mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Replace bleach with nh3.
This commit is contained in:
Wout Bouckaert
parent
6421d4f2d5
commit
ad9042e88f
@ -5,7 +5,7 @@ import re
|
|||||||
import logging
|
import logging
|
||||||
import time
|
import time
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
import bleach
|
import nh3
|
||||||
import tornado.web
|
import tornado.web
|
||||||
import tornado.escape
|
import tornado.escape
|
||||||
|
|
||||||
@ -29,7 +29,7 @@ class AjaxHandler(BaseHandler):
|
|||||||
@tornado.web.authenticated
|
@tornado.web.authenticated
|
||||||
def get(self, page):
|
def get(self, page):
|
||||||
_, _, exec_user = self.current_user
|
_, _, exec_user = self.current_user
|
||||||
error = bleach.clean(self.get_argument("error", "WTF Error!"))
|
error = nh3.clean(self.get_argument("error", "WTF Error!"))
|
||||||
|
|
||||||
template = "panel/denied.html"
|
template = "panel/denied.html"
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ class AjaxHandler(BaseHandler):
|
|||||||
self.redirect("/panel/error?error=Server ID Not Found")
|
self.redirect("/panel/error?error=Server ID Not Found")
|
||||||
return
|
return
|
||||||
|
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
server_data = self.controller.servers.get_server_data_by_id(server_id)
|
server_data = self.controller.servers.get_server_data_by_id(server_id)
|
||||||
if not server_data:
|
if not server_data:
|
||||||
@ -246,7 +246,7 @@ class AjaxHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "get_tree"):
|
if not self.check_server_id(server_id, "get_tree"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if Helpers.validate_traversal(
|
if Helpers.validate_traversal(
|
||||||
self.controller.servers.get_server_data_by_id(server_id)["path"], path
|
self.controller.servers.get_server_data_by_id(server_id)["path"], path
|
||||||
@ -327,7 +327,7 @@ class AjaxHandler(BaseHandler):
|
|||||||
|
|
||||||
elif page == "send_order":
|
elif page == "send_order":
|
||||||
self.controller.users.update_server_order(
|
self.controller.users.update_server_order(
|
||||||
exec_user["user_id"], bleach.clean(self.get_argument("order"))
|
exec_user["user_id"], nh3.clean(self.get_argument("order"))
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
|
|
||||||
@ -392,8 +392,8 @@ class AjaxHandler(BaseHandler):
|
|||||||
if not superuser:
|
if not superuser:
|
||||||
self.redirect("/panel/error?error=Unauthorized access to Backups")
|
self.redirect("/panel/error?error=Unauthorized access to Backups")
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(self.get_argument("id", None))
|
server_id = nh3.clean(self.get_argument("id", None))
|
||||||
zip_name = bleach.clean(self.get_argument("zip_file", None))
|
zip_name = nh3.clean(self.get_argument("zip_file", None))
|
||||||
svr_obj = self.controller.servers.get_server_obj(server_id)
|
svr_obj = self.controller.servers.get_server_obj(server_id)
|
||||||
server_data = self.controller.servers.get_server_data_by_id(server_id)
|
server_data = self.controller.servers.get_server_data_by_id(server_id)
|
||||||
|
|
||||||
@ -652,7 +652,7 @@ class AjaxHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "del_backup"):
|
if not self.check_server_id(server_id, "del_backup"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||||
if not (
|
if not (
|
||||||
@ -684,7 +684,7 @@ class AjaxHandler(BaseHandler):
|
|||||||
f"Server ID not defined in {page_name} ajax call ({server_id})"
|
f"Server ID not defined in {page_name} ajax call ({server_id})"
