fix privilege escalation vulnerability
This commit is contained in:
ccd0
parent
94a1c0b085
commit
57ed5e8055
@ -392,8 +392,7 @@ Settings =
|
|||||||
boardnav: ->
|
boardnav: ->
|
||||||
Header.generateBoardList @value
|
Header.generateBoardList @value
|
||||||
time: ->
|
time: ->
|
||||||
funk = Time.createFunc @value
|
@nextElementSibling.textContent = Time.format @value, new Date()
|
||||||
@nextElementSibling.textContent = funk Time, new Date()
|
|
||||||
backlink: ->
|
backlink: ->
|
||||||
@nextElementSibling.textContent = @value.replace /%id/, '123456789'
|
@nextElementSibling.textContent = @value.replace /%id/, '123456789'
|
||||||
fileInfo: ->
|
fileInfo: ->
|
||||||
@ -407,8 +406,7 @@ Settings =
|
|||||||
dimensions: '1280x720'
|
dimensions: '1280x720'
|
||||||
isImage: true
|
isImage: true
|
||||||
isSpoiler: true
|
isSpoiler: true
|
||||||
funk = FileInfo.createFunc @value
|
@nextElementSibling.innerHTML = FileInfo.format @value, data
|
||||||
@nextElementSibling.innerHTML = funk FileInfo, data
|
|
||||||
favicon: ->
|
favicon: ->
|
||||||
Favicon.switch()
|
Favicon.switch()
|
||||||
Unread.update() if g.VIEW is 'thread' and Conf['Unread Favicon']
|
Unread.update() if g.VIEW is 'thread' and Conf['Unread Favicon']
|
||||||
|
|||||||
@ -5,7 +5,7 @@ Sauce =
|
|||||||
links = []
|
links = []
|
||||||
for link in Conf['sauces'].split '\n'
|
for link in Conf['sauces'].split '\n'
|
||||||
try
|
try
|
||||||
links.push @createSauceLink link.trim() if link[0] isnt '#'
|
links.push link.trim() if link[0] isnt '#'
|
||||||
catch err
|
catch err
|
||||||
# Don't add random text plz.
|
# Don't add random text plz.
|
||||||
return unless links.length
|
return unless links.length
|
||||||
@ -14,29 +14,27 @@ Sauce =
|
|||||||
Post.callbacks.push
|
Post.callbacks.push
|
||||||
name: 'Sauce'
|
name: 'Sauce'
|
||||||
cb: @node
|
cb: @node
|
||||||
createSauceLink: (link) ->
|
createSauceLink: (link, post, a) ->
|
||||||
link = link.replace /%(T?URL|MD5|board|name)/g, (parameter) ->
|
link = link.replace /%(T?URL|MD5|board|name)/g, (parameter) ->
|
||||||
return (if type = {
|
if type = {
|
||||||
'%TURL': 'post.file.thumbURL'
|
'%TURL': post.file.thumbURL
|
||||||
'%URL': 'post.file.URL'
|
'%URL': post.file.URL
|
||||||
'%MD5': 'post.file.MD5'
|
'%MD5': post.file.MD5
|
||||||
'%board': 'post.board'
|
'%board': post.board
|
||||||
'%name': 'post.file.name'
|
'%name': post.file.name
|
||||||
}[parameter]
|
}[parameter]
|
||||||
"' + encodeURIComponent(#{type}) + '"
|
encodeURIComponent(type)
|
||||||
else
|
else
|
||||||
parameter)
|
parameter
|
||||||
text = if m = link.match(/;text:(.+)$/) then m[1] else link.match(/(\w+)\.\w+\//)[1]
|
text = if m = link.match(/;text:(.+)$/) then m[1] else link.match(/(\w+)\.\w+\//)[1]
|
||||||
link = link.replace /;text:.+$/, ''
|
link = link.replace /;text:.+$/, ''
|
||||||
Function 'post', 'a', """
|
a.href = link
|
||||||
a.href = '#{link}';
|
a.textContent = text
|
||||||
a.textContent = '#{text}';
|
a
|
||||||
return a;
|
|
||||||
"""
|
|
||||||
node: ->
|
node: ->
|
||||||
return if @isClone or !@file
|
return if @isClone or !@file
|
||||||
nodes = []
|
nodes = []
|
||||||
for link in Sauce.links
|
for link in Sauce.links
|
||||||
# \u00A0 is nbsp
|
# \u00A0 is nbsp
|
||||||
nodes.push $.tn('\u00A0'), link @, Sauce.link.cloneNode true
|
nodes.push $.tn('\u00A0'), (Sauce.createSauceLink link, @, Sauce.link.cloneNode true)
|
||||||
$.add @file.text, nodes
|
$.add @file.text, nodes
|
||||||
|
|||||||
@ -2,20 +2,18 @@ FileInfo =
|
|||||||
init: ->
|
init: ->
|
||||||
return if g.VIEW is 'catalog' or !Conf['File Info Formatting']
