Merge pull request 'XSS: Also encode in admin page, and other....' (#65) from yonle/snac2:master into master

Reviewed-on: https://codeberg.org/grunfink/snac2/pulls/65
This commit is contained in:
grunfink 2023-07-13 08:42:30 +00:00
commit ff8e400e67
4 changed files with 18 additions and 19 deletions

View file

@ -1154,7 +1154,6 @@ xs_dict *msg_question(snac *user, const char *content, xs_list *attach,
const xs_list *opts, int multiple, int end_secs)
/* creates a Question message */
{
xs *ntid = tid(0);
xs_dict *msg = msg_note(user, content, NULL, NULL, attach, 0);
int max = 8;
xs_set seen;

18
html.c
View file

@ -549,26 +549,26 @@ d_char *html_top_controls(snac *snac, d_char *s)
L("User setup..."),
snac->actor,
L("User name"),
xs_dict_get(snac->config, "name"),
L("Display name"),
encode_html(xs_dict_get(snac->config, "name")),
L("Avatar"),
L("Bio"),
xs_dict_get(snac->config, "bio"),
encode_html(xs_dict_get(snac->config, "bio")),
strcmp(cw, "open") == 0 ? "checked" : "",
L("Always show sensitive content"),
L("Email address for notifications"),
email,
encode_html(email),
L("Telegram notifications (bot key and chat id)"),
telegram_bot,
telegram_chat_id,
encode_html(telegram_bot),
encode_html(telegram_chat_id),
L("Maximum days to keep posts (0: server settings)"),
purge_days,
encode_html(purge_days),
xs_type(d_dm_f_u) == XSTYPE_TRUE ? "checked" : "",
L("Drop direct messages from people you don't follow"),
xs_type(bot) == XSTYPE_TRUE ? "checked" : "",
L("This account is a bot"),
L("Password (only to change it)"),
L("Repeat Password"),
L("New Password"),
L("Repeat New Password"),
L("Update user info")
);

14
utils.c
View file

@ -85,7 +85,7 @@ int snac_init(const char *basedir)
FILE *f;
if (basedir == NULL) {
printf("Base directory:\n");
printf("Base directory: ");
srv_basedir = xs_strip_i(xs_readline(stdin));
}
else
@ -98,7 +98,7 @@ int snac_init(const char *basedir)
srv_basedir = xs_crop_i(srv_basedir, 0, -1);
if (mtime(srv_basedir) != 0.0) {
printf("ERROR: directory '%s' must not exist\n", srv_basedir);
printf("ERROR: directory '%s' must not exist.\n", srv_basedir);
return 1;
}
@ -107,14 +107,14 @@ int snac_init(const char *basedir)
xs *layout = xs_number_new(disk_layout);
srv_config = xs_dict_set(srv_config, "layout", layout);
printf("Network address [%s]:\n", xs_dict_get(srv_config, "address"));
printf("Network address [%s]: ", xs_dict_get(srv_config, "address"));
{
xs *i = xs_strip_i(xs_readline(stdin));
if (*i)
srv_config = xs_dict_set(srv_config, "address", i);
}
printf("Network port [%d]:\n", (int)xs_number_get(xs_dict_get(srv_config, "port")));
printf("Network port [%d]: ", (int)xs_number_get(xs_dict_get(srv_config, "port")));
{
xs *i = xs_strip_i(xs_readline(stdin));
if (*i) {
@ -123,7 +123,7 @@ int snac_init(const char *basedir)
}
}
printf("Host name:\n");
printf("Host name: ");
{
xs *i = xs_strip_i(xs_readline(stdin));
if (*i == '\0')
@ -132,7 +132,7 @@ int snac_init(const char *basedir)
srv_config = xs_dict_set(srv_config, "host", i);
}
printf("URL prefix:\n");
printf("URL prefix: ");
{
xs *i = xs_strip_i(xs_readline(stdin));
@ -144,7 +144,7 @@ int snac_init(const char *basedir)
}
}
printf("Admin email address (optional):\n");
printf("Admin email address (optional): ");
{
xs *i = xs_strip_i(xs_readline(stdin));

View file

@ -30,7 +30,7 @@ struct _mime_info {
{ "audio/mp3", ".mp3"},
{ "audio/ogg", ".ogg"},
{ "audio/ogg", ".oga"},
{ "audio/opus", ".opus"},
{ "audio/ogg", ".opus"},
{ "audio/flac", ".flac"},
{ "audio/wav", ".wav"},
{ "audio/wma", ".wma"},