mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-23 14:01:43 +03:00
Added URL args validation.
This commit is contained in:
parent
16b25b04b0
commit
a7ea8fead5
@ -157,10 +157,12 @@ module.exports.unEscapeAllLinksFieldName = function (docs) { for (var i in docs)
|
|||||||
module.exports.validateString = function (str, minlen, maxlen) { return ((str != null) && (typeof str == 'string') && ((minlen == null) || (str.length >= minlen)) && ((maxlen == null) || (str.length <= maxlen))); };
|
module.exports.validateString = function (str, minlen, maxlen) { return ((str != null) && (typeof str == 'string') && ((minlen == null) || (str.length >= minlen)) && ((maxlen == null) || (str.length <= maxlen))); };
|
||||||
module.exports.validateInt = function (int, minval, maxval) { return ((int != null) && (typeof int == 'number') && ((minval == null) || (int >= minval)) && ((maxval == null) || (int <= maxval))); };
|
module.exports.validateInt = function (int, minval, maxval) { return ((int != null) && (typeof int == 'number') && ((minval == null) || (int >= minval)) && ((maxval == null) || (int <= maxval))); };
|
||||||
module.exports.validateArray = function (array, minlen, maxlen) { return ((array != null) && Array.isArray(array) && ((minlen == null) || (array.length >= minlen)) && ((maxlen == null) || (array.length <= maxlen))); };
|
module.exports.validateArray = function (array, minlen, maxlen) { return ((array != null) && Array.isArray(array) && ((minlen == null) || (array.length >= minlen)) && ((maxlen == null) || (array.length <= maxlen))); };
|
||||||
module.exports.validateStrArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ((typeof array[i] != 'string') && ((minlen == null) || (array[i].length >= minlen)) && ((maxlen == null) || (array[i].length <= maxlen))) return false; } return true; };
|
module.exports.validateStrArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ( (typeof array[i] != 'string') || ((minlen != null) && (array[i].length < minlen)) || ((maxlen != null) && (array[i].length > maxlen))) return false; } return true; };
|
||||||
module.exports.validateObject = function (obj) { return ((obj != null) && (typeof obj == 'object')); };
|
module.exports.validateObject = function (obj) { return ((obj != null) && (typeof obj == 'object')); };
|
||||||
module.exports.validateEmail = function (email, minlen, maxlen) { if (module.exports.validateString(email, minlen, maxlen) == false) return false; var emailReg = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return emailReg.test(email); };
|
module.exports.validateEmail = function (email, minlen, maxlen) { if (module.exports.validateString(email, minlen, maxlen) == false) return false; var emailReg = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return emailReg.test(email); };
|
||||||
module.exports.validateUsername = function (username, minlen, maxlen) { return (module.exports.validateString(username, minlen, maxlen) && (username.indexOf(' ') == -1) && (username.indexOf('"') == -1) && (username.indexOf(',') == -1)); };
|
module.exports.validateUsername = function (username, minlen, maxlen) { return (module.exports.validateString(username, minlen, maxlen) && (username.indexOf(' ') == -1) && (username.indexOf('"') == -1) && (username.indexOf(',') == -1)); };
|
||||||
|
module.exports.isAlphaNumeric = function (str) { return (str.match(/^[A-Za-z0-9]+$/) != null); };
|
||||||
|
module.exports.validateAlphaNumericArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ((typeof array[i] != 'string') || (module.exports.isAlphaNumeric(array[i]) == false) || ((minlen != null) && (array[i].length < minlen)) || ((maxlen != null) && (array[i].length > maxlen)) ) return false; } return true; };
