.state });
|
||||||
parent.parent.DispatchEvent([user._id], obj, { action: 'userWebState', nolog: 1, domain: domain.id, state: command.state });
|
parent.parent.DispatchEvent([user._id], obj, { action: 'userWebState', nolog: 1, domain: domain.id, state: command.state });
|
||||||
break;
|
break;
|
||||||
|
@ -1188,6 +1188,7 @@
|
|||||||
// Process server-side web state
|
// Process server-side web state
|
||||||
var webState = '{{{webstate}}}';
|
var webState = '{{{webstate}}}';
|
||||||
if (webState != '') { webState = JSON.parse(decodeURIComponent(webState)); }
|
if (webState != '') { webState = JSON.parse(decodeURIComponent(webState)); }
|
||||||
|
if ((webState == null) || (typeof webState != 'object')) { webState = {}; }
|
||||||
for (var i in webState) { if (i != 'desktopsettings') { localStorage.setItem(i, webState[i]); } }
|
for (var i in webState) { if (i != 'desktopsettings') { localStorage.setItem(i, webState[i]); } }
|
||||||
if (!webState.loctag) { try { delete localStorage.removeItem('loctag'); } catch (ex) { } }
|
if (!webState.loctag) { try { delete localStorage.removeItem('loctag'); } catch (ex) { } }
|
||||||
|
|
||||||
|
@ -1747,9 +1747,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
if (!user) { parent.debug('web', 'handleDeleteAccountRequest: user not found.'); res.sendStatus(404); return; }
|
if (!user) { parent.debug('web', 'handleDeleteAccountRequest: user not found.'); res.sendStatus(404); return; }
|
||||||
|
|
||||||
// Check if the password is correct
|
// Check if the password is correct
|
||||||
obj.authenticate(user.name, req.body.apassword1, domain, function (err, userid) {
|
obj.authenticate(user._id.split('/')[2], req.body.apassword1, domain, function (err, userid) {
|
||||||
var deluser = obj.users[userid];
|
var deluser = obj.users[userid];
|
||||||
if ((deluser != null) || (userid == null)) {
|
if ((userid != null) && (deluser != null)) {
|
||||||
// Remove all links to this user
|
// Remove all links to this user
|
||||||
if (deluser.links != null) {
|
if (deluser.links != null) {
|
||||||
for (var i in deluser.links) {
|
for (var i in deluser.links) {
|
||||||
@ -2813,10 +2813,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
// Download a desktop recording
|
// Download a desktop recording
|
||||||
function handleGetRecordings(req, res) {
|
function handleGetRecordings(req, res) {
|
||||||
const domain = checkUserIpAddress(req, res);
|
const domain = checkUserIpAddress(req, res);
|
||||||
if (domain == null) { return; }
|
if (domain == null) return;
|
||||||
|
|
||||||
// Check the query
|
// Check the query
|
||||||
if (req.query.file == null) { res.sendStatus(401); return; }
|
if ((req.query.file == null) || (obj.common.IsFilenameValid(req.query.file) !== true)) { res.sendStatus(401); return; }
|
||||||
|
|
||||||
// Get the recording path
|
// Get the recording path
|
||||||
var recordingsPath = null;
|
var recordingsPath = null;
|
||||||
@ -5608,6 +5608,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
const acceptableUserWebStateDesktopStrings = ['encoding', 'showfocus', 'showmouse', 'showcad', 'limitFrameRate', 'noMouseRotate', 'quality', 'scaling']
|
const acceptableUserWebStateDesktopStrings = ['encoding', 'showfocus', 'showmouse', 'showcad', 'limitFrameRate', 'noMouseRotate', 'quality', 'scaling']
|
||||||
obj.filterUserWebState = function (state) {
|
obj.filterUserWebState = function (state) {
|
||||||
if (typeof state == 'string') { try { state = JSON.parse(state); } catch (ex) { return null; } }
|
if (typeof state == 'string') { try { state = JSON.parse(state); } catch (ex) { return null; } }
|
||||||
|
if ((state == null) || (typeof state != 'object')) { return null; }
|
||||||
var out = {};
|
var out = {};
|
||||||
for (var i in acceptableUserWebStateStrings) {
|
for (var i in acceptableUserWebStateStrings) {
|
||||||
var n = acceptableUserWebStateStrings[i];
|
var n = acceptableUserWebStateStrings[i];
|
||||||
|
Loading…
Reference in New Issue
Block a user