diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4af8ce1f..e2697d8b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,18 +1,22 @@
# Changelog
## --- [4.2.0] - 2023/TBD
### New features
-- Finish and Activate Arcadia notification backend ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/621))
+- Finish and Activate Arcadia notification backend ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/621) | [Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/626))
### Bug fixes
- PWA: Removed the custom offline page in favour of browser default ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/607))
- Fix hidden servers appearing visible on public mobile status page ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/612))
- Correctly handle if a server returns a string instead of json data on socket ping ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/614))
- Bump tornado to resolve #269 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/623))
- Bump crypto to resolve #267 & #268 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/622))
+- Fix select installs failing to start, returning missing python package `packaging` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/629))
### Refactor
- Consolidate remaining frontend functions into API V2, and remove ajax internal API ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/585))
+- Replace bleach with nh3 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/628))
### Tweaks
- Polish/Enhance display for InApp Documentation ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/613))
- Add get_users command to Crafty's console ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/620))
+- Make files hover cursor pointer ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/627))
+- Use `Jar` class naming for jar refresh to make room for steamCMD naming in the future ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/630))
### Lang
TBD
diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py
index 33fe9936..b7a889b1 100644
--- a/app/classes/web/base_handler.py
+++ b/app/classes/web/base_handler.py
@@ -2,7 +2,7 @@ import logging
import re
import typing as t
import orjson
-import bleach
+import nh3
import tornado.web
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
@@ -101,7 +101,7 @@ class BaseHandler(tornado.web.RequestHandler):
if type(text) in self.nobleach:
logger.debug("Auto-bleaching - bypass type")
return text
- return bleach.clean(text)
+ return nh3.clean(text)
def get_argument(
self,
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 760e0298..05250a6d 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -7,7 +7,7 @@ import json
import logging
import threading
import urllib.parse
-import bleach
+import nh3
import requests
import tornado.web
import tornado.escape
@@ -67,9 +67,7 @@ class PanelHandler(BaseHandler):
) in self.controller.crafty_perms.list_defined_crafty_permissions():
argument = int(
float(
- bleach.clean(
- self.get_argument(f"permission_{permission.name}", "0")
- )
+ nh3.clean(self.get_argument(f"permission_{permission.name}", "0"))
)
)
if argument:
@@ -78,9 +76,7 @@ class PanelHandler(BaseHandler):
)
q_argument = int(
- float(
- bleach.clean(self.get_argument(f"quantity_{permission.name}", "0"))
- )
+ float(nh3.clean(self.get_argument(f"quantity_{permission.name}", "0")))
)
if q_argument:
server_quantity[permission.name] = q_argument
@@ -479,7 +475,7 @@ class PanelHandler(BaseHandler):
template = "panel/dashboard.html"
elif page == "server_detail":
- subpage = bleach.clean(self.get_argument("subpage", ""))
+ subpage = nh3.clean(self.get_argument("subpage", ""))
server_id = self.check_server_id()
if server_id is None:
@@ -1284,7 +1280,7 @@ class PanelHandler(BaseHandler):
template = "panel/panel_edit_user_apikeys.html"
elif page == "remove_user":
- user_id = bleach.clean(self.get_argument("id", None))
+ user_id = nh3.clean(self.get_argument("id", None))
if (
not superuser
diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py
index 76c6a8be..b7d1be9b 100644
--- a/app/classes/web/public_handler.py
+++ b/app/classes/web/public_handler.py
@@ -1,5 +1,5 @@
import logging
-import bleach
+import nh3
from app.classes.shared.helpers import Helpers
from app.classes.models.users import HelperUsers
@@ -28,8 +28,8 @@ class PublicHandler(BaseHandler):
# self.clear_cookie("user_data")
def get(self, page=None):
- error = bleach.clean(self.get_argument("error", "Invalid Login!"))
- error_msg = bleach.clean(self.get_argument("error_msg", ""))
+ error = nh3.clean(self.get_argument("error", "Invalid Login!"))
