mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

fixes #778 - Security issue

Browse source
This commit is contained in:
Luke Pulverenti 2014-04-24 13:30:59 -04:00
parent e1e6972a1b
commit d96a3f1074
13 changed files with 38 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dashboard-ui/autoorganizelog.html
View file

@ -4,7 +4,7 @@
<title>${TitleAutoOrganize}</title> <title>${TitleAutoOrganize}</title>
</head> </head>
<body> <body>
<div id="libraryFileOrganizerLogPage" data-role="page" class="page type-interior adminPage organizePage"> <div id="libraryFileOrganizerLogPage" data-role="page" class="page type-interior organizePage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dashboard.html
View file

@ -4,7 +4,7 @@
<title>${TitleDashboard}</title> <title>${TitleDashboard}</title>
</head> </head>
<body> <body>
<div id="dashboardPage" data-role="page" class="page type-interior adminPage dashboardHomePage"> <div id="dashboardPage" data-role="page" class="page type-interior dashboardHomePage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dashboardgeneral.html
View file

@ -4,7 +4,7 @@
<title>${TitleDashboard}</title> <title>${TitleDashboard}</title>
</head> </head>
<body> <body>
<div id="dashboardGeneralPage" data-role="page" class="page type-interior adminPage dashboardHomePage"> <div id="dashboardGeneralPage" data-role="page" class="page type-interior dashboardHomePage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dashboardinfopage.html
View file

@ -4,7 +4,7 @@
<title>${TitleDashboard}</title> <title>${TitleDashboard}</title>
</head> </head>
<body> <body>
<div id="dashboardInfoPage" data-role="page" class="page type-interior adminPage dashboardHomePage"> <div id="dashboardInfoPage" data-role="page" class="page type-interior dashboardHomePage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dlnaprofile.html
View file

@ -4,7 +4,7 @@
<title>${TitleDlna}</title> <title>${TitleDlna}</title>
</head> </head>
<body> <body>
<div id="dlnaProfilePage" data-role="page" class="page type-interior adminPage dlnaPage"> <div id="dlnaProfilePage" data-role="page" class="page type-interior dlnaPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dlnaprofiles.html
View file

@ -4,7 +4,7 @@
<title>${TitleDlna}</title> <title>${TitleDlna}</title>
</head> </head>
<body> <body>
<div id="dlnaProfilesPage" data-role="page" class="page type-interior adminPage dlnaPage"> <div id="dlnaProfilesPage" data-role="page" class="page type-interior dlnaPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dlnaserversettings.html
View file

@ -4,7 +4,7 @@
<title>${TitleDlna}</title> <title>${TitleDlna}</title>
</head> </head>
<body> <body>
<div id="dlnaServerSettingsPage" data-role="page" class="page type-interior adminPage dlnaPage"> <div id="dlnaServerSettingsPage" data-role="page" class="page type-interior dlnaPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/dlnasettings.html
View file

@ -4,7 +4,7 @@
<title>${TitleDlna}</title> <title>${TitleDlna}</title>
</head> </head>
<body> <body>
<div id="dlnaSettingsPage" data-role="page" class="page type-interior adminPage dlnaPage"> <div id="dlnaSettingsPage" data-role="page" class="page type-interior dlnaPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