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
# does this server id exist?
|
# does this server id exist?
|
||||||
if not self.controller.servers.server_id_exists(server_id):
|
if not self.controller.servers.server_id_exists(server_id):
|
||||||
|
|||||||
@ -2,7 +2,7 @@ import logging
|
|||||||
import re
|
import re
|
||||||
import typing as t
|
import typing as t
|
||||||
import orjson
|
import orjson
|
||||||
import bleach
|
import nh3
|
||||||
import tornado.web
|
import tornado.web
|
||||||
|
|
||||||
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
|
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
|
||||||
@ -93,7 +93,7 @@ class BaseHandler(tornado.web.RequestHandler):
|
|||||||
if type(text) in self.nobleach:
|
if type(text) in self.nobleach:
|
||||||
logger.debug("Auto-bleaching - bypass type")
|
logger.debug("Auto-bleaching - bypass type")
|
||||||
return text
|
return text
|
||||||
return bleach.clean(text)
|
return nh3.clean(text)
|
||||||
|
|
||||||
def get_argument(
|
def get_argument(
|
||||||
self,
|
self,
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
import os
|
import os
|
||||||
import logging
|
import logging
|
||||||
import bleach
|
import nh3
|
||||||
import tornado.web
|
import tornado.web
|
||||||
import tornado.escape
|
import tornado.escape
|
||||||
|
|
||||||
@ -55,7 +55,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "get_file"):
|
if not self.check_server_id(server_id, "get_file"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if not self.helper.is_subdir(
|
if not self.helper.is_subdir(
|
||||||
file_path,
|
file_path,
|
||||||
@ -92,7 +92,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "get_tree"):
|
if not self.check_server_id(server_id, "get_tree"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if Helpers.validate_traversal(
|
if Helpers.validate_traversal(
|
||||||
self.controller.servers.get_server_data_by_id(server_id)["path"], path
|
self.controller.servers.get_server_data_by_id(server_id)["path"], path
|
||||||
@ -113,7 +113,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "get_tree"):
|
if not self.check_server_id(server_id, "get_tree"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if Helpers.validate_traversal(
|
if Helpers.validate_traversal(
|
||||||
self.controller.servers.get_server_data_by_id(server_id)["path"], path
|
self.controller.servers.get_server_data_by_id(server_id)["path"], path
|
||||||
@ -161,7 +161,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "create_file"):
|
if not self.check_server_id(server_id, "create_file"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if not self.helper.is_subdir(
|
if not self.helper.is_subdir(
|
||||||
file_path,
|
file_path,
|
||||||
@ -194,7 +194,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "create_dir"):
|
if not self.check_server_id(server_id, "create_dir"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if not self.helper.is_subdir(
|
if not self.helper.is_subdir(
|
||||||
dir_path,
|
dir_path,
|
||||||
@ -259,7 +259,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "del_file"):
|
if not self.check_server_id(server_id, "del_file"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||||
if not (
|
if not (
|
||||||
@ -293,7 +293,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "del_dir"):
|
if not self.check_server_id(server_id, "del_dir"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||||
if not self.helper.is_subdir(
|
if not self.helper.is_subdir(
|
||||||
@ -346,7 +346,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "save_file"):
|
if not self.check_server_id(server_id, "save_file"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if not self.helper.is_subdir(
|
if not self.helper.is_subdir(
|
||||||
file_path,
|
file_path,
|
||||||
@ -401,7 +401,7 @@ class FileHandler(BaseHandler):
|
|||||||
|
|
||||||
if not self.check_server_id(server_id, "rename_file"):
|
if not self.check_server_id(server_id, "rename_file"):
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
if item_path is None or new_item_name is None:
|
if item_path is None or new_item_name is None:
|
||||||
logger.warning("Invalid path(s) in rename_file file ajax call")
|
logger.warning("Invalid path(s) in rename_file file ajax call")
|
||||||
@ -450,7 +450,7 @@ class FileHandler(BaseHandler):
|
|||||||
f"Server ID not defined in {page_name} file ajax call ({server_id})"
|
f"Server ID not defined in {page_name} file ajax call ({server_id})"
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
server_id = bleach.clean(server_id)
|
server_id = nh3.clean(server_id)
