Editor security implemented, showing invalid routes to non existing *0x functions
This commit is contained in:
Deon George
@@ -10,6 +10,7 @@ var ACTION_NEXT =4; /* Goto next frame */
|
||||
var ACTION_TERMINATE =5; /* Terminate the session */
|
||||
var ACTION_SUBMITRF =6; /* Submit form contents */
|
||||
var ACTION_STAR =7; /* Star command entry */
|
||||
var ACTION_EDIT =8; /* Edit a frame */
|
||||
|
||||
var MODE_BL =1; /* Typing * command on baseline */
|
||||
var MODE_FIELD =2; /* Field Input */
|
||||
|
||||
103
load/funcs.js
103
load/funcs.js
@@ -94,6 +94,37 @@ function getArg(key,error,abort) {
|
||||
}
|
||||
}
|
||||
|
||||
function getPageOwners() {
|
||||
// Load the owner configuration into memory
|
||||
if (! pageowners.length) {
|
||||
var f = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
|
||||
|
||||
if (f.open("r")) {
|
||||
var logo = f.iniGetValue('prefix','logo');
|
||||
var users = f.iniGetValue('prefix','user');
|
||||
log(LOG_DEBUG,'+ pageOwner: users='+JSON.stringify(users));
|
||||
pageowners.push({prefix: 0,logo: logo,user:users});
|
||||
|
||||
f.iniGetSections('prefix:').forEach(function (prefix) {
|
||||
var p = parseInt(prefix.substr(7));
|
||||
var logo = f.iniGetValue(prefix,'logo','');
|
||||
var users = f.iniGetValue(prefix,'user','');
|
||||
log(LOG_DEBUG,'+ pageOwner: users='+JSON.stringify(users));
|
||||
pageowners.push({prefix: p,logo: logo,user: users});
|
||||
});
|
||||
}
|
||||
|
||||
f.close();
|
||||
|
||||
// Sort the pageowners ascending
|
||||
pageowners.sort(compare);
|
||||
|
||||
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
|
||||
}
|
||||
|
||||
return pageowners;
|
||||
}
|
||||
|
||||
function loadOptions() {
|
||||
ini = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
|
||||
|
||||
@@ -143,44 +174,16 @@ function pageStr(page) {
|
||||
* @returns {undefined}
|
||||
*/
|
||||
function pageOwner(page) {
|
||||
// Load the owner configuration into memory
|
||||
if (! pageowners.length) {
|
||||
var f = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
|
||||
|
||||
if (f.open("r")) {
|
||||
var logo = f.iniGetValue('prefix','logo');
|
||||
pageowners.push({prefix: 0,logo: logo});
|
||||
|
||||
f.iniGetSections('prefix:').forEach(function (prefix) {
|
||||
var p = parseInt(prefix.substr(7));
|
||||
var logo = f.iniGetValue(prefix,'logo','');
|
||||
pageowners.push({prefix: p,logo: logo});
|
||||
});
|
||||
}
|
||||
|
||||
f.close();
|
||||
|
||||
// Sort the pageowners ascending
|
||||
pageowners.sort(compare);
|
||||
|
||||
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
|
||||
}
|
||||
|
||||
var BreakException = {};
|
||||
var pageowner = o = null;
|
||||
var o = null;
|
||||
|
||||
try {
|
||||
pageowners.forEach(function(owner) {
|
||||
getPageOwners().forEach(function(owner) {
|
||||
var p = owner.prefix.toString();
|
||||
o = owner;
|
||||
|
||||
//log(LOG_DEBUG,'- pageOwner: p='+p+'('+p.length+') ,o: '+o);
|
||||
match = '';
|
||||
|
||||
var re = new RegExp('^' + p, 'g');
|
||||
if (page.toString().match(re) && (p.length > match.length)) {
|
||||
match = p;
|
||||
pageowner = o;
|
||||
if (page.toString().match(re)) {
|
||||
//log(LOG_DEBUG,'= pageOwner: p='+p+',o: '+o);
|
||||
throw BreakException;
|
||||
}
|
||||
@@ -190,9 +193,43 @@ function pageOwner(page) {
|
||||
if (e !== BreakException) throw e;
|
||||
}
|
||||
|
||||
//log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(pageowner ? pageowner : o));
|
||||
//log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(o));
|
||||
return o;
|
||||
}
|
||||
|
||||
return pageowner ? pageowner : o;
|
||||
/**
|
||||
* Can the user edit the frame
|
||||
*
|
||||
* @param page
|
||||
* @param user
|
||||
*/
|
||||
function pageEditor(page) {
|
||||
//log(LOG_DEBUG,'+ pageEditor: page='+page+', user #'+user.number);
|
||||
|
||||
var BreakException = {};
|
||||
var pageditor = false;
|
||||
|
||||
try {
|
||||
getPageOwners().forEach(function(owner) {
|
||||
var p = owner.prefix.toString();
|
||||
//log(LOG_DEBUG,' - pageEditor: '+JSON.stringify(owner));
|
||||
frameusers = owner.user ? owner.user.toString().split(',') : [1];
|
||||
|
||||
log(LOG_DEBUG,' - pageEditor: p='+p+'('+p.length+') user ['+JSON.stringify(frameusers)+'] - :'+frameusers.indexOf(user.number.toString()));
|
||||
|
||||
var re = new RegExp('^' + p, 'g');
|
||||
if (page.toString().match(re) && (frameusers.indexOf(user.number.toString()) == 1)) {
|
||||
pageditor = true;
|
||||
throw BreakException;
|
||||
}
|
||||
});
|
||||
|
||||
} catch (e) {
|
||||
if (e !== BreakException) throw e;
|
||||
}
|
||||
|
||||
//log(LOG_DEBUG,'+ pageEditor: page='+page+', editor: '+JSON.stringify(pageditor));
|
||||
return pageditor;
|
||||
}
|
||||
|
||||
function compare(a,b) {
|
||||
|
||||
Reference in New Issue
Block a user