Merge pull request #939 from appwrite/fix-xss-console
Fixed XSS in the console
This commit is contained in:
commit
5b2993bccf
10 changed files with 49 additions and 20 deletions
|
@ -26,6 +26,10 @@
|
|||
|
||||
- Updated missing storage env vars
|
||||
|
||||
## Security
|
||||
|
||||
- Fixed an XSS vulnerability in the Appwrite console
|
||||
|
||||
# Version 0.7.0
|
||||
|
||||
## Features
|
||||
|
|
|
@ -139,7 +139,6 @@ $cli
|
|||
Console::success('SMTP................connected 👍');
|
||||
} catch (\Throwable $th) {
|
||||
Console::error('SMTP.............disconnected 👎');
|
||||
var_dump($th);
|
||||
}
|
||||
|
||||
$host = App::getEnv('_APP_STATSD_HOST', 'telegraf');
|
||||
|
|
|
@ -64,6 +64,7 @@
|
|||
</td>
|
||||
<td data-title="Size: ">
|
||||
<span class="text-fade text-size-small" data-ls-bind="{{file.sizeOriginal|humanFileSize}}"></span>
|
||||
<span class="text-fade text-size-small" data-ls-bind="{{file.sizeOriginal|humanFileUnit}}"></span>
|
||||
</td>
|
||||
<td data-title="Created: ">
|
||||
<span class="text-fade text-size-small" data-ls-bind="{{file.dateCreated|dateText}}"></span>
|
||||
|
|
|
@ -117,7 +117,7 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled',true);
|
|||
<b data-ls-bind="{{tag.$id}}"></b>
|
||||
<span class="text-fade" data-ls-bind="{{tag.command}}"></span>
|
||||
<div class="text-size-small margin-top-small clear">
|
||||
<span class="pull-start" data-ls-bind="Created {{tag.dateCreated|timeSince}} | {{tag.size|humanFileSize}}"></span>
|
||||
<span class="pull-start" data-ls-bind="Created {{tag.dateCreated|timeSince}} | {{tag.size|humanFileSize}}{{tag.size|humanFileUnit}}"></span>
|
||||
|
||||
<form data-ls-if="{{tag.$id}} !== {{project-function.tag}}" name="functions.deleteTag" class="pull-start"
|
||||
data-analytics
|
||||
|
|
|
@ -97,7 +97,10 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled',true);
|
|||
</div>
|
||||
</div>
|
||||
<div class="col span-3">
|
||||
<div class="value margin-bottom-small"><span class="sum" data-ls-bind="{{usage.network.total|humanFileSize}}" data-default="0">0</span></div>
|
||||
<div class="value margin-bottom-small">
|
||||
<span class="sum" data-ls-bind="{{usage.network.total|humanFileSize}}" data-default="0">0</span>
|
||||
<span data-ls-bind="{{usage.network.total|humanFileUnit}}" class="text-size-small unit"></span>
|
||||
</div>
|
||||
<div class="metric margin-bottom-small">Bandwidth</div>
|
||||
|
||||
<div class="margin-top-large value small">
|
||||
|
@ -117,7 +120,10 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled',true);
|
|||
<div class="margin-top-small"><b class="text-size-small unit">Documents</b></div>
|
||||
</div>
|
||||
<div class="col span-3">
|
||||
<div class="value"><span class="sum" data-ls-bind="{{usage.storage.total|humanFileSize}}" data-default="0">0</span></div>
|
||||
<div class="value">
|
||||
<span class="sum" data-ls-bind="{{usage.storage.total|humanFileSize}}" data-default="0">0</span>
|
||||
<span data-ls-bind="{{usage.storage.total|humanFileUnit}}" class="text-size-small unit"></span>
|
||||
</div>
|
||||
<div class="margin-top-small"><b class="text-size-small unit">Storage</b></div>
|
||||
</div>
|
||||
<div class="col span-3">
|
||||
|
|
|
@ -204,6 +204,7 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
|
|||
</td>
|
||||
<td data-title="Size: ">
|
||||
<span class="text-fade text-size-small" data-ls-bind="{{file.sizeOriginal|humanFileSize}}"></span>
|
||||
<span class="text-fade text-size-small" data-ls-bind="{{file.sizeOriginal|humanFileUnit}}"></span>
|
||||
</td>
|
||||
<td data-title="Created: ">
|
||||