|
||||||
|
|
||||||
# does this server id exist?
|
# does this server id exist?
|
||||||
if not self.controller.servers.server_id_exists(server_id):
|
if not self.controller.servers.server_id_exists(server_id):
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import json
|
|||||||
import logging
|
import logging
|
||||||
import threading
|
import threading
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
import bleach
|
import nh3
|
||||||
import requests
|
import requests
|
||||||
import tornado.web
|
import tornado.web
|
||||||
import tornado.escape
|
import tornado.escape
|
||||||
@ -67,9 +67,7 @@ class PanelHandler(BaseHandler):
|
|||||||
) in self.controller.crafty_perms.list_defined_crafty_permissions():
|
) in self.controller.crafty_perms.list_defined_crafty_permissions():
|
||||||
argument = int(
|
argument = int(
|
||||||
float(
|
float(
|
||||||
bleach.clean(
|
nh3.clean(self.get_argument(f"permission_{permission.name}", "0"))
|
||||||
self.get_argument(f"permission_{permission.name}", "0")
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
if argument:
|
if argument:
|
||||||
@ -78,9 +76,7 @@ class PanelHandler(BaseHandler):
|
|||||||
)
|
)
|
||||||
|
|
||||||
q_argument = int(
|
q_argument = int(
|
||||||
float(
|
float(nh3.clean(self.get_argument(f"quantity_{permission.name}", "0")))
|
||||||
bleach.clean(self.get_argument(f"quantity_{permission.name}", "0"))
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
if q_argument:
|
if q_argument:
|
||||||
server_quantity[permission.name] = q_argument
|
server_quantity[permission.name] = q_argument
|
||||||
@ -479,7 +475,7 @@ class PanelHandler(BaseHandler):
|
|||||||
template = "panel/dashboard.html"
|
template = "panel/dashboard.html"
|
||||||
|
|
||||||
elif page == "server_detail":
|
elif page == "server_detail":
|
||||||
subpage = bleach.clean(self.get_argument("subpage", ""))
|
subpage = nh3.clean(self.get_argument("subpage", ""))
|
||||||
|
|
||||||
server_id = self.check_server_id()
|
server_id = self.check_server_id()
|
||||||
if server_id is None:
|
if server_id is None:
|
||||||
@ -1284,7 +1280,7 @@ class PanelHandler(BaseHandler):
|
|||||||
template = "panel/panel_edit_user_apikeys.html"
|
template = "panel/panel_edit_user_apikeys.html"
|
||||||
|
|
||||||
elif page == "remove_user":
|
elif page == "remove_user":
|
||||||
user_id = bleach.clean(self.get_argument("id", None))
|
user_id = nh3.clean(self.get_argument("id", None))
|
||||||
|
|
||||||
if (
|
if (
|
||||||
not superuser
|
not superuser
|
||||||
@ -1416,7 +1412,7 @@ class PanelHandler(BaseHandler):
|
|||||||
template = "panel/panel_edit_role.html"
|
template = "panel/panel_edit_role.html"
|
||||||
|
|
||||||
elif page == "remove_role":
|
elif page == "remove_role":
|
||||||
role_id = bleach.clean(self.get_argument("id", None))
|
role_id = nh3.clean(self.get_argument("id", None))
|
||||||
|
|
||||||
if (
|
if (
|
||||||
not superuser
|
not superuser
|
||||||
@ -1604,7 +1600,7 @@ class PanelHandler(BaseHandler):
|
|||||||
backup_path = Helpers.wtol_path(backup_path)
|
backup_path = Helpers.wtol_path(backup_path)
|
||||||
else:
|
else:
|
||||||
backup_path = server_obj.backup_path
|
backup_path = server_obj.backup_path
|
||||||
max_backups = bleach.clean(self.get_argument("max_backups", None))
|
max_backups = nh3.clean(self.get_argument("max_backups", None))
|
||||||
|
|
||||||
server_obj = self.controller.servers.get_server_obj(server_id)
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
||||||
|
|
||||||
@ -1665,15 +1661,15 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/config_json")
|
self.redirect("/panel/config_json")
|
||||||
|
|
||||||
elif page == "edit_user":
|
elif page == "edit_user":
|
||||||
if bleach.clean(self.get_argument("username", None)).lower() == "system":
|
if nh3.clean(self.get_argument("username", None)).lower() == "system":
|
||||||
self.redirect(
|
self.redirect(
|
||||||
"/panel/error?error=Unauthorized access: "
|
"/panel/error?error=Unauthorized access: "
|
||||||
"system user is not editable"
|
"system user is not editable"
|
||||||
)
|
)
|
||||||
user_id = bleach.clean(self.get_argument("id", None))
|
user_id = nh3.clean(self.get_argument("id", None))
|
||||||
user = self.controller.users.get_user_by_id(user_id)
|
user = self.controller.users.get_user_by_id(user_id)
|
||||||
username = bleach.clean(self.get_argument("username", None).lower())
|
username = nh3.clean(self.get_argument("username", None).lower())
|
||||||
theme = bleach.clean(self.get_argument("theme", "default"))
|
theme = nh3.clean(self.get_argument("theme", "default"))
|
||||||
if (
|
if (
|
||||||
username != self.controller.users.get_user_by_id(user_id)["username"]
|
username != self.controller.users.get_user_by_id(user_id)["username"]
|
||||||
and username in self.controller.users.get_all_usernames()
|
and username in self.controller.users.get_all_usernames()
|
||||||
@ -1681,16 +1677,16 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect(
|
self.redirect(
|
||||||
"/panel/error?error=Duplicate User: Useranme already exists."
