Skip to content
Permalink
Browse files

Enforced access controls to System settings pages

  • Loading branch information...
luccioman committed Sep 19, 2018
1 parent de6820d commit 4ed055bcdf26b6f28ec4f038297c4f29fa043803
@@ -35,6 +35,7 @@

import net.yacy.cora.order.Digest;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.data.TransactionManager;
import net.yacy.http.InetPathAccessHandler;
import net.yacy.kelondro.util.Formatter;
import net.yacy.peers.Network;
@@ -66,6 +67,9 @@ public static serverObjects respond(final RequestHeader header, final serverObje
prop.put("info", "1");//no information submitted
return prop;
}

/* Check this is a valid transaction */
TransactionManager.checkPostTransaction(header, post);

// admin password
if (post.containsKey("adminaccount")) {
@@ -1,4 +1,5 @@
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="admin">Crawler Settings</legend>
<table border="0" cellspacing="5" width="100%">
<tr><td colspan="3"><p><strong>Generic Crawler Settings</strong>:</p></td></tr>
@@ -5,6 +5,7 @@
</div>

<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data" class="form-horizontal">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset>
<legend>Solr communication</legend>

@@ -1,4 +1,5 @@
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="messageForwarding">Message Forwarding</legend>
<p>With this settings you can activate or deactivate forwarding of yacy-messages via email.</p>
<table border="0" cellspacing="5">
@@ -1,4 +1,5 @@
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="proxy">Remote Proxy (optional)</legend>
<p>YaCy can use another proxy to connect to the internet. You can enter the address for the remote proxy here:</p>

@@ -1,4 +1,5 @@
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="http">Proxy Settings</legend>
<table border="0" cellspacing="5">
<tr valign="top">
@@ -38,6 +39,7 @@
</fieldset>
</form>
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="ProxyAccess">Proxy Access Settings</legend>
<p>
These settings configure the access method to your own http proxy and server.
@@ -13,6 +13,7 @@ Visited websites can process this information as they whish, so this can become
</p>

<form action="SettingsAck_p.html" method="post" class="form-horizontal">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset>
<legend>Global policy</legend>

@@ -11,6 +11,7 @@
but only if there have been changes to the seed-list.
</p>
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<table border="0" cellspacing="5">
<tr valign="top">
<td><label for="method">Upload Method</label>:</td>
@@ -2,6 +2,7 @@
<p><strong>Store into filesystem:</strong></p>
<p>You must configure this if you want to store the seed-list file onto the file system.</p>
<form action="SettingsAck_p.html" method="post">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<table border="0" cellspacing="5">
<tr valign="top">
<td><label for="fs_path">File Location:</label></td>
@@ -7,6 +7,7 @@
but only if there had been changes to the seed-list.
</p>
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<table border="0" cellspacing="5">
<tr valign="top">
<td><label for="ftp_server">Server</label>:</td>
@@ -2,6 +2,7 @@
<p><strong>Uploading via SCP:</strong></p>
<p>This is the account for a server where you are able to login via ssh.</p>
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<table border="0" cellspacing="5">
<tr valign="top">
<td><label for="scp_serv">Server</label>:</td>
@@ -1,4 +1,5 @@
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="general">Server Access Settings</legend>
<table border="0" cellspacing="5">
<tr valign="top">
@@ -1,5 +1,6 @@

<form id="urlproxysettings" action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend id="urlproxy">URL Proxy Settings</legend>
<p>
With this settings you can activate or deactivate URL proxy.
@@ -26,6 +26,7 @@
import java.util.Iterator;

import net.yacy.cora.protocol.RequestHeader;
import net.yacy.data.TransactionManager;
import net.yacy.http.ReferrerPolicy;
import net.yacy.peers.Network;
import net.yacy.peers.Seed;
@@ -47,6 +48,9 @@ public static serverObjects respond(final RequestHeader header, final serverObje

final String page = (post == null) ? "general" : post.get("page", "general");

/* Acquire a transaction token for the next possible POST form submission */
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header, "/SettingsAck_p.html"));

if (page.equals("ProxyAccess")) {
prop.put("settingsTables", "Settings_ProxyAccess.inc");
}

0 comments on commit 4ed055b

Please sign in to comment.
You can’t perform that action at this time.