Skip to content
Permalink
Browse files

Rev4188, Allow only white listed values for open_browser

  • Loading branch information...
shortcutme committed Aug 19, 2019
1 parent c7822ed commit 155d8d4dfdf8f5c1bab3c5cc0f4e1be8dd049bd1
Showing with 7 additions and 2 deletions.
  1. +1 −1 src/Config.py
  2. +6 −1 src/Ui/UiWebsocket.py
@@ -13,7 +13,7 @@ class Config(object):

def __init__(self, argv):
self.version = "0.7.0"
self.rev = 4187
self.rev = 4188
self.argv = argv
self.action = None
self.pending_changes = {}
@@ -1137,9 +1137,14 @@ def actionServerShowdirectory(self, to, directory="backup", inner_path=""):
def actionConfigSet(self, to, key, value):
import main
if key not in config.keys_api_change_allowed:
self.response(to, {"error": "Forbidden you cannot set this config key"})
self.response(to, {"error": "Forbidden: You cannot set this config key"})
return

if key == "open_browser":
if value not in ["default_browser", "False"]:

This comment has been minimized.

Copy link
@imachug

imachug Aug 19, 2019

Contributor

Sounds like a bad idea to me. I think there should be something like a <select> in UiConfig that lets you choose what browser to launch. We could have presets (Firefox, Chrome or Edge, sigh) and let the user choose the browser manually.

This comment has been minimized.

Copy link
@HelloZeroNet

HelloZeroNet Aug 19, 2019

Owner

It could be replaced by a dropdown, but actually webbrowser.get chrome/google-chrome/firefox/edge all drops "webbrowser.Error: could not locate runnable browser" for me, so probably it does not work properly in all environment.

This comment has been minimized.

Copy link
@imachug

imachug Aug 19, 2019

Contributor

It might not work in all environments, but it works in some of them at least. #2162 is related.

self.response(to, {"error": "Forbidden: Invalid value"})
return

# Remove empty lines from lists
if type(value) is list:
value = [line for line in value if line]

0 comments on commit 155d8d4

Please sign in to comment.
You can’t perform that action at this time.