|
"/panel/error?error=Duplicate User: Useranme already exists."
|
||||||
)
|
)
|
||||||
password0 = bleach.clean(self.get_argument("password0", None))
|
password0 = nh3.clean(self.get_argument("password0", None))
|
||||||
password1 = bleach.clean(self.get_argument("password1", None))
|
password1 = nh3.clean(self.get_argument("password1", None))
|
||||||
email = bleach.clean(self.get_argument("email", "default@example.com"))
|
email = nh3.clean(self.get_argument("email", "default@example.com"))
|
||||||
enabled = int(float(self.get_argument("enabled", "0")))
|
enabled = int(float(self.get_argument("enabled", "0")))
|
||||||
try:
|
try:
|
||||||
hints = int(bleach.clean(self.get_argument("hints")))
|
hints = int(nh3.clean(self.get_argument("hints")))
|
||||||
hints = True
|
hints = True
|
||||||
except:
|
except:
|
||||||
hints = False
|
hints = False
|
||||||
lang = bleach.clean(
|
lang = nh3.clean(
|
||||||
self.get_argument("language"), self.helper.get_setting("language")
|
self.get_argument("language"), self.helper.get_setting("language")
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -1699,7 +1695,7 @@ class PanelHandler(BaseHandler):
|
|||||||
# We don't want that. Automatically make them stay super user
|
# We don't want that. Automatically make them stay super user
|
||||||
# since we know they are.
|
# since we know they are.
|
||||||
if str(exec_user["user_id"]) != str(user_id):
|
if str(exec_user["user_id"]) != str(user_id):
|
||||||
superuser = int(bleach.clean(self.get_argument("superuser", "0")))
|
superuser = int(nh3.clean(self.get_argument("superuser", "0")))
|
||||||
else:
|
else:
|
||||||
superuser = 1
|
superuser = 1
|
||||||
else:
|
else:
|
||||||
@ -1877,7 +1873,7 @@ class PanelHandler(BaseHandler):
|
|||||||
self.finish()
|
self.finish()
|
||||||
|
|
||||||
elif page == "add_user":
|
elif page == "add_user":
|
||||||
username = bleach.clean(self.get_argument("username", None).lower())
|
username = nh3.clean(self.get_argument("username", None).lower())
|
||||||
if username.lower() == "system":
|
if username.lower() == "system":
|
||||||
self.redirect(
|
self.redirect(
|
||||||
"/panel/error?error=Unauthorized access: "
|
"/panel/error?error=Unauthorized access: "
|
||||||
@ -1885,18 +1881,18 @@ class PanelHandler(BaseHandler):
|
|||||||
" Please choose a different username."
|
" Please choose a different username."
