Skip to content
This repository was archived by the owner on May 22, 2019. It is now read-only.

Commit 6399b12

Browse files
lots0logslots0logs
committed
Dont check allowed dirs in JavaScript. Doing it on Python side is good enough.
1 parent 33a3f0d commit 6399b12

File tree

1 file changed

+3
-39
lines changed

1 file changed

+3
-39
lines changed

web-greeter/resources/js/ThemeUtils.js

Lines changed: 3 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -29,21 +29,9 @@
2929
let localized_invalid_date = null,
3030
time_language = null,
3131
time_format = null,
32-
allowed_dirs = null,
3332
_ThemeUtils = null;
3433

3534

36-
function _set_allowed_dirs() {
37-
allowed_dirs = {
38-
themes_dir: lightdm.themes_dir,
39-
backgrounds_dir: greeter_config.branding.background_images_dir,
40-
lightdm_data_dir: lightdm.shared_data_dir,
41-
tmpdir: '/' + 'tmp',
42-
};
43-
}
44-
45-
46-
4735
/**
4836
* Provides various utility methods for use in greeter themes. The greeter will automatically
4937
* create an instance of this class when it starts. The instance can be accessed
@@ -111,14 +99,12 @@ class ThemeUtils {
11199
* @param {function(string[])} callback Callback function to be called with the result.
112100
*/
113101
dirlist( path, only_images = true, callback ) {
114-
let allowed = false;
115-
116102
if ( '' === path || 'string' !== typeof path ) {
117-
console.log('[ERROR] theme_utils.dirlist(): path must be a non-empty string!');
103+
console.error('[ERROR] theme_utils.dirlist(): path must be a non-empty string!');
118104
return callback([]);
119105

120106
} else if ( null !== path.match(/^[^/].+/) ) {
121-
console.log('[ERROR] theme_utils.dirlist(): path must be absolute!');
107+
console.error('[ERROR] theme_utils.dirlist(): path must be absolute!');
122108
return callback([]);
123109
}
124110

@@ -127,36 +113,14 @@ class ThemeUtils {
127113
path = path.replace(/\/\.+(?=\/)/g, '' );
128114
}
129115

130-
if ( null === allowed_dirs ) {
131-
_set_allowed_dirs();
132-
}
133-
134-
if ( ! Object.keys( allowed_dirs ).some( dir => path.startsWith( allowed_dirs[dir] ) ) ) {
135-
console.log(`[ERROR] theme_utils.dirlist(): path is not allowed: ${path}`);
136-
return callback([]);
137-
}
138-
139116
try {
140117
return _ThemeUtils.dirlist( path, only_images, callback );
141-
142118
} catch( err ) {
143-
console.log( `[ERROR] theme_utils.dirlist(): ${err}` );
119+
console.error( `[ERROR] theme_utils.dirlist(): ${err}` );
144120
return callback([]);
145121
}
146122
}
147123

148-
/**
149-
* Escape HTML entities in a string.
150-
*
151-
* @param {string} text The text to be escaped.
152-
*
153-
* @returns {string}
154-
*/
155-
esc_html( text ) {
156-
return this.txt2html( text );
157-
}
158-
159-
160124
/**
161125
* Get the current time in a localized format. Time format and language are auto-detected
162126
* by default, but can be set manually in the greeter config file.

0 commit comments

Comments
 (0)