h/fish-shell
1
Fork 0
mirror of https://github.com/fish-shell/fish-shell.git synced 2026-05-02 02:41:15 -03:00
Code Issues Packages Projects Releases Wiki Activity

Authenticate connections to web_config service

Browse Source 
- Require all requests to use a session path.
 - Use a redirect file to avoid exposing the '/start' URL on the
   command line, as it contains the cookie value.

Fix for CVE-2014-2914.
Closes #1438.
This commit is contained in:
David Adam
2014-08-04 13:34:26 +08:00
parent 8844f0c142
commit 4ae2753025
2 changed files with 74 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
share/tools/web_config/js/controllers.js
View File

@@ -83,7 +83,7 @@ controllers.controller("colorsController", function($scope, $http) {
$scope.getCurrentTheme = function() {
$http.get("/colors/").success(function(data, status, headers, config) {
$http.get("colors/").success(function(data, status, headers, config) {
var currentScheme = { "name": "Current", "colors":[], "preferred_background": "" };
for (var i in data) {
currentScheme[data[i].name] = data[i].color;
@@ -103,7 +103,7 @@ controllers.controller("colorsController", function($scope, $http) {
var remaining = settingNames.length;
for (name in settingNames) {
var postData = "what=" + settingNames[name] + "&color=" + $scope.selectedColorScheme[settingNames[name]] + "&background_color=&bold=&underline=";
$http.post("/set_color/", postData, { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config) {
$http.post("set_color/", postData, { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config) {
if (status == 200) {
remaining -= 1;
if (remaining == 0) {
@@ -124,7 +124,7 @@ controllers.controller("promptController", function($scope, $http) {
$scope.savePromptButtonTitle = "Set Prompt";
$scope.fetchSamplePrompts= function() {
$http.get("/sample_prompts/").success(function(data, status, headers, config) {
$http.get("sample_prompts/").success(function(data, status, headers, config) {
$scope.samplePrompts = data;
$scope.samplePromptsArrayArray = get_colors_as_nested_array($scope.samplePrompts, 1);
@@ -140,7 +140,7 @@ controllers.controller("promptController", function($scope, $http) {
}
$scope.setNewPrompt = function(selectedPrompt) {
$http.post("/set_prompt/","what=" + encodeURIComponent(selectedPrompt.function), { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config){
$http.post("set_prompt/","what=" + encodeURIComponent(selectedPrompt.function), { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config){
// Update attributes of current prompt and select it
$scope.samplePrompts[0].demo = selectedPrompt.demo;
@@ -171,7 +171,7 @@ controllers.controller("functionsController", function($scope, $http) {
}
$scope.fetchFunctions= function() {
$http.get("/functions/").success(function(data, status, headers, config) {
$http.get("functions/").success(function(data, status, headers, config) {
$scope.functions = data;
$scope.selectFunction($scope.functions[0]);
})};
@@ -195,7 +195,7 @@ controllers.controller("functionsController", function($scope, $http) {
}
$scope.fetchFunctionDefinition = function(name) {
$http.post("/get_function/","what=" + name, { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config) {
$http.post("get_function/","what=" + name, { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config) {
$scope.functionDefinition = $scope.cleanupFishFunction(data[0]);
})};
@@ -206,7 +206,7 @@ controllers.controller("variablesController", function($scope, $http) {
$scope.query = null;
$scope.fetchVariables= function() {
$http.get("/variables/").success(function(data, status, headers, config) {
$http.get("variables/").success(function(data, status, headers, config) {
$scope.variables = data;
})};
@@ -247,7 +247,7 @@ controllers.controller("historyController", function($scope, $http, $timeout) {
}
// Get history from server
$scope.fetchHistory = function() {
$http.get("/history/").success(function(data, status, headers, config) {
$http.get("history/").success(function(data, status, headers, config) {
$scope.historySize = data.length;
$scope.remainingItems = data;
@@ -257,7 +257,7 @@ controllers.controller("historyController", function($scope, $http, $timeout) {
$scope.deleteHistoryItem = function(item) {
index = $scope.historyItems.indexOf(item);
$http.post("/delete_history_item/","what=" + encodeURIComponent(item), { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config) {
$http.post("delete_history_item/","what=" + encodeURIComponent(item), { headers: {'Content-Type': 'application/x-www-form-urlencoded'} }).success(function(data, status, headers, config) {
$scope.historyItems.splice(index, 1);
})};
@@ -278,7 +278,7 @@ controllers.controller("historyController", function($scope, $http, $timeout) {
controllers.controller("bindingsController", function($scope, $http) {
$scope.bindings = [];
$scope.fetchBindings = function() {
$http.get("/bindings/").success(function(data, status, headers, config) {
$http.get("bindings/").success(function(data, status, headers, config) {
$scope.bindings = data;
})};