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
password0 = bleach.clean(self.get_argument("password0", None))
|
password0 = nh3.clean(self.get_argument("password0", None))
|
||||||
password1 = bleach.clean(self.get_argument("password1", None))
|
password1 = nh3.clean(self.get_argument("password1", None))
|
||||||
email = bleach.clean(self.get_argument("email", "default@example.com"))
|
email = nh3.clean(self.get_argument("email", "default@example.com"))
|
||||||
enabled = int(float(self.get_argument("enabled", "0")))
|
enabled = int(float(self.get_argument("enabled", "0")))
|
||||||
theme = bleach.clean(self.get_argument("theme"), "default")
|
theme = nh3.clean(self.get_argument("theme"), "default")
|
||||||
hints = True
|
hints = True
|
||||||
lang = bleach.clean(
|
lang = nh3.clean(
|
||||||
self.get_argument("lang", self.helper.get_setting("language"))
|
self.get_argument("lang", self.helper.get_setting("language"))
|
||||||
)
|
)
|
||||||
# We don't want a non-super user to be able to create a super user.
|
# We don't want a non-super user to be able to create a super user.
|
||||||
if superuser:
|
if superuser:
|
||||||
new_superuser = int(bleach.clean(self.get_argument("superuser", "0")))
|
new_superuser = int(nh3.clean(self.get_argument("superuser", "0")))
|
||||||
else:
|
else:
|
||||||
new_superuser = 0
|
new_superuser = 0
|
||||||
|
|
||||||
@ -1971,8 +1967,8 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/panel_config")
|
self.redirect("/panel/panel_config")
|
||||||
|
|
||||||
elif page == "edit_role":
|
elif page == "edit_role":
|
||||||
role_id = bleach.clean(self.get_argument("id", None))
|
role_id = nh3.clean(self.get_argument("id", None))
|
||||||
role_name = bleach.clean(self.get_argument("role_name", None))
|
role_name = nh3.clean(self.get_argument("role_name", None))
|
||||||
|
|
||||||
role = self.controller.roles.get_role(role_id)
|
role = self.controller.roles.get_role(role_id)
|
||||||
|
|
||||||
@ -2018,7 +2014,7 @@ class PanelHandler(BaseHandler):
|
|||||||
self.redirect("/panel/panel_config")
|
self.redirect("/panel/panel_config")
|
||||||
|
|
||||||
elif page == "add_role":
|
elif page == "add_role":
|
||||||
role_name = bleach.clean(self.get_argument("role_name", None))
|
role_name = nh3.clean(self.get_argument("role_name", None))
|
||||||
if exec_user["superuser"]:
|
if exec_user["superuser"]:
|
||||||
manager = self.get_argument("manager", None)
|
manager = self.get_argument("manager", None)
|
||||||
if manager == "":
|
if manager == "":
|
||||||
@ -2092,7 +2088,7 @@ class PanelHandler(BaseHandler):
|
|||||||
}
|
}
|
||||||
|
|
||||||
if page == "remove_apikey":
|
if page == "remove_apikey":
|
||||||
key_id = bleach.clean(self.get_argument("id", None))
|
key_id = nh3.clean(self.get_argument("id", None))
|
||||||
|
|
||||||
if not superuser:
|
if not superuser:
|
||||||
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
import logging
|
import logging
|
||||||
import bleach
|
import nh3
|
||||||
|
|
||||||
from app.classes.shared.helpers import Helpers
|
from app.classes.shared.helpers import Helpers
|
||||||
from app.classes.models.users import HelperUsers
|
from app.classes.models.users import HelperUsers
|
||||||
@ -28,8 +28,8 @@ class PublicHandler(BaseHandler):
|
|||||||
# self.clear_cookie("user_data")
|
# self.clear_cookie("user_data")
|
||||||
|
|
||||||
def get(self, page=None):
|
def get(self, page=None):
|
||||||
error = bleach.clean(self.get_argument("error", "Invalid Login!"))
|
error = nh3.clean(self.get_argument("error", "Invalid Login!"))
|
||||||
error_msg = bleach.clean(self.get_argument("error_msg", ""))
|
error_msg = nh3.clean(self.get_argument("error_msg", ""))
|
||||||
|
|
||||||
page_data = {
|
page_data = {
|
||||||
"version": self.helper.get_version_string(),
|
"version": self.helper.get_version_string(),
|
||||||
@ -82,8 +82,8 @@ class PublicHandler(BaseHandler):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def post(self, page=None):
|
def post(self, page=None):
|
||||||
error = bleach.clean(self.get_argument("error", "Invalid Login!"))
|
error = nh3.clean(self.get_argument("error", "Invalid Login!"))
