Merge pull request 'XSS: Also encode in admin page, and other....' (#65) from yonle/snac2:master into master

Reviewed-on: https://codeberg.org/grunfink/snac2/pulls/65
This commit is contained in:
grunfink 2023-07-13 08:42:30 +00:00
commit ff8e400e67
4 changed files with 18 additions and 19 deletions

View file

@ -1154,7 +1154,6 @@ xs_dict *msg_question(snac *user, const char *content, xs_list *attach,
const xs_list *opts, int multiple, int end_secs) const xs_list *opts, int multiple, int end_secs)
/* creates a Question message */ /* creates a Question message */
{ {
xs *ntid = tid(0);
xs_dict *msg = msg_note(user, content, NULL, NULL, attach, 0); xs_dict *msg = msg_note(user, content, NULL, NULL, attach, 0);
int max = 8; int max = 8;
xs_set seen; xs_set seen;

18
html.c
View file

@ -549,26 +549,26 @@ d_char *html_top_controls(snac *snac, d_char *s)
L("User setup..."), L("User setup..."),
snac->actor, snac->actor,
L("User name"), L("Display name"),
xs_dict_get(snac->config, "name"), encode_html(xs_dict_get(snac->config, "name")),
L("Avatar"), L("Avatar"),
L("Bio"), L("Bio"),
xs_dict_get(snac->config, "bio"), encode_html(xs_dict_get(snac->config, "bio")),
strcmp(cw, "open") == 0 ? "checked" : "", strcmp(cw, "open") == 0 ? "checked" : "",
L("Always show sensitive content"), L("Always show sensitive content"),
L("Email address for notifications"), L("Email address for notifications"),
email, encode_html(email),
L("Telegram notifications (bot key and chat id)"), L("Telegram notifications (bot key and chat id)"),
telegram_bot, encode_html(telegram_bot),
telegram_chat_id, encode_html(telegram_chat_id),
L("Maximum days to keep posts (0: server settings)"), L("Maximum days to keep posts (0: server settings)"),
purge_days, encode_html(purge_days),
xs_type(d_dm_f_u) == XSTYPE_TRUE ? "checked" : "", xs_type(d_dm_f_u) == XSTYPE_TRUE ? "checked" : "",
L("Drop direct messages from people you don't follow"), L("Drop direct messages from people you don't follow"),
xs_type(bot) == XSTYPE_TRUE ? "checked" : "", xs_type(bot) == XSTYPE_TRUE ? "checked" : "",
L("This account is a bot"), L("This account is a bot"),
L("Password (only to change it)"), L("New Password"),
L("Repeat Password"), L("Repeat New Password"),
L("Update user info") L("Update user info")
); );

14
utils.c
View file

@ -85,7 +85,7 @@ int snac_init(const char *basedir)
FILE *f; FILE *f;
if (basedir == NULL) { if (basedir == NULL) {
printf("Base directory:\n"); printf("Base directory: ");
srv_basedir = xs_strip_i(xs_readline(stdin)); srv_basedir = xs_strip_i(xs_readline(stdin));
} }
else else
@ -98,7 +98,7 @@ int snac_init(const char *basedir)
srv_basedir = xs_crop_i(srv_basedir, 0, -1); srv_basedir = xs_crop_i(srv_basedir, 0, -1);
if (mtime(srv_basedir) != 0.0) { if (mtime(srv_basedir) != 0.0) {
printf("ERROR: directory '%s' must not exist\n", srv_basedir); printf("ERROR: directory '%s' must not exist.\n", srv_basedir);
return 1; return 1;
} }
@ -107,14 +107,14 @@ int snac_init(const char *basedir)
xs *layout = xs_number_new(disk_layout); xs *layout = xs_number_new(disk_layout);
srv_config = xs_dict_set(srv_config, "layout", layout); srv_config = xs_dict_set(srv_config, "layout", layout);
printf("Network address [%s]:\n", xs_dict_get(srv_config, "address")); printf("Network address [%s]: ", xs_dict_get(srv_config, "address"));
{ {
xs *i = xs_strip_i(xs_readline(stdin)); xs *i = xs_strip_i(xs_readline(stdin));
if (*i) if (*i)
srv_config = xs_dict_set(srv_config, "address", i); srv_config = xs_dict_set(srv_config, "address", i);
} }
printf("Network port [%d]:\n", (int)xs_number_get(xs_dict_get(srv_config, "port"))); printf("Network port [%d]: ", (int)xs_number_get(xs_dict_get(srv_config, "port")));
{ {
xs *i = xs_strip_i(xs_readline(stdin)); xs *i = xs_strip_i(xs_readline(stdin));
if (*i) { if (*i) {
@ -123,7 +123,7 @@ int snac_init(const char *basedir)
} }
} }
printf("Host name:\n"); printf("Host name: ");
{ {
xs *i = xs_strip_i(xs_readline(stdin)); xs *i = xs_strip_i(xs_readline(stdin));
if (*i == '\0') if (*i == '\0')
@ -132,7 +132,7 @@ int snac_init(const char *basedir)
srv_config = xs_dict_set(srv_config, "host", i); srv_config = xs_dict_set(srv_config, "host", i);
} }
printf("URL prefix:\n"); printf("URL prefix: ");
{ {
xs *i = xs_strip_i(xs_readline(stdin)); xs *i = xs_strip_i(xs_readline(stdin));
@ -144,7 +144,7 @@ int snac_init(const char *basedir)
} }
} }
printf("Admin email address (optional):\n"); printf("Admin email address (optional): ");
{ {
xs *i = xs_strip_i(xs_readline(stdin)); xs *i = xs_strip_i(xs_readline(stdin));

View file

@ -30,7 +30,7 @@ struct _mime_info {
{ "audio/mp3", ".mp3"}, { "audio/mp3", ".mp3"},
{ "audio/ogg", ".ogg"}, { "audio/ogg", ".ogg"},
{ "audio/ogg", ".oga"}, { "audio/ogg", ".oga"},
{ "audio/opus", ".opus"}, { "audio/ogg", ".opus"},
{ "audio/flac", ".flac"}, { "audio/flac", ".flac"},
{ "audio/wav", ".wav"}, { "audio/wav", ".wav"},
{ "audio/wma", ".wma"}, { "audio/wma", ".wma"},