<span class="text-fade text-size-small" data-ls-bind="{{file.dateCreated|dateText}}"></span>
|
||||
|
|
9
public/dist/scripts/app-all.js
vendored
9
public/dist/scripts/app-all.js
vendored
|
@ -2071,7 +2071,7 @@ container.path(paths[i],value);}});}
|
|||
return;}
|
||||
if(element.value!==value){element.value=value;element.dispatchEvent(new Event('change'));}
|
||||
if(bind){element.addEventListener('input',sync);element.addEventListener('change',sync);}}
|
||||
else{if(element.innerHTML!=value){element.innerHTML=value;}}};let sync=(()=>{return()=>{if(debug){console.info('debug-ls-bind','sync-path',paths);console.info('debug-ls-bind','sync-syntax',syntax);console.info('debug-ls-bind','sync-syntax-parsed',parsedSyntax);console.info('debug-ls-bind','sync-value',element.value);}
|
||||
else{if(element.textContent!=value){element.textContent=value;}}};let sync=(()=>{return()=>{if(debug){console.info('debug-ls-bind','sync-path',paths);console.info('debug-ls-bind','sync-syntax',syntax);console.info('debug-ls-bind','sync-syntax-parsed',parsedSyntax);console.info('debug-ls-bind','sync-value',element.value);}
|
||||
for(let i=0;i<paths.length;i++){if('{{'+paths[i]+'}}'!==parsedSyntax){if(debug){console.info('debug-ls-bind','sync-skipped-path',paths[i]);console.info('debug-ls-bind','sync-skipped-syntax',syntax);console.info('debug-ls-bind','sync-skipped-syntax-parsed',parsedSyntax);}
|
||||
continue;}
|
||||
if(debug){console.info('debug-ls-bind','sync-loop-path',paths[i]);console.info('debug-ls-bind','sync-loop-syntax',parsedSyntax);}
|
||||
|
@ -2250,9 +2250,10 @@ return value+" "+unit+" "+direction;}).add("ms2hum",function($value){let temp=$v
|
|||
(minutes?minutes+"m ":"")+
|
||||
Number.parseFloat(seconds).toFixed(0)+"s");}
|
||||
return"< 1s";}).add("seconds2hum",function($value){var seconds=($value).toFixed(3);var minutes=($value/(60)).toFixed(1);var hours=($value/(60*60)).toFixed(1);var days=($value/(60*60*24)).toFixed(1);if(seconds<60){return seconds+"s";}else if(minutes<60){return minutes+"m";}else if(hours<24){return hours+"h";}else{return days+"d"}}).add("markdown",function($value,markdown){return markdown.render($value);}).add("pageCurrent",function($value,env){return Math.ceil(parseInt($value||0)/env.PAGING_LIMIT)+1;}).add("pageTotal",function($value,env){let total=Math.ceil(parseInt($value||0)/env.PAGING_LIMIT);return total?total:1;}).add("humanFileSize",function($value){if(!$value){return 0;}
|
||||
let thresh=1000;if(Math.abs($value)<thresh){return $value+" B";}
|
||||
let units=["kB","MB","GB","TB","PB","EB","ZB","YB"];let u=-1;do{$value/=thresh;++u;}while(Math.abs($value)>=thresh&&u<units.length-1);return($value.toFixed(1)+'<span class="text-size-small unit">'+
|
||||
units[u]+"</span>");}).add("statsTotal",function($value){if(!$value){return 0;}
|
||||
let thresh=1000;if(Math.abs($value)<thresh){return $value;}
|
||||
let units=["kB","MB","GB","TB","PB","EB","ZB","YB"];let u=-1;do{$value/=thresh;++u;}while(Math.abs($value)>=thresh&&u<units.length-1);return $value.toFixed(1);}).add("humanFileUnit",function($value){if(!$value){return'';}
|
||||
let thresh=1000;if(Math.abs($value)<thresh){return'B';}
|
||||
let units=["kB","MB","GB","TB","PB","EB","ZB","YB"];let u=-1;do{$value/=thresh;++u;}while(Math.abs($value)>=thresh&&u<units.length-1);return units[u];}).add("statsTotal",function($value){if(!$value){return 0;}
|
||||
$value=abbreviate($value,0,false,false);return $value==="0"?"N/A":$value;}).add("isEmpty",function($value){return(!!$value);}).add("isEmptyObject",function($value){return((Object.keys($value).length===0&&$value.constructor===Object)||$value.length===0)}).add("activeDomainsCount",function($value){let result=[];if(Array.isArray($value)){result=$value.filter(function(node){return(node.verification&&node.certificateId);});}
