Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make server directories non-configurable

Browse Source
This commit is contained in:
Andrew 2022-12-17 12:21:15 -05:00
parent 37071a2d05
commit a1e8b7afe7
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/classes/web/panel_handler.py
View File

@ -808,9 +808,15 @@ class PanelHandler(BaseHandler):
user_roles_list = self.controller.users.get_user_roles_names( user_roles_list = self.controller.users.get_user_roles_names(
user.user_id user.user_id
) )
user_servers = self.controller.servers.get_authorized_servers( try:
user.user_id user_servers = self.controller.servers.get_authorized_servers(
) user.user_id
)
except:
return self.redirect(
"/panel/error?error=Cannot load panel config"
" while servers are unloaded"
)
servers = [] servers = []
for server in user_servers: for server in user_servers:
if server.name not in servers: if server.name not in servers:
@ -1606,7 +1612,6 @@ class PanelHandler(BaseHandler):
if Helpers.validate_traversal( if Helpers.validate_traversal(
self.helper.get_servers_root_dir(), server_path self.helper.get_servers_root_dir(), server_path
): ):
server_obj.path = server_path
server_obj.log_path = log_path server_obj.log_path = log_path
if Helpers.validate_traversal( if Helpers.validate_traversal(
self.helper.get_servers_root_dir(), executable self.helper.get_servers_root_dir(), executable
@ -1618,7 +1623,6 @@ class PanelHandler(BaseHandler):
server_obj.executable_update_url = executable_update_url server_obj.executable_update_url = executable_update_url
server_obj.show_status = show_status server_obj.show_status = show_status
else: else:
server_obj.path = server_obj.path
server_obj.log_path = server_obj.log_path server_obj.log_path = server_obj.log_path
server_obj.executable = server_obj.executable server_obj.executable = server_obj.executable
server_obj.execution_command = execution_command server_obj.execution_command = execution_command

3
app/classes/web/routes/api/servers/server/index.py
View File

@ -90,7 +90,8 @@ class ApiServersServerIndexHandler(BaseApiHandler):
server_obj = self.controller.servers.get_server_obj(server_id) server_obj = self.controller.servers.get_server_obj(server_id)
for key in data: for key in data:
# If we don't validate the input there could be security issues # If we don't validate the input there could be security issues
setattr(server_obj, key, data[key]) if key != "path":
setattr(server_obj, key, data[key])
self.controller.servers.update_server(server_obj) self.controller.servers.update_server(server_obj)
self.controller.management.add_to_audit_log( self.controller.management.add_to_audit_log(

7
app/frontend/templates/panel/server_config.html
View File

@ -62,9 +62,10 @@
<label for="server_path">{{ translate('serverConfig', 'serverPath', data['lang']) }} <small <label for="server_path">{{ translate('serverConfig', 'serverPath', data['lang']) }} <small
class="text-muted ml-1"> - {{ translate('serverConfig', 'serverPathDesc', data['lang']) }}</small> class="text-muted ml-1"> - {{ translate('serverConfig', 'serverPathDesc', data['lang']) }}</small>
</label> </label>
<input type="text" class="form-control" name="server_path" id="server_path" <div class="card-header header-sm d-flex justify-content-between align-items-center">
value="{{ data['server_stats']['server_id']['path'] }}" <span style="color: gray; font-size: 12px;">{{ data['server_stats']['server_id']['path'] }}</span>
placeholder="{{ translate('serverConfig', 'serverPath', data['lang']) }}" required> 🔒
</div>
</div> </div>
{% if data['server_stats']['server_type'] != "minecraft-bedrock" %} {% if data['server_stats']['server_type'] != "minecraft-bedrock" %}