|
return if g.VIEW is 'catalog' or !Conf['File Info Formatting']
|
||||||
|
|
||||||
@funk = @createFunc Conf['fileInfo']
|
|
||||||
Post.callbacks.push
|
Post.callbacks.push
|
||||||
name: 'File Info Formatting'
|
name: 'File Info Formatting'
|
||||||
cb: @node
|
cb: @node
|
||||||
node: ->
|
node: ->
|
||||||
return if !@file or @isClone
|
return if !@file or @isClone
|
||||||
@file.text.innerHTML = "<span class=file-info>#{FileInfo.funk FileInfo, @}</span>"
|
@file.text.innerHTML = "<span class=file-info>#{FileInfo.format Conf['fileInfo'], @}</span>"
|
||||||
createFunc: (format) ->
|
format: (formatString, post) ->
|
||||||
code = format.replace /%(.)/g, (s, c) ->
|
formatString.replace /%([A-Za-z])/g, (s, c) ->
|
||||||
if c of FileInfo.formatters
|
if c of FileInfo.formatters
|
||||||
"' + FileInfo.formatters.#{c}.call(post) + '"
|
FileInfo.formatters[c].call(post)
|
||||||
else
|
else
|
||||||
s
|
s
|
||||||
Function 'FileInfo', 'post', "return '#{code}'"
|
|
||||||
convertUnit: (size, unit) ->
|
convertUnit: (size, unit) ->
|
||||||
if unit is 'B'
|
if unit is 'B'
|
||||||
return "#{size.toFixed()} Bytes"
|
return "#{size.toFixed()} Bytes"
|
||||||
|
|||||||
@ -2,20 +2,18 @@ Time =
|
|||||||
init: ->
|
init: ->
|
||||||
return if g.VIEW is 'catalog' or !Conf['Time Formatting']
|
return if g.VIEW is 'catalog' or !Conf['Time Formatting']
|
||||||
|
|
||||||
@funk = @createFunc Conf['time']
|
|
||||||
Post.callbacks.push
|
Post.callbacks.push
|
||||||
name: 'Time Formatting'
|
name: 'Time Formatting'
|
||||||
cb: @node
|
cb: @node
|
||||||
node: ->
|
node: ->
|
||||||
return if @isClone
|
return if @isClone
|
||||||
@nodes.date.textContent = Time.funk Time, @info.date
|
@nodes.date.textContent = Time.format Conf['time'], @info.date
|
||||||
createFunc: (format) ->
|
format: (formatString, date) ->
|
||||||
code = format.replace /%([A-Za-z])/g, (s, c) ->
|
formatString.replace /%([A-Za-z])/g, (s, c) ->
|
||||||
if c of Time.formatters
|
if c of Time.formatters
|
||||||
"' + Time.formatters.#{c}.call(date) + '"
|
Time.formatters[c].call(date)
|
||||||
else
|
else
|
||||||
s
|
s
|
||||||
Function 'Time', 'date', "return '#{code}'"
|
|
||||||
day: [
|
day: [
|
||||||
'Sunday'
|
'Sunday'
|
||||||
'Monday'
|
'Monday'
|
||||||
|
|||||||
@ -14,8 +14,6 @@ QuoteBacklink =
|
|||||||
init: ->
|
init: ->
|
||||||
return if g.VIEW is 'catalog' or !Conf['Quote Backlinks']
|
return if g.VIEW is 'catalog' or !Conf['Quote Backlinks']
|
||||||
|
|
||||||
format = Conf['backlink'].replace /%id/g, "' + id + '"
|
|
||||||
@funk = Function 'id', "return '#{format}'"
|
|
||||||
Post.callbacks.push
|
Post.callbacks.push
|
||||||
name: 'Quote Backlinking Part 1'
|
name: 'Quote Backlinking Part 1'
|
||||||
cb: @firstNode
|
cb: @firstNode
|
||||||
@ -28,7 +26,7 @@ QuoteBacklink =
|
|||||||
a = $.el 'a',
|
a = $.el 'a',
|
||||||
href: "/#{@board}/thread/#{@thread}#p#{@}"
|
href: "/#{@board}/thread/#{@thread}#p#{@}"
|
||||||
className: if @isHidden then 'filtered backlink' else 'backlink'
|
className: if @isHidden then 'filtered backlink' else 'backlink'
|
||||||
textContent: (QuoteBacklink.funk @ID) + (if markYours then '\u00A0(You)' else '')
|
textContent: (Conf['backlink'].replace /%id/, @ID) + (if markYours then '\u00A0(You)' else '')
|
||||||
for quote in @quotes
|
for quote in @quotes
|
||||||
containers = [QuoteBacklink.getContainer quote]
|
containers = [QuoteBacklink.getContainer quote]
|
||||||
if (post = g.posts[quote]) and post.nodes.backlinkContainer
|
if (post = g.posts[quote]) and post.nodes.backlinkContainer
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user