|
||||
return result.length;}).add("documentAction",function(container){let collection=container.get('project-collection');let document=container.get('project-document');if(collection&&document&&!document.$id){return'database.createDocument';}
|
||||
return'database.updateDocument';}).add("documentSuccess",function(container){let document=container.get('project-document');if(document&&!document.$id){return',redirect';}
|
||||
|
|
9
public/dist/scripts/app.js
vendored
9
public/dist/scripts/app.js
vendored
|
@ -116,7 +116,7 @@ container.path(paths[i],value);}});}
|
|||
return;}
|
||||
if(element.value!==value){element.value=value;element.dispatchEvent(new Event('change'));}
|
||||
if(bind){element.addEventListener('input',sync);element.addEventListener('change',sync);}}
|
||||
else{if(element.innerHTML!=value){element.innerHTML=value;}}};let sync=(()=>{return()=>{if(debug){console.info('debug-ls-bind','sync-path',paths);console.info('debug-ls-bind','sync-syntax',syntax);console.info('debug-ls-bind','sync-syntax-parsed',parsedSyntax);console.info('debug-ls-bind','sync-value',element.value);}
|
||||
else{if(element.textContent!=value){element.textContent=value;}}};let sync=(()=>{return()=>{if(debug){console.info('debug-ls-bind','sync-path',paths);console.info('debug-ls-bind','sync-syntax',syntax);console.info('debug-ls-bind','sync-syntax-parsed',parsedSyntax);console.info('debug-ls-bind','sync-value',element.value);}
|
||||
for(let i=0;i<paths.length;i++){if('{{'+paths[i]+'}}'!==parsedSyntax){if(debug){console.info('debug-ls-bind','sync-skipped-path',paths[i]);console.info('debug-ls-bind','sync-skipped-syntax',syntax);console.info('debug-ls-bind','sync-skipped-syntax-parsed',parsedSyntax);}
|
||||
continue;}
|
||||
if(debug){console.info('debug-ls-bind','sync-loop-path',paths[i]);console.info('debug-ls-bind','sync-loop-syntax',parsedSyntax);}
|
||||
|
@ -295,9 +295,10 @@ return value+" "+unit+" "+direction;}).add("ms2hum",function($value){let temp=$v
|
|||
(minutes?minutes+"m ":"")+
|
||||
Number.parseFloat(seconds).toFixed(0)+"s");}
|
||||
return"< 1s";}).add("seconds2hum",function($value){var seconds=($value).toFixed(3);var minutes=($value/(60)).toFixed(1);var hours=($value/(60*60)).toFixed(1);var days=($value/(60*60*24)).toFixed(1);if(seconds<60){return seconds+"s";}else if(minutes<60){return minutes+"m";}else if(hours<24){return hours+"h";}else{return days+"d"}}).add("markdown",function($value,markdown){return markdown.render($value);}).add("pageCurrent",function($value,env){return Math.ceil(parseInt($value||0)/env.PAGING_LIMIT)+1;}).add("pageTotal",function($value,env){let total=Math.ceil(parseInt($value||0)/env.PAGING_LIMIT);return total?total:1;}).add("humanFileSize",function($value){if(!$value){return 0;}
|
||||
let thresh=1000;if(Math.abs($value)<thresh){return $value+" B";}
|
||||
let units=["kB","MB","GB","TB","PB","EB","ZB","YB"];let u=-1;do{$value/=thresh;++u;}while(Math.abs($value)>=thresh&&u<units.length-1);return($value.toFixed(1)+'<span class="text-size-small unit">'+
|
||||
units[u]+"</span>");}).add("statsTotal",function($value){if(!$value){return 0;}
|
||||
let thresh=1000;if(Math.abs($value)<thresh){return $value;}
|
||||
let units=["kB","MB","GB","TB","PB","EB","ZB","YB"];let u=-1;do{$value/=thresh;++u;}while(Math.abs($value)>=thresh&&u<units.length-1);return $value.toFixed(1);}).add("humanFileUnit",function($value){if(!$value){return'';}
|
||||
let thresh=1000;if(Math.abs($value)<thresh){return'B';}
