github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v3.4.4.5 

XSS protect
pull/145/head
Pavel Loginov 2019-07-16 14:42:45 +03:00
parent c83eb3989a
commit ba79e7301c
4 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/config.py
View File

@ -5,7 +5,7 @@ import http.cookies
import funct
import sql
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'))
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('config.html')
print('Content-type: text/html\n')

8
app/options.py
View File

@ -295,7 +295,7 @@ if form.getvalue('servaction') is not None:
if act == "showCompareConfigs":
import glob
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/ajax'))
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
template = env.get_template('/show_compare_configs.html')
left = form.getvalue('left')
right = form.getvalue('right')
@ -309,7 +309,7 @@ if serv is not None and form.getvalue('right') is not None:
right = form.getvalue('right')
hap_configs_dir = funct.get_config_var('configs', 'haproxy_save_configs_dir')
cmd='diff -ub %s%s %s%s' % (hap_configs_dir, left, hap_configs_dir, right)
env = Environment(loader=FileSystemLoader('templates/ajax'),extensions=['jinja2.ext.loopcontrols', "jinja2.ext.do"])
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True, extensions=['jinja2.ext.loopcontrols', "jinja2.ext.do"])
template = env.get_template('compare.html')
output, stderr = funct.subprocess_execute(cmd)
@ -329,11 +329,13 @@ if serv is not None and act == "configShow":
try:
conf = open(cfg, "r")
#conf = conf.read()
#conf = funct.escape_html(conf)
except IOError:
print('<div class="alert alert-danger">Can\'t read import config file</div>')
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/ajax'),extensions=['jinja2.ext.loopcontrols'])
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True, extensions=['jinja2.ext.loopcontrols'])
template = env.get_template('config_show.html')
template = template.render(conf=conf, view=form.getvalue('view'), serv=serv, configver=form.getvalue('configver'), role=funct.is_admin(level=2))

2
app/templates/base.html
View File

@ -115,7 +115,7 @@
</ul>
</nav>
<div class="copyright-menu">
<a href="https://github.com/aidaho12/haproxy-wi/" title="Github repo" target="_blank" style="color: #fff">HAproxy-WI v3.4.4.4</a>
<a href="https://github.com/aidaho12/haproxy-wi/" title="Github repo" target="_blank" style="color: #fff">HAproxy-WI v3.4.4.5</a>
<br>
<a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 30px; color: red;" class="patreon"> Patreon</a>
</div>