|
||||||
|
|
||||||
// Check password requirements
|
// Check password requirements
|
||||||
module.exports.checkPasswordRequirements = function(password, requirements) {
|
module.exports.checkPasswordRequirements = function(password, requirements) {
|
||||||
|
@ -1044,6 +1044,7 @@ function CreateMeshCentralServer(config, args) {
|
|||||||
if (obj.config.domains[i].dns == null) { obj.config.domains[i].url = (i == '') ? '/' : ('/' + i + '/'); } else { obj.config.domains[i].url = '/'; }
|
if (obj.config.domains[i].dns == null) { obj.config.domains[i].url = (i == '') ? '/' : ('/' + i + '/'); } else { obj.config.domains[i].url = '/'; }
|
||||||
obj.config.domains[i].id = i;
|
obj.config.domains[i].id = i;
|
||||||
if (typeof obj.config.domains[i].loginkey == 'string') { obj.config.domains[i].loginkey = [obj.config.domains[i].loginkey]; }
|
if (typeof obj.config.domains[i].loginkey == 'string') { obj.config.domains[i].loginkey = [obj.config.domains[i].loginkey]; }
|
||||||
|
if ((obj.config.domains[i].loginkey != null) && (obj.common.validateAlphaNumericArray(obj.config.domains[i].loginkey, 1, 128) == false)) { console.log("ERROR: Invalid login key, must be alpha-numeric string with no spaces."); process.exit(); return; }
|
||||||
if (typeof obj.config.domains[i].userallowedip == 'string') { if (obj.config.domains[i].userallowedip == '') { obj.config.domains[i].userallowedip = null; } else { obj.config.domains[i].userallowedip = obj.config.domains[i].userallowedip.split(','); } }
|
if (typeof obj.config.domains[i].userallowedip == 'string') { if (obj.config.domains[i].userallowedip == '') { obj.config.domains[i].userallowedip = null; } else { obj.config.domains[i].userallowedip = obj.config.domains[i].userallowedip.split(','); } }
|
||||||
if (typeof obj.config.domains[i].userblockedip == 'string') { if (obj.config.domains[i].userblockedip == '') { obj.config.domains[i].userblockedip = null; } else { obj.config.domains[i].userblockedip = obj.config.domains[i].userblockedip.split(','); } }
|
if (typeof obj.config.domains[i].userblockedip == 'string') { if (obj.config.domains[i].userblockedip == '') { obj.config.domains[i].userblockedip = null; } else { obj.config.domains[i].userblockedip = obj.config.domains[i].userblockedip.split(','); } }
|
||||||
if (typeof obj.config.domains[i].agentallowedip == 'string') { if (obj.config.domains[i].agentallowedip == '') { obj.config.domains[i].agentallowedip = null; } else { obj.config.domains[i].agentallowedip = obj.config.domains[i].agentallowedip.split(','); } }
|
if (typeof obj.config.domains[i].agentallowedip == 'string') { if (obj.config.domains[i].agentallowedip == '') { obj.config.domains[i].agentallowedip = null; } else { obj.config.domains[i].agentallowedip = obj.config.domains[i].agentallowedip.split(','); } }
|
||||||
|
@ -108,3 +108,6 @@ function trademarks(x) { return x.replace(/\(R\)/g, '®').replace(/\(TM\)/g,
|
|||||||
|
|
||||||
// Pad a number with zeros on the left
|
// Pad a number with zeros on the left
|
||||||
function zeroPad(num, c) { if (c == null) { c = 2; } var s = "00000000" + num; return s.substr(s.length - c); }
|
function zeroPad(num, c) { if (c == null) { c = 2; } var s = "00000000" + num; return s.substr(s.length - c); }
|
||||||
|
|
||||||
|
// String validation
|
||||||
|
function isAlphaNumeric(str) { return (str.match(/^[A-Za-z0-9]+$/) != null); };
|
@ -735,7 +735,10 @@
|
|||||||
for (var i in webState) { localStorage.setItem(i, webState[i]); }
|
for (var i in webState) { localStorage.setItem(i, webState[i]); }
|
||||||
if (!webState.loctag) { delete localStorage.removeItem('loctag'); }
|
if (!webState.loctag) { delete localStorage.removeItem('loctag'); }