|
||||||
error_msg = bleach.clean(self.get_argument("error_msg", ""))
|
error_msg = nh3.clean(self.get_argument("error_msg", ""))
|
||||||
|
|
||||||
page_data = {
|
page_data = {
|
||||||
"version": self.helper.get_version_string(),
|
"version": self.helper.get_version_string(),
|
||||||
@ -100,8 +100,8 @@ class PublicHandler(BaseHandler):
|
|||||||
if self.request.query:
|
if self.request.query:
|
||||||
next_page = "/login?" + self.request.query
|
next_page = "/login?" + self.request.query
|
||||||
|
|
||||||
entered_username = bleach.clean(self.get_argument("username"))
|
entered_username = nh3.clean(self.get_argument("username"))
|
||||||
entered_password = bleach.clean(self.get_argument("password"))
|
entered_password = nh3.clean(self.get_argument("password"))
|
||||||
|
|
||||||
# pylint: disable=no-member
|
# pylint: disable=no-member
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -4,7 +4,7 @@ import os
|
|||||||
import time
|
import time
|
||||||
import tornado.web
|
import tornado.web
|
||||||
import tornado.escape
|
import tornado.escape
|
||||||
import bleach
|
import nh3
|
||||||
|
|
||||||
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
|
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
|
||||||
from app.classes.shared.helpers import Helpers
|
from app.classes.shared.helpers import Helpers
|
||||||
@ -195,8 +195,8 @@ class ServerHandler(BaseHandler):
|
|||||||
}
|
}
|
||||||
|
|
||||||
if page == "command":
|
if page == "command":
|
||||||
server_id = bleach.clean(self.get_argument("id", None))
|
server_id = nh3.clean(self.get_argument("id", None))
|
||||||
command = bleach.clean(self.get_argument("command", None))
|
command = nh3.clean(self.get_argument("command", None))
|
||||||
|
|
||||||
if server_id is not None:
|
if server_id is not None:
|
||||||
if command == "clone_server":
|
if command == "clone_server":
|
||||||
@ -311,24 +311,24 @@ class ServerHandler(BaseHandler):
|
|||||||
user_roles = self.controller.roles.get_all_roles()
|
user_roles = self.controller.roles.get_all_roles()
|
||||||
else:
|
else:
|
||||||
user_roles = self.get_user_roles()
|
user_roles = self.get_user_roles()
|
||||||
server = bleach.clean(self.get_argument("server", ""))
|
server = nh3.clean(self.get_argument("server", ""))
|
||||||
server_name = bleach.clean(self.get_argument("server_name", ""))
|
server_name = nh3.clean(self.get_argument("server_name", ""))
|
||||||
min_mem = bleach.clean(self.get_argument("min_memory", ""))
|
min_mem = nh3.clean(self.get_argument("min_memory", ""))
|
||||||
max_mem = bleach.clean(self.get_argument("max_memory", ""))
|
max_mem = nh3.clean(self.get_argument("max_memory", ""))
|
||||||
port = bleach.clean(self.get_argument("port", ""))
|
port = nh3.clean(self.get_argument("port", ""))
|
||||||
if int(port) < 1 or int(port) > 65535:
|
if int(port) < 1 or int(port) > 65535:
|
||||||
self.redirect(
|
self.redirect(
|
||||||
"/panel/error?error=Constraint Error: "
|
"/panel/error?error=Constraint Error: "
|
||||||
"Port must be greater than 0 and less than 65535"
|
"Port must be greater than 0 and less than 65535"
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
import_type = bleach.clean(self.get_argument("create_type", ""))
|
import_type = nh3.clean(self.get_argument("create_type", ""))
|
||||||
import_server_path = bleach.clean(self.get_argument("server_path", ""))
|
import_server_path = nh3.clean(self.get_argument("server_path", ""))
|
||||||
import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
|
import_server_jar = nh3.clean(self.get_argument("server_jar", ""))
|
||||||
server_parts = server.split("|")
|
server_parts = server.split("|")
|
||||||
captured_roles = []
|
captured_roles = []
|
||||||
for role in user_roles:
|
for role in user_roles:
|
||||||
if bleach.clean(self.get_argument(str(role), "")) == "on":
|
if nh3.clean(self.get_argument(str(role), "")) == "on":
|
||||||
captured_roles.append(role)
|
captured_roles.append(role)
|
||||||
|
|
||||||
if not server_name:
|
if not server_name:
|
||||||
@ -372,7 +372,7 @@ class ServerHandler(BaseHandler):
|
|||||||
)
|
)
|
||||||
elif import_type == "import_zip":
|
elif import_type == "import_zip":
|
||||||
# here import_server_path means the zip path
|
# here import_server_path means the zip path
|
||||||
zip_path = bleach.clean(self.get_argument("root_path"))
|
zip_path = nh3.clean(self.get_argument("root_path"))
|
||||||
good_path = Helpers.check_path_exists(zip_path)
|
good_path = Helpers.check_path_exists(zip_path)
|
||||||
if not good_path:
|
if not good_path:
|
||||||
self.redirect("/panel/error?error=Temp path not found!")