42
dashboard-ui/scripts/site.js
View file

@ -636,7 +636,7 @@ var Dashboard = {
$(Dashboard).trigger('interiorheaderrendered', [header, user]); $(Dashboard).trigger('interiorheaderrendered', [header, user]);
}, },
ensureToolsMenu: function (page) { ensureToolsMenu: function (page, user) {
if (!page.hasClass('type-interior')) { if (!page.hasClass('type-interior')) {
return; return;
@ -650,7 +650,9 @@ var Dashboard = {
html += '<p class="libraryPanelHeader" style="margin: 30px 0 20px 25px;"><a href="index.html" class="imageLink"><img src="css/images/mblogoicon.png" style="height:28px;" /><span>MEDIA</span><span class="mediaBrowserAccent">BROWSER</span></a></p>'; html += '<p class="libraryPanelHeader" style="margin: 30px 0 20px 25px;"><a href="index.html" class="imageLink"><img src="css/images/mblogoicon.png" style="height:28px;" /><span>MEDIA</span><span class="mediaBrowserAccent">BROWSER</span></a></p>';
if (user.Configuration.IsAdministrator) {
html += '<div style="position:absolute;top:20px;right:20px;"><a data-role="button" data-theme="b" data-icon="edit" data-iconpos="notext" href="edititemmetadata.html" title="Metadata Manager">Metadata Manager</a></div>'; html += '<div style="position:absolute;top:20px;right:20px;"><a data-role="button" data-theme="b" data-icon="edit" data-iconpos="notext" href="edititemmetadata.html" title="Metadata Manager">Metadata Manager</a></div>';
}
html += '<div class="sidebarLinks">'; html += '<div class="sidebarLinks">';
@ -662,6 +664,10 @@ var Dashboard = {
link = links[i]; link = links[i];
if (!user.Configuration.IsAdministrator) {
break;
}
if (link.divider) { if (link.divider) {
html += "<div class='sidebarDivider'></div>"; html += "<div class='sidebarDivider'></div>";
} }
@ -691,6 +697,10 @@ var Dashboard = {
link = links[i]; link = links[i];
if (!user.Configuration.IsAdministrator) {
break;
}
if (link.divider) { if (link.divider) {
html += "<div class='dashboardPanelDivider'></div>"; html += "<div class='dashboardPanelDivider'></div>";
} }
@ -1393,8 +1403,21 @@ $(document).on('pagebeforeshow', ".page", function () {
var userId = Dashboard.getCurrentUserId(); var userId = Dashboard.getCurrentUserId();
ApiClient.currentUserId(userId); ApiClient.currentUserId(userId);
if (!userId) { if (userId) {
Dashboard.getCurrentUser().done(function (user) {
if (!user.Configuration.IsAdministrator && page.hasClass('type-interior') && !page.hasClass('publicUserPage')) {
window.location.replace("index.html");
}
Dashboard.ensureToolsMenu(page, user);
Dashboard.ensureHeader(page, user);
Dashboard.ensurePageTitle(page);
});
}
else {
if (this.id !== "loginPage" && !page.hasClass('wizardPage')) { if (this.id !== "loginPage" && !page.hasClass('wizardPage')) {
Dashboard.logout(); Dashboard.logout();
@ -1405,21 +1428,6 @@ $(document).on('pagebeforeshow', ".page", function () {
Dashboard.ensurePageTitle(page); Dashboard.ensurePageTitle(page);
} }
else {
Dashboard.getCurrentUser().done(function (user) {
if (user.Configuration.IsAdministrator) {
Dashboard.ensureToolsMenu(page);
} else if (page.hasClass('adminPage')) {
window.location.replace("index.html");
}
Dashboard.ensureHeader(page, user);
Dashboard.ensurePageTitle(page);
});
}
if (!ApiClient.isWebSocketOpen()) { if (!ApiClient.isWebSocketOpen()) {
Dashboard.refreshSystemInfoFromServer(); Dashboard.refreshSystemInfoFromServer();
} }

2
dashboard-ui/useredit.html
View file

@ -4,7 +4,7 @@
<title></title> <title></title>
</head> </head>
<body> <body>
<div id="editUserPage" data-role="page" class="page type-interior userProfilesConfigurationPage"> <div id="editUserPage" data-role="page" class="page type-interior userProfilesConfigurationPage publicUserPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/userimage.html
View file

@ -4,7 +4,7 @@
<title></title> <title></title>
</head> </head>
<body> <body>
<div id="userImagePage" data-role="page" class="page type-interior userProfilesConfigurationPage"> <div id="userImagePage" data-role="page" class="page type-interior userProfilesConfigurationPage publicUserPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/userpassword.html
View file

@ -4,7 +4,7 @@
<title></title> <title></title>
</head> </head>
<body> <body>
<div id="updatePasswordPage" data-role="page" class="page type-interior userProfilesConfigurationPage"> <div id="updatePasswordPage" data-role="page" class="page type-interior userProfilesConfigurationPage publicUserPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">

2
dashboard-ui/usersettings.html
View file

@ -4,7 +4,7 @@
<title></title> <title></title>
</head> </head>
<body> <body>
<div id="userSettingsPage" data-role="page" class="page type-interior userProfilesConfigurationPage"> <div id="userSettingsPage" data-role="page" class="page type-interior userProfilesConfigurationPage publicUserPage">
<div data-role="content"> <div data-role="content">
<div class="content-primary"> <div class="content-primary">