+ error_msg = nh3.clean(self.get_argument("error_msg", ""))
page_data = {
"version": self.helper.get_version_string(),
@@ -82,8 +82,8 @@ class PublicHandler(BaseHandler):
)
def post(self, page=None):
- error = bleach.clean(self.get_argument("error", "Invalid Login!"))
- error_msg = bleach.clean(self.get_argument("error_msg", ""))
+ error = nh3.clean(self.get_argument("error", "Invalid Login!"))
+ error_msg = nh3.clean(self.get_argument("error_msg", ""))
page_data = {
"version": self.helper.get_version_string(),
@@ -100,8 +100,8 @@ class PublicHandler(BaseHandler):
if self.request.query:
next_page = "/login?" + self.request.query
- entered_username = bleach.clean(self.get_argument("username"))
- entered_password = bleach.clean(self.get_argument("password"))
+ entered_username = nh3.clean(self.get_argument("username"))
+ entered_password = nh3.clean(self.get_argument("password"))
# pylint: disable=no-member
try:
diff --git a/app/classes/web/routes/api/api_handlers.py b/app/classes/web/routes/api/api_handlers.py
index c917c195..e12e2f7f 100644
--- a/app/classes/web/routes/api/api_handlers.py
+++ b/app/classes/web/routes/api/api_handlers.py
@@ -72,7 +72,7 @@ from app.classes.web.routes.api.crafty.config.server_dir import (
from app.classes.web.routes.api.crafty.stats.stats import ApiCraftyHostStatsHandler
from app.classes.web.routes.api.crafty.clogs.index import ApiCraftyLogIndexHandler
from app.classes.web.routes.api.crafty.imports.index import ApiImportFilesIndexHandler
-from app.classes.web.routes.api.crafty.exe_cache import ApiCraftyExeCacheIndexHandler
+from app.classes.web.routes.api.crafty.exe_cache import ApiCraftyJarCacheIndexHandler
def api_handlers(handler_args):
@@ -123,6 +123,11 @@ def api_handlers(handler_args):
ApiCraftyExeCacheIndexHandler,
handler_args,
),
+ (
+ r"/api/v2/crafty/JarCache/?",
+ ApiCraftyJarCacheIndexHandler,
+ handler_args,
+ ),
(
r"/api/v2/import/file/unzip/?",
ApiImportFilesIndexHandler,
diff --git a/app/classes/web/routes/api/crafty/exe_cache.py b/app/classes/web/routes/api/crafty/exe_cache.py
index a779195d..8836aef8 100644
--- a/app/classes/web/routes/api/crafty/exe_cache.py
+++ b/app/classes/web/routes/api/crafty/exe_cache.py
@@ -1,7 +1,7 @@
from app.classes.web.base_api_handler import BaseApiHandler
-class ApiCraftyExeCacheIndexHandler(BaseApiHandler):
+class ApiCraftyJarCacheIndexHandler(BaseApiHandler):
def get(self):
auth_data = self.authenticate_user()
if not auth_data:
diff --git a/app/frontend/templates/notify.html b/app/frontend/templates/notify.html
index 98d366e7..77b72780 100644
--- a/app/frontend/templates/notify.html
+++ b/app/frontend/templates/notify.html
@@ -65,6 +65,7 @@
-
diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index 663fbafc..d7a49bee 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -1153,7 +1153,7 @@
async function refreshCache() {
document.getElementById("refresh-cache").classList.add("fa-spin")
let token = getCookie("_xsrf")
- let res = await fetch(`/api/v2/crafty/exeCache`, {
+ let res = await fetch(`/api/v2/crafty/JarCache`, {
method: 'GET',
headers: {
'X-XSRFToken': token
diff --git a/requirements.txt b/requirements.txt
index 37b60564..1967c40e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,13 @@
apscheduler==3.8.1
argon2-cffi==21.3
-bleach==4.1
cached_property==1.5.2
colorama==0.4
croniter==1.3.5
cryptography==41.0.3
libgravatar==1.0.0
+nh3==0.2.14
+packaging==23.1
peewee==3.13
pexpect==4.8
psutil==5.9.5