Security fixes.
This commit is contained in:
parent
5b48c468ca
commit
b529680615
|
@ -2815,6 +2815,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
if (command.meshid.split('/').length == 1) { command.meshid = 'mesh/' + domain.id + '/' + command.meshid; }
|
||||
var smesh = command.meshid.split('/');
|
||||
if ((smesh.length != 3) || (smesh[0] != 'mesh') || (smesh[1] != domain.id)) { err = 'Invalid group id'; }
|
||||
var serverName = parent.getWebServerName(domain);
|
||||
if (parent.args.lanonly == true) { err = 'Server has not fixed IP or DNS name.'; }
|
||||
|
||||
// Handle any errors
|
||||
if (err != null) {
|
||||
|
@ -2831,7 +2833,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
var httpsPort = ((args.aliasport == null) ? args.port : args.aliasport); // Use HTTPS alias port is specified
|
||||
var xdomain = (domain.dns == null) ? domain.id : '';
|
||||
if (xdomain != '') xdomain += "/";
|
||||
var url = "http" + (args.notls ? '' : 's') + "://" + parent.getWebServerName(domain) + ":" + httpsPort + "/" + xdomain + "agentinvite?c=" + inviteCookie;
|
||||
var url = "http" + (args.notls ? '' : 's') + "://" + serverName + ":" + httpsPort + "/" + xdomain + "agentinvite?c=" + inviteCookie;
|
||||
|
||||
ws.send(JSON.stringify({ action: 'createInviteLink', meshid: command.meshid, url: url, expire: command.expire, cookie: inviteCookie, responseid: command.responseid, tag: command.tag }));
|
||||
break;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.4.1-f",
|
||||
"version": "0.4.1-g",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
|
1570
public/commander.htm
1570
public/commander.htm
File diff suppressed because one or more lines are too long
|
@ -2848,7 +2848,7 @@
|
|||
}
|
||||
if (mesh.mtype == 2) {
|
||||
r += ' <a href=# style=cursor:pointer;font-size:10px title="Add a new computer to this mesh by installing the mesh agent." onclick=\'return addAgentToMesh(\"' + mesh._id + '\")\'>Add Agent</a>';
|
||||
r += ' <a href=# style=cursor:pointer;font-size:10px title="Invite someone to install the mesh agent on this mesh." onclick=\'return inviteAgentToMesh(\"' + mesh._id + '\")\'>Invite</a>';
|
||||
if ((features & 2) == 0) { r += ' <a href=# style=cursor:pointer;font-size:10px title="Invite someone to install the mesh agent on this mesh." onclick=\'return inviteAgentToMesh(\"' + mesh._id + '\")\'>Invite</a>'; }
|
||||
}
|
||||
return r;
|
||||
}
|
||||
|
@ -7168,10 +7168,13 @@
|
|||
|
||||
function p20validateAddMeshUserDialog() {
|
||||
var meshrights = currentMesh.links[userinfo._id].rights;
|
||||
var ok = true, xusers = null;
|
||||
var ok = true;
|
||||
if (Q('dp20username')) {
|
||||
Q('dp20username').value.split(',');
|
||||
for (var i in xusers) { var xuser = xusers[i] = xusers[i].trim(); if (xuser.length == 0) { ok = false; } else if (xuser.indexOf('"') >= 0) { ok = false; } }
|
||||
var xusers = Q('dp20username').value.split(',');
|
||||
for (var i in xusers) {
|
||||
var xuser = xusers[i] = xusers[i].trim();
|
||||
if (xuser.length == 0) { ok = false; } else if (xuser.indexOf('"') >= 0) { ok = false; }
|
||||
}
|
||||
|
||||
// Fill the suggestion box
|
||||
var showsuggestbox = false, exactMatch = false;
|
||||
|
|
|
@ -3180,7 +3180,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
"Referrer-Policy": "no-referrer",
|
||||
"X-XSS-Protection": "1; mode=block",
|
||||
"X-Content-Type-Options": "nosniff",
|
||||
"Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self'; media-src 'self'"
|
||||
"Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self' ws" + ((args.notls !== true)?'s':'') + "://" + req.headers.host + "; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self'; media-src 'self'"
|
||||
});
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue