mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-03-20 20:02:44 -05:00
Code Issues Packages Projects Releases Wiki Activity

improve locking down unauthorized folders

Browse Source
This commit is contained in:
Eric Schultz
2019-08-30 14:31:23 -05:00
parent 63053a8d1f
commit 8085abdf38
1 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
auth_request.php
View File

@@ -7,7 +7,26 @@ if (isset($_SESSION["unraid_login"])) {
exit;
}
$arrWhitelist = ['/webGui/styles/','/webGui/images/case-model.png'];
$arrWhitelist = [
'/webGui/styles/clear-sans-bold-italic.eot',
'/webGui/styles/clear-sans-bold-italic.woff',
'/webGui/styles/clear-sans-bold-italic.ttf',
'/webGui/styles/clear-sans-bold-italic.svg',
'/webGui/styles/clear-sans-bold.eot',
'/webGui/styles/clear-sans-bold.woff',
'/webGui/styles/clear-sans-bold.ttf',
'/webGui/styles/clear-sans-bold.svg',
'/webGui/styles/clear-sans-italic.eot',
'/webGui/styles/clear-sans-italic.woff',
'/webGui/styles/clear-sans-italic.ttf',
'/webGui/styles/clear-sans-italic.svg',
'/webGui/styles/clear-sans.eot',
'/webGui/styles/clear-sans.woff',
'/webGui/styles/clear-sans.ttf',
'/webGui/styles/clear-sans.svg',
'/webGui/styles/default-cases.css',
'/webGui/images/case-model.png'
];
foreach ($arrWhitelist as $strWhitelist) {
if (strpos($_SERVER['REQUEST_URI'], $strWhitelist) === 0) {
http_response_code(200);