mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-02-20 01:41:27 +01:00
* [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice
* [FIX] Bugfixed resource includes
This commit is contained in:
@@ -1,3 +1,8 @@
|
||||
=== ** v1.2.0.21 ===
|
||||
|
||||
* [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice
|
||||
* [FIX] Bugfixed resource includes
|
||||
|
||||
=== ** v1.2.0.20 ===
|
||||
|
||||
* [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
=== ** v1.2.0.21 ===
|
||||
|
||||
* [FIX] Corrección de fallo crítico que previene la transversión de directorios en la inclusión de archivos JS/CSS. Gracias a Jav Van por el aviso
|
||||
* [FIX] Corrección de la inclusión de recursos
|
||||
|
||||
=== ** v1.2.0.20 ===
|
||||
|
||||
* [FIX] Corrección de fallo crítico que previene la transversión de directorios en la inclusión de archivos JS/CSS. Gracias a Jav Van por el aviso
|
||||
|
||||
@@ -52,7 +52,7 @@ if (!$file) {
|
||||
|
||||
$Minify = new Minify();
|
||||
$Minify->setType(Minify::FILETYPE_CSS);
|
||||
$Minify->setBase(urldecode($base));
|
||||
$Minify->setBase(urldecode($base), true);
|
||||
$Minify->addFile(urldecode($file));
|
||||
$Minify->getMinified();
|
||||
}
|
||||
@@ -25,6 +25,7 @@
|
||||
|
||||
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
|
||||
|
||||
define('BASE_DIR', __DIR__);
|
||||
define('CONFIG_FILE', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'config.php');
|
||||
define('MODEL_PATH', __DIR__);
|
||||
define('CONTROLLER_PATH', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'web');
|
||||
|
||||
@@ -63,10 +63,11 @@ class Minify
|
||||
|
||||
/**
|
||||
* @param string $base
|
||||
* @param bool $checkPath
|
||||
*/
|
||||
public function setBase($base)
|
||||
public function setBase($base, $checkPath = false)
|
||||
{
|
||||
$this->_base = Request::getSecureAppPath($base);
|
||||
$this->_base = $checkPath === true ? Request::getSecureAppPath($base) : $base;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -304,7 +304,7 @@ class Util
|
||||
*/
|
||||
public static function curlIsAvailable()
|
||||
{
|
||||
return (function_exists('curl_init'));
|
||||
return function_exists('curl_init');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -315,7 +315,7 @@ class Util
|
||||
*/
|
||||
public static function getVersion($retBuild = false)
|
||||
{
|
||||
$version = array(1, 2, 0, '20');
|
||||
$version = array(1, 2, 0, '21');
|
||||
|
||||
if (!$retBuild) {
|
||||
array_pop($version);
|
||||
@@ -338,9 +338,9 @@ class Util
|
||||
*/
|
||||
public static function getMaxUpload()
|
||||
{
|
||||
$max_upload = (int)(ini_get('upload_max_filesize'));
|
||||
$max_post = (int)(ini_get('post_max_size'));
|
||||
$memory_limit = (int)(ini_get('memory_limit'));
|
||||
$max_upload = (int)ini_get('upload_max_filesize');
|
||||
$max_post = (int)ini_get('post_max_size');
|
||||
$memory_limit = (int)ini_get('memory_limit');
|
||||
$upload_mb = min($max_upload, $max_post, $memory_limit);
|
||||
|
||||
Log::writeNewLog(__FUNCTION__, "Max. PHP upload: " . $upload_mb . "MB");
|
||||
|
||||
2
inc/themes/material-blue/js/functions.min.js
vendored
2
inc/themes/material-blue/js/functions.min.js
vendored
@@ -1,5 +1,5 @@
|
||||
var $jscomp={scope:{},findInternal:function(a,f,b){a instanceof String&&(a=String(a));for(var d=a.length,c=0;c<d;c++){var k=a[c];if(f.call(b,k,c,a))return{i:c,v:k}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,f,b){if(b.get||b.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[f]=b.value)};
|
||||
$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global&&null!=global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,b,d){if(f){b=$jscomp.global;a=a.split(".");for(d=0;d<a.length-1;d++){var c=a[d];c in b||(b[c]={});b=b[c]}a=a[a.length-1];d=b[a];f=f(d);f!=d&&null!=f&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:f})}};
|
||||
$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,b,d){if(f){b=$jscomp.global;a=a.split(".");for(d=0;d<a.length-1;d++){var c=a[d];c in b||(b[c]={});b=b[c]}a=a[a.length-1];d=b[a];f=f(d);f!=d&&null!=f&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:f})}};
|
||||
$jscomp.polyfill("Array.prototype.find",function(a){return a?a:function(a,b){return $jscomp.findInternal(this,a,b).v}},"es6-impl","es3");
|
||||
sysPass.Util.Theme=function(a){var f=sysPass.Util.Common,b=f.passwordData,d=f.LANG,c=function(){a("#wrap-loading").show();a("#loading").addClass("is-active")},k=function(){a("#wrap-loading").hide();a("#loading").removeClass("is-active")},m=function(){a(".active-tooltip").tooltip({content:function(){return a(this).attr("title")},tooltipClass:"tooltip"})},n=function(g,e,l,c){e=0;g="";for(var h;e<b.complexity.numlength;){h=Math.floor(100*Math.random())%94+33;if(!b.complexity.symbols){if(33<=h&&47>=h)continue;
|
||||
if(58<=h&&64>=h)continue;if(91<=h&&96>=h)continue;if(123<=h&&126>=h)continue}!b.complexity.numbers&&48<=h&&57>=h||!b.complexity.uppercase&&65<=h&&90>=h||(e++,g+=String.fromCharCode(h))}!0===l?a("#viewPass").attr("title",g):alertify.alert('<div id="alert"><p id="alert-text">'+d[6]+'</p><p id="alert-pass"> '+g+"</p>");e=zxcvbn(g);b.passLength=g.length;c?(l=a("#"+c).parent(),f.outputResult(e.score,c),e=new MaterialTextfield,l.find("input:password").val(g),l.addClass(e.CssClasses_.IS_DIRTY).removeClass(e.CssClasses_.IS_INVALID),
|
||||
|
||||
Reference in New Issue
Block a user