|
||||||
|
|
||||||
var args = parseUriArgs(), urlargs = args;
|
var urlargs = parseUriArgs();
|
||||||
|
if (urlargs.key && (isAlphaNumeric(urlargs.key) == false)) { delete urlargs.key; }
|
||||||
|
if (urlargs.locale && (isAlphaNumeric(urlargs.locale) == false)) { delete urlargs.locale; }
|
||||||
|
var args = urlargs;
|
||||||
var debugLevel = parseInt('{{{debuglevel}}}');
|
var debugLevel = parseInt('{{{debuglevel}}}');
|
||||||
var features = parseInt('{{{features}}}');
|
var features = parseInt('{{{features}}}');
|
||||||
var sessionTime = parseInt('{{{sessiontime}}}');
|
var sessionTime = parseInt('{{{sessiontime}}}');
|
||||||
|
@ -1273,8 +1273,10 @@
|
|||||||
if (top != self && (loc == null || top.active == false)) { top.location = self.location; return; }
|
if (top != self && (loc == null || top.active == false)) { top.location = self.location; return; }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fetch URL arguments
|
// Fetch URL arguments & do sanitation
|
||||||
urlargs = parseUriArgs();
|
urlargs = parseUriArgs();
|
||||||
|
if (urlargs.key && (isAlphaNumeric(urlargs.key) == false)) { delete urlargs.key; }
|
||||||
|
if (urlargs.locale && (isAlphaNumeric(urlargs.locale) == false)) { delete urlargs.locale; }
|
||||||
delete urlargs.viewmode;
|
delete urlargs.viewmode;
|
||||||
delete urlargs.gotonode;
|
delete urlargs.gotonode;
|
||||||
delete urlargs.gotomesh;
|
delete urlargs.gotomesh;
|
||||||
@ -1282,12 +1284,13 @@
|
|||||||
delete urlargs.gotougrp;
|
delete urlargs.gotougrp;
|
||||||
|
|
||||||
// Fix links if a loginKey is used
|
// Fix links if a loginKey is used
|
||||||
if (urlargs.key) {
|
if (urlargs.key) { Q('termsLinkFooter').href += '?key=' + urlargs.key; }
|
||||||
Q('termsLinkFooter').href += '?key=' + urlargs.key;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if we are in debug mode
|
// Check if we are in debug mode
|
||||||
args = parseUriArgs();
|
args = parseUriArgs();
|
||||||
|
if (args.key && (isAlphaNumeric(args.key) == false)) { delete args.key; }
|
||||||
|
if (args.locale && (isAlphaNumeric(args.locale) == false)) { delete args.locale; }
|
||||||
|
|
||||||
if (!args.locale) { var x = getstore('loctag', 0); if ((x != null) && (x != '*')) { args.locale = x; } }
|
if (!args.locale) { var x = getstore('loctag', 0); if ((x != null) && (x != '*')) { args.locale = x; } }
|
||||||
debugmode = args.debug;
|
debugmode = args.debug;
|
||||||
|
|
||||||
|
@ -42,9 +42,11 @@
|
|||||||
<input id="uploadFileInput" type="file" multiple style="display:none">
|
<input id="uploadFileInput" type="file" multiple style="display:none">
|
||||||
<script type="text/javascript" onunload="onUnLoad()">
|
<script type="text/javascript" onunload="onUnLoad()">
|
||||||
var userInputFocus = 0;
|
var userInputFocus = 0;
|
||||||
var args = parseUriArgs();
|
|
||||||
var socket = null; // Websocket object
|
var socket = null; // Websocket object
|
||||||
var state = 0; // Connection state. 0 = Disconnected, 1 = Connecting, 2 = Connected.
|
var state = 0; // Connection state. 0 = Disconnected, 1 = Connecting, 2 = Connected.
|
||||||
|
var args = parseUriArgs();
|
||||||
|
if (args.key && (isAlphaNumeric(args.key) == false)) { delete args.key; }
|
||||||
|
if (args.locale && (isAlphaNumeric(args.locale) == false)) { delete args.locale; }
|
||||||
|
|
||||||
// WebRTC sessions and data, audio and video channels
|
// WebRTC sessions and data, audio and video channels
|
||||||
var random = Math.random(); // Selected random, larger value initiates WebRTC.
|
var random = Math.random(); // Selected random, larger value initiates WebRTC.
|
||||||
|
Loading…
Reference in New Issue
Block a user