|
self.redirect("/panel/error?error=Temp path not found!")
|
||||||
@ -476,9 +476,9 @@ class ServerHandler(BaseHandler):
|
|||||||
user_roles = self.controller.roles.get_all_roles()
|
user_roles = self.controller.roles.get_all_roles()
|
||||||
else:
|
else:
|
||||||
user_roles = self.controller.roles.get_all_roles()
|
user_roles = self.controller.roles.get_all_roles()
|
||||||
server = bleach.clean(self.get_argument("server", ""))
|
server = nh3.clean(self.get_argument("server", ""))
|
||||||
server_name = bleach.clean(self.get_argument("server_name", ""))
|
server_name = nh3.clean(self.get_argument("server_name", ""))
|
||||||
port = bleach.clean(self.get_argument("port", ""))
|
port = nh3.clean(self.get_argument("port", ""))
|
||||||
|
|
||||||
if not port:
|
if not port:
|
||||||
port = 19132
|
port = 19132
|
||||||
@ -488,13 +488,13 @@ class ServerHandler(BaseHandler):
|
|||||||
"Port must be greater than 0 and less than 65535"
|
"Port must be greater than 0 and less than 65535"
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
import_type = bleach.clean(self.get_argument("create_type", ""))
|
import_type = nh3.clean(self.get_argument("create_type", ""))
|
||||||
import_server_path = bleach.clean(self.get_argument("server_path", ""))
|
import_server_path = nh3.clean(self.get_argument("server_path", ""))
|
||||||
import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
|
import_server_exe = nh3.clean(self.get_argument("server_jar", ""))
|
||||||
server_parts = server.split("|")
|
server_parts = server.split("|")
|
||||||
captured_roles = []
|
captured_roles = []
|
||||||
for role in user_roles:
|
for role in user_roles:
|
||||||
if bleach.clean(self.get_argument(str(role), "")) == "on":
|
if nh3.clean(self.get_argument(str(role), "")) == "on":
|
||||||
captured_roles.append(role)
|
captured_roles.append(role)
|
||||||
|
|
||||||
if not server_name:
|
if not server_name:
|
||||||
@ -536,7 +536,7 @@ class ServerHandler(BaseHandler):
|
|||||||
)
|
)
|
||||||
elif import_type == "import_zip":
|
elif import_type == "import_zip":
|
||||||
# here import_server_path means the zip path
|
# here import_server_path means the zip path
|
||||||
zip_path = bleach.clean(self.get_argument("root_path"))
|
zip_path = nh3.clean(self.get_argument("root_path"))
|
||||||
good_path = Helpers.check_path_exists(zip_path)
|
good_path = Helpers.check_path_exists(zip_path)
|
||||||
if not good_path:
|
if not good_path:
|
||||||
self.redirect("/panel/error?error=Temp path not found!")
|
self.redirect("/panel/error?error=Temp path not found!")
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
apscheduler==3.8.1
|
apscheduler==3.8.1
|
||||||
argon2-cffi==21.3
|
argon2-cffi==21.3
|
||||||
bleach==4.1
|
nh3==0.2.14
|
||||||
cached_property==1.5.2
|
cached_property==1.5.2
|
||||||
colorama==0.4
|
colorama==0.4
|
||||||
croniter==1.3.5
|
croniter==1.3.5
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user