Rev4188, Allow only white listed values for open_browser

HelloZeroNet · Aug 19, 2019 · 155d8d4 · purplesyringa · Aug 19, 2019 · HelloZeroNet
1 parent c7822ed
commit 155d8d4
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/src/Config.py b/src/Config.py
@@ -13,7 +13,7 @@ class Config(object):
 
     def __init__(self, argv):
         self.version = "0.7.0"
-        self.rev = 4187
+        self.rev = 4188
         self.argv = argv
         self.action = None
         self.pending_changes = {}

diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py
@@ -1137,9 +1137,14 @@ def actionServerShowdirectory(self, to, directory="backup", inner_path=""):
     def actionConfigSet(self, to, key, value):
         import main
         if key not in config.keys_api_change_allowed:
-            self.response(to, {"error": "Forbidden you cannot set this config key"})
+            self.response(to, {"error": "Forbidden: You cannot set this config key"})
             return
 
+        if key == "open_browser":
+            if value not in ["default_browser", "False"]:
+                self.response(to, {"error": "Forbidden: Invalid value"})
+                return
+
         # Remove empty lines from lists
         if type(value) is list:
             value = [line for line in value if line]