|
||||
let units=["kB","MB","GB","TB","PB","EB","ZB","YB"];let u=-1;do{$value/=thresh;++u;}while(Math.abs($value)>=thresh&&u<units.length-1);return units[u];}).add("statsTotal",function($value){if(!$value){return 0;}
|
||||
$value=abbreviate($value,0,false,false);return $value==="0"?"N/A":$value;}).add("isEmpty",function($value){return(!!$value);}).add("isEmptyObject",function($value){return((Object.keys($value).length===0&&$value.constructor===Object)||$value.length===0)}).add("activeDomainsCount",function($value){let result=[];if(Array.isArray($value)){result=$value.filter(function(node){return(node.verification&&node.certificateId);});}
|
||||
return result.length;}).add("documentAction",function(container){let collection=container.get('project-collection');let document=container.get('project-document');if(collection&&document&&!document.$id){return'database.createDocument';}
|
||||
return'database.updateDocument';}).add("documentSuccess",function(container){let document=container.get('project-document');if(document&&!document.$id){return',redirect';}
|
||||
|
|
|
@ -116,7 +116,7 @@ container.path(paths[i],value);}});}
|
|||
return;}
|
||||
if(element.value!==value){element.value=value;element.dispatchEvent(new Event('change'));}
|
||||
if(bind){element.addEventListener('input',sync);element.addEventListener('change',sync);}}
|
||||
else{if(element.innerHTML!=value){element.innerHTML=value;}}};let sync=(()=>{return()=>{if(debug){console.info('debug-ls-bind','sync-path',paths);console.info('debug-ls-bind','sync-syntax',syntax);console.info('debug-ls-bind','sync-syntax-parsed',parsedSyntax);console.info('debug-ls-bind','sync-value',element.value);}
|
||||
else{if(element.textContent!=value){element.textContent=value;}}};let sync=(()=>{return()=>{if(debug){console.info('debug-ls-bind','sync-path',paths);console.info('debug-ls-bind','sync-syntax',syntax);console.info('debug-ls-bind','sync-syntax-parsed',parsedSyntax);console.info('debug-ls-bind','sync-value',element.value);}
|
||||
for(let i=0;i<paths.length;i++){if('{{'+paths[i]+'}}'!==parsedSyntax){if(debug){console.info('debug-ls-bind','sync-skipped-path',paths[i]);console.info('debug-ls-bind','sync-skipped-syntax',syntax);console.info('debug-ls-bind','sync-skipped-syntax-parsed',parsedSyntax);}
|
||||
continue;}
|
||||
if(debug){console.info('debug-ls-bind','sync-loop-path',paths[i]);console.info('debug-ls-bind','sync-loop-syntax',parsedSyntax);}
|
||||
|
|
|
@ -133,7 +133,7 @@ window.ls.filter
|
|||
let thresh = 1000;
|
||||
|
||||
if (Math.abs($value) < thresh) {
|
||||
return $value + " B";
|
||||
return $value;
|
||||
}
|
||||
|
||||
let units = ["kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"];
|
||||
|
@ -144,12 +144,28 @@ window.ls.filter
|
|||
++u;
|
||||
} while (Math.abs($value) >= thresh && u < units.length - 1);
|
||||
|
||||
return (
|
||||
$value.toFixed(1) +
|
||||
'<span class="text-size-small unit">' +
|
||||
units[u] +
|
||||
"</span>"
|
||||
);
|
||||
return $value.toFixed(1);
|
||||
})
|
||||
.add("humanFileUnit", function($value) {
|
||||
if (!$value) {
|
||||
return '';
|
||||
}
|
||||
|
||||
let thresh = 1000;
|
||||
|
||||
if (Math.abs($value) < thresh) {
|
||||
return 'B';
|
||||
}
|
||||
|
||||
let units = ["kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"];
|
||||
let u = -1;
|
||||
|
||||
do {
|
||||
$value /= thresh;
|
||||
++u;
|
||||
} while (Math.abs($value) >= thresh && u < units.length - 1);
|
||||
|
||||
return units[u];
|
||||
})
|
||||
.add("statsTotal", function($value) {
|
||||
if (!$value) {
|
||||
|
|
Loading…
Reference in a new issue