web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make hidden hashes disabled by default

Browse Source
This commit is contained in:
yflory 2020-02-10 10:46:20 +01:00
parent 7d0dbe5d09
commit 4d2538c796
4 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/common/common-ui-elements.js
View File

@ -657,7 +657,7 @@ define([
// Use hidden hash if needed (we're an owner of this pad so we know it is stored) // Use hidden hash if needed (we're an owner of this pad so we know it is stored)
var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
var href = (priv.readOnly && data.roHref) ? data.roHref : data.href; var href = (priv.readOnly && data.roHref) ? data.roHref : data.href;
if (!useUnsafe) { if (useUnsafe === false) {
var newParsed = Hash.parsePadUrl(href); var newParsed = Hash.parsePadUrl(href);
var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass); var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass);
var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {}); var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {});

2
www/common/drive-ui.js
View File

@ -1037,7 +1037,7 @@ define([
var href = isRo ? data.roHref : (data.href || data.roHref); var href = isRo ? data.roHref : (data.href || data.roHref);
var priv = metadataMgr.getPrivateData(); var priv = metadataMgr.getPrivateData();
var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
if (useUnsafe) { if (useUnsafe !== false) { // true of undefined: use unsafe links
return void window.open(APP.origin + href); return void window.open(APP.origin + href);
} }

4
www/common/sframe-common-outer.js
View File

@ -646,7 +646,7 @@ define([
var opts = parsed.getOptions(); var opts = parsed.getOptions();
var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']);
if (!useUnsafe && window.history && window.history.replaceState) { if (useUnsafe === false && window.history && window.history.replaceState) {
if (!/^#/.test(hash)) { hash = '#' + hash; } if (!/^#/.test(hash)) { hash = '#' + hash; }
window.history.replaceState({}, window.document.title, hash); window.history.replaceState({}, window.document.title, hash);
} }
@ -684,7 +684,7 @@ define([
var opts = parsed.getOptions(); var opts = parsed.getOptions();
var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']);
if (!useUnsafe && window.history && window.history.replaceState) { if (useUnsafe === false && window.history && window.history.replaceState) {
if (!/^#/.test(hash)) { hash = '#' + hash; } if (!/^#/.test(hash)) { hash = '#' + hash; }
window.history.replaceState({}, window.document.title, hash); window.history.replaceState({}, window.document.title, hash);
} }

5
www/settings/inner.js
View File

@ -573,10 +573,11 @@ define([
var $cbox = $(UI.createCheckbox('cp-settings-safe-links', var $cbox = $(UI.createCheckbox('cp-settings-safe-links',
Messages.settings_safeLinksCheckbox, Messages.settings_safeLinksCheckbox,
true, { label: {class: 'noTitle'} })); false, { label: {class: 'noTitle'} }));
var spinner = UI.makeSpinner($cbox); var spinner = UI.makeSpinner($cbox);
// Checkbox: "Enable safe links"
var $checkbox = $cbox.find('input').on('change', function () { var $checkbox = $cbox.find('input').on('change', function () {
spinner.spin(); spinner.spin();
var val = !$checkbox.is(':checked'); var val = !$checkbox.is(':checked');
@ -587,7 +588,7 @@ define([
common.getAttribute(['security', 'unsafeLinks'], function (e, val) { common.getAttribute(['security', 'unsafeLinks'], function (e, val) {
if (e) { return void console.error(e); } if (e) { return void console.error(e); }
if (!val) { if (val === false) {
$checkbox.attr('checked', 'checked'); $checkbox.attr('checked', 'checked');
} }
}); });