mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-05-06 20:30:50 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from limetech/master

Browse Source 
LT Catchup
This commit is contained in:
Squidly271
2019-09-21 20:50:09 -04:00
committed by GitHub
parent 87732ab99e 0f03ad6f98
commit 69e463e2d2
4 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth_request.php
+1 -1
View File
@@ -1,6 +1,6 @@
<?php
session_name("unraid_".md5(strstr($_SERVER['HTTP_HOST'].':', ':', true)));
session_set_cookie_params(0, '/', null, array_key_exists('HTTPS', $_SERVER), true);
session_set_cookie_params(0, '/; samesite=strict', null, array_key_exists('HTTPS', $_SERVER), true);
session_start();
// authorized
login.php
+1 -2
View File
@@ -1,6 +1,6 @@
<?php
session_name("unraid_".md5(strstr($_SERVER['HTTP_HOST'].':', ':', true)));
session_set_cookie_params(0, '/', null, array_key_exists('HTTPS', $_SERVER), true);
session_set_cookie_params(0, '/; samesite=strict', null, array_key_exists('HTTPS', $_SERVER), true);
session_start();
$docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
@@ -333,7 +333,6 @@ $theme_dark = in_array($display['theme'],['black','gray']);
<p>
<input name="username" type="text" placeholder="Username" required>
<input name="password" type="password" placeholder="Password" required>
<input name="csrf_token" type="hidden" value="<?=$var['csrf_token']?>">
</p>
<? if ($error) echo '<p class="error">'.$error.'</p>'; ?>
<script type="text/javascript">
plugins/dynamix.plugin.manager/scripts/PluginAPI.php
+16 -5
View File
@@ -13,10 +13,21 @@
$docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
require_once "$docroot/plugins/dynamix.plugin.manager/include/PluginHelpers.php";
function download_url($url, $path = "", $bg = false, $timeout=45){
if ( ! strpos($url,"?") ) $url .= "?".time();
exec("curl --compressed --connect-timeout 15 --max-time $timeout --silent --insecure --location --fail ".($path ? " -o '$path' " : "")." $url ".($bg ? ">/dev/null 2>&1 &" : "2>/dev/null"), $out, $exit_code );
return ($exit_code === 0 ) ? implode("\n", $out) : false;
function download_url($url, $path = "") {
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_FRESH_CONNECT,true);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,15);
curl_setopt($ch,CURLOPT_TIMEOUT,45);
curl_setopt($ch,CURLOPT_ENCODING,"");
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$out = curl_exec($ch);
curl_close($ch);
if ( $path )
file_put_contents($path,$out);
return $out ?: false;
}
$options = $_POST['options'];
@@ -50,4 +61,4 @@ if ( strcmp($version,$installedVersion) > 0 ) {
echo json_encode(array("updateAvailable" => $update,"version" => $version,"min"=>$min,"changes"=>$changes,"installedVersion"=>$installedVersion));
?>
?>
plugins/dynamix/include/local_prepend.php
+1 -1
View File
@@ -22,7 +22,7 @@ putenv('PATH=.:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin');
chdir('/usr/local/emhttp');
setlocale(LC_ALL,'en_US.UTF-8');
date_default_timezone_set(substr(readlink('/etc/localtime-copied-from'),20));
if ($_SERVER['SCRIPT_NAME'] != '/auth_request.php' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_SERVER['SCRIPT_NAME'] != '/login.php' && $_SERVER['SCRIPT_NAME'] != '/auth_request.php' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($var)) $var = parse_ini_file('state/var.ini');
if (!isset($var['csrf_token'])) csrf_terminate("uninitialized");
if (!isset($_POST['csrf_token'])) csrf_terminate("missing");