From 6399b1211cc18d3868960575d706e38c34e21d36 Mon Sep 17 00:00:00 2001 From: Dustin Falgout Date: Sun, 19 Feb 2017 14:13:47 -0600 Subject: [PATCH] Dont check allowed dirs in JavaScript. Doing it on Python side is good enough. --- web-greeter/resources/js/ThemeUtils.js | 42 ++------------------------ 1 file changed, 3 insertions(+), 39 deletions(-) diff --git a/web-greeter/resources/js/ThemeUtils.js b/web-greeter/resources/js/ThemeUtils.js index f5a7782..48dc808 100644 --- a/web-greeter/resources/js/ThemeUtils.js +++ b/web-greeter/resources/js/ThemeUtils.js @@ -29,21 +29,9 @@ let localized_invalid_date = null, time_language = null, time_format = null, - allowed_dirs = null, _ThemeUtils = null; -function _set_allowed_dirs() { - allowed_dirs = { - themes_dir: lightdm.themes_dir, - backgrounds_dir: greeter_config.branding.background_images_dir, - lightdm_data_dir: lightdm.shared_data_dir, - tmpdir: '/' + 'tmp', - }; -} - - - /** * Provides various utility methods for use in greeter themes. The greeter will automatically * create an instance of this class when it starts. The instance can be accessed @@ -111,14 +99,12 @@ class ThemeUtils { * @param {function(string[])} callback Callback function to be called with the result. */ dirlist( path, only_images = true, callback ) { - let allowed = false; - if ( '' === path || 'string' !== typeof path ) { - console.log('[ERROR] theme_utils.dirlist(): path must be a non-empty string!'); + console.error('[ERROR] theme_utils.dirlist(): path must be a non-empty string!'); return callback([]); } else if ( null !== path.match(/^[^/].+/) ) { - console.log('[ERROR] theme_utils.dirlist(): path must be absolute!'); + console.error('[ERROR] theme_utils.dirlist(): path must be absolute!'); return callback([]); } @@ -127,36 +113,14 @@ class ThemeUtils { path = path.replace(/\/\.+(?=\/)/g, '' ); } - if ( null === allowed_dirs ) { - _set_allowed_dirs(); - } - - if ( ! Object.keys( allowed_dirs ).some( dir => path.startsWith( allowed_dirs[dir] ) ) ) { - console.log(`[ERROR] theme_utils.dirlist(): path is not allowed: ${path}`); - return callback([]); - } - try { return _ThemeUtils.dirlist( path, only_images, callback ); - } catch( err ) { - console.log( `[ERROR] theme_utils.dirlist(): ${err}` ); + console.error( `[ERROR] theme_utils.dirlist(): ${err}` ); return callback([]); } } - /** - * Escape HTML entities in a string. - * - * @param {string} text The text to be escaped. - * - * @returns {string} - */ - esc_html( text ) { - return this.txt2html( text ); - } - - /** * Get the current time in a localized format. Time format and language are auto-detected * by default, but can be set manually in the greeter config file.