mirror/Gokapi
1
0
Fork 0
mirror of https://github.com/Forceu/Gokapi.git synced 2026-01-07 09:29:33 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed incorrect handling of e2e filename decryption #300

Browse Source
This commit is contained in:
Marc Ole Bulling
2025-08-28 16:03:23 +02:00
parent be5dee136c
commit b6799afa66
7 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build/go-generate/minifyStaticContent.go
View File

@@ -138,5 +138,5 @@ func fileExists(filename string) bool {
// Version codes can be changed in updateVersionNumbers.go
const jsAdminVersion = 12
const jsE2EVersion = 7
const jsE2EVersion = 8
const cssMainVersion = 5

2
build/go-generate/updateVersionNumbers.go
View File

@@ -13,7 +13,7 @@ import (
const versionJsAdmin = 12
const versionJsDropzone = 5
const versionJsE2EAdmin = 7
const versionJsE2EAdmin = 8
const versionCssMain = 5
const fileMain = "../../cmd/gokapi/Main.go"

7
internal/webserver/web/static/js/end2end_download.js
View File

@@ -10,7 +10,7 @@ function parseHashValue(id) {
}
let info;
try {
let infoJson = atob(hash);
let infoJson = b64ToUtf8(hash);
info = JSON.parse(infoJson)
} catch (err) {
redirectToE2EError();
@@ -25,6 +25,11 @@ function parseHashValue(id) {
}
}
function b64ToUtf8(str) {
let bytes = Uint8Array.from(atob(str), c => c.charCodeAt(0));
return new TextDecoder().decode(bytes);
}
function isCorrectJson(input) {
return (input.f !== undefined &&
input.c !== undefined &&

0
internal/webserver/web/static/js/min/end2end_admin.min.7.js → internal/webserver/web/static/js/min/end2end_admin.min.8.js
View File

1
internal/webserver/web/static/js/min/end2end_download.min.7.js
View File

@@ -1 +0,0 @@
function parseHashValue(e){let t=sessionStorage.getItem("key-"+e),n=sessionStorage.getItem("fn-"+e);if(t===null||n===null){if(hash=window.location.hash.substr(1),hash.length<50){redirectToE2EError();return}let t;try{let e=atob(hash);t=JSON.parse(e)}catch{redirectToE2EError();return}if(!isCorrectJson(t)){redirectToE2EError();return}sessionStorage.setItem("key-"+e,t.c),sessionStorage.setItem("fn-"+e,t.f)}}function isCorrectJson(e){return e.f!==0[0]&&e.c!==0[0]&&typeof e.f=="string"&&typeof e.c=="string"&&e.f!=""&&e.c!=""}function redirectToE2EError(){window.location="./error?e2e"}

1
internal/webserver/web/static/js/min/end2end_download.min.8.js Normal file
View File

@@ -0,0 +1 @@
function parseHashValue(e){let t=sessionStorage.getItem("key-"+e),n=sessionStorage.getItem("fn-"+e);if(t===null||n===null){if(hash=window.location.hash.substr(1),hash.length<50){redirectToE2EError();return}let t;try{let e=b64ToUtf8(hash);t=JSON.parse(e)}catch{redirectToE2EError();return}if(!isCorrectJson(t)){redirectToE2EError();return}sessionStorage.setItem("key-"+e,t.c),sessionStorage.setItem("fn-"+e,t.f)}}function b64ToUtf8(e){let t=Uint8Array.from(atob(e),e=>e.charCodeAt(0));return(new TextDecoder).decode(t)}function isCorrectJson(e){return e.f!==0[0]&&e.c!==0[0]&&typeof e.f=="string"&&typeof e.c=="string"&&e.f!=""&&e.c!=""}function redirectToE2EError(){window.location="./error?e2e"}

2
internal/webserver/web/templates/string_constants.tmpl
View File

@@ -5,5 +5,5 @@
// use a cached version, if the file has been updated
{{define "js_admin_version"}}12{{end}}
{{define "js_dropzone_version"}}5{{end}}
{{define "js_e2eversion"}}7{{end}}
{{define "js_e2eversion"}}8{{end}}
{{define "css_main"}}5{{end}}