7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "K-119618: Множественные reflected xss"

This commit is contained in:
Aleksandr Gichkalov 2022-03-11 11:06:58 +04:00 committed by GitHub
parent d9a8bcc66c
commit a2342079c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 12 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/js/app.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/nginxconfig/templates/domain_sections/onion.vue
View File

@ -103,7 +103,7 @@ THE SOFTWARE.
'$props.data.onionLocation': {
handler(data) {
// Drop http(s)://
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/^https?:\/\//, '');
},
deep: true,
},

1
src/nginxconfig/templates/domain_sections/restrict.vue
View File

@ -279,7 +279,6 @@ THE SOFTWARE.
watch: {
'$props.data.responseCode': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
if (data.computed && /^[1-5][0-9][0-9]$/.test(data.computed)) {
this.validResponseCode = true;
} else {

12
src/nginxconfig/templates/domain_sections/reverse_proxy.vue
View File

@ -165,18 +165,6 @@ THE SOFTWARE.
},
deep: true,
},
'$props.data.path': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.proxyPass': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>

10
src/nginxconfig/templates/domain_sections/server.vue
View File

@ -208,7 +208,7 @@ THE SOFTWARE.
watch: {
'$props.data.domain': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/<.+>/, '');
// Ignore www. if given, enable WWW subdomain
if (data.computed.startsWith('www.')) {
data.computed = data.computed.slice(4);
@ -244,7 +244,7 @@ THE SOFTWARE.
// Ensure there is a default path
'$props.data.path': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/<.+>/, '');
if (!data.computed.trim()) {
data.computed = `/var/www/${this.$props.data.domain.computed}`;
}
@ -253,19 +253,19 @@ THE SOFTWARE.
},
'$props.data.documentRoot': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/<.+>/, '');
},
deep: true,
},
'$props.data.listenIpv4': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/<.+>/, '');
},
deep: true,
},
'$props.data.listenIpv6': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/<.+>/, '');
},
deep: true,
},

2
src/nginxconfig/templates/global_sections/https.vue
View File

@ -374,7 +374,7 @@ THE SOFTWARE.
},
'$props.data.letsEncryptCertRoot': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.computed.replace(/<.+>/, '');
},
deep: true,
},

12
src/nginxconfig/templates/global_sections/logging.vue
View File

@ -272,18 +272,6 @@ THE SOFTWARE.
},
deep: true,
},
'$props.data.accessLog': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.errorLog': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>

22
src/nginxconfig/templates/global_sections/nginx.vue
View File

@ -210,11 +210,10 @@ THE SOFTWARE.
// Clean nginx directory of trailing slashes
'$props.data.nginxConfigDirectory': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
// This might cause recursion, but seems not to
if (data.enabled)
if (data.computed.endsWith('/'))
data.computed = data.default;
data.computed = data.computed.replace(/\/+$/, '');
},
deep: true,
},
@ -224,7 +223,7 @@ THE SOFTWARE.
// This might cause recursion, but seems not to
if (data.enabled)
if (!data.options.includes(data.computed))
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.default;
},
deep: true,
},
@ -232,7 +231,6 @@ THE SOFTWARE.
'$props.data.clientMaxBodySize': {
handler(data) {
// This might cause recursion, but seems not to
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
if (data.enabled)
if (data.computed < 0)
data.computed = 0;
@ -245,7 +243,7 @@ THE SOFTWARE.
// This might cause recursion, but seems not to
if (data.enabled)
if (!data.options.includes(data.computed))
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.default;
},
deep: true,
},
@ -255,19 +253,7 @@ THE SOFTWARE.
// This might cause recursion, but seems not to
if (data.enabled)
if (!data.options.includes(data.computed))
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.user': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.pid': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
data.computed = data.default;
},
deep: true,
},

26
src/nginxconfig/templates/global_sections/performance.vue
View File

@ -176,31 +176,5 @@ THE SOFTWARE.
data: Object, // Data delegated back to us from parent
},
computed: computedFromDefaults(defaults, 'performance'), // Getters & setters for the delegated data
watch: {
'$props.data.svgExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.assetsExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.fontsExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.mediaExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>

6
src/nginxconfig/templates/global_sections/python.vue
View File

@ -96,12 +96,6 @@ THE SOFTWARE.
},
deep: true,
},
'$props.data.pythonServer': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>