Permalink
Browse files

Fix CVE 2017-9807 / close #620

  • Loading branch information...
jbleyel committed Jun 24, 2017
1 parent 2153ae0 commit c53ca9ea27f4aeae303ec430624fb8d7dd610f46
@@ -32,7 +32,7 @@
#end if
<link type="text/css" href="../css/style.min.css" rel="stylesheet"/>
<link type="text/css" href="../web/css" rel="stylesheet"/>
<script type="text/javascript" src="../js/openwebif-1.2.7.min.js"></script>
<script type="text/javascript" src="../js/openwebif-1.2.8.min.js"></script>
<script type="text/javascript" src="../js/jquery-ui-timepicker-addon.min.js"></script>
<script type="text/javascript" src="../js/chosen.jquery.min.js"></script>
<script type="text/javascript">initJsTranslation($dumps($tstrings))</script>
@@ -19,7 +19,7 @@
#end if
<link type="text/css" href="css/style.min.css" rel="stylesheet"/>
<link type="text/css" href="web/css" rel="stylesheet"/>
<script type="text/javascript" src="js/openwebif-1.2.7.min.js"></script>
<script type="text/javascript" src="js/openwebif-1.2.8.min.js"></script>
<script type="text/javascript" src="js/jquery-ui-timepicker-addon.min.js"></script>
<script type="text/javascript" src="/js/chosen.jquery.min.js"></script>
<script type="text/javascript">initJsTranslation($dumps($tstrings))</script>
@@ -997,10 +997,16 @@ def P_tvbrowser(self, request):
return tvbrowser(self.session, request)
def P_saveconfig(self, request):
res = self.testMandatoryArguments(request, ["key", "value"])
if res:
return res
return saveConfig(request.args["key"][0], request.args["value"][0])
if request.method == b'POST':
res = self.testMandatoryArguments(request, ["key", "value"])
if res:
return res
key = request.args["key"][0]
if "/" not in key and "%" not in key and "." in key:
keys = key.split('.')
if len(keys) == 3 and keys[0] == 'config':
return saveConfig(key, request.args["value"][0])
return {"result": False}
def P_mediaplayeradd(self, request):
res = self.testMandatoryArguments(request, ["file"])

This file was deleted.

Oops, something went wrong.

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -1,6 +1,6 @@
//******************************************************************************
//* openwebif.js: openwebif base module
//* Version 1.2.7
//* Version 1.2.8
//******************************************************************************
//* Copyright (C) 2011-2017 E2OpenPlugins
//*
@@ -22,6 +22,7 @@
//* V 1.2.5 - improve remote control #603
//* V 1.2.6 - improve full channel list and edit timer
//* V 1.2.7 - improve movie rename/delete, fix timer channel selection #612
//* V 1.2.8 - improve save config #620
//*
//* Authors: skaman <sandro # skanetwork.com>
//* meo
@@ -977,11 +978,12 @@ function toggleFullRemote() {
}
function saveConfig(key, value) {
webapi_execute("/api/saveconfig?key=" + escape(key) + "&value=" + escape(value));
if (key == "config.usage.setup_level") {
// TODO: refresh the menu box with new sections list
$("#content_container").load(lastcontenturl);
}
$.ajax({ url: "/api/saveconfig?key=" + escape(key) + "&value=" + escape(value), cache: false, async: true, type: "POST"}).done(function() {
if (key == "config.usage.setup_level") {
// TODO: refresh the menu box with new sections list
$("#content_container").load(lastcontenturl);
}
});
}
function numberTextboxKeydownFilter(event) {

0 comments on commit c53ca9e

Please sign in to comment.