NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-19 09:45:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'secops/pre-beta-security-fixes' into 'dev'

Browse Source 
Pass 2 sec advisory fixes

See merge request crafty-controller/crafty-4!294
This commit is contained in:
Iain Powrie 2022-06-03 20:10:17 +00:00
commit ebf00a1900
7 changed files with 50 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/classes/shared/helpers.py
View File

@ -440,9 +440,7 @@ class Helpers:
full_root_path = temp_dir full_root_path = temp_dir
for item in os.listdir(full_root_path): for item in os.listdir(full_root_path):
print(item)
if os.path.isdir(os.path.join(full_root_path, item)): if os.path.isdir(os.path.join(full_root_path, item)):
print("dir")
try: try:
FileHelpers.move_dir( FileHelpers.move_dir(
os.path.join(full_root_path, item), os.path.join(full_root_path, item),
@ -459,7 +457,7 @@ class Helpers:
except Exception as ex: except Exception as ex:
logger.error(f"ERROR IN ZIP IMPORT: {ex}") logger.error(f"ERROR IN ZIP IMPORT: {ex}")
except Exception as ex: except Exception as ex:
print(ex) Console.error(ex)
else: else:
return "false" return "false"
return return

1
app/classes/shared/server.py
View File

@ -1115,6 +1115,7 @@ class ServerInstance:
+ ". Check log file for details.", + ". Check log file for details.",
) )
logger.error("Executable download failed.") logger.error("Executable download failed.")
self.stats_helper.set_update(False)
# ********************************************************************************** # **********************************************************************************
# Minecraft Servers Statistics # Minecraft Servers Statistics

2
app/classes/web/file_handler.py
View File

@ -223,6 +223,8 @@ class FileHandler(BaseHandler):
self.redirect("/panel/error?error=Unauthorized access to Files") self.redirect("/panel/error?error=Unauthorized access to Files")
return return
path = Helpers.get_os_understandable_path(self.get_argument("path", None)) path = Helpers.get_os_understandable_path(self.get_argument("path", None))
if Helpers.is_os_windows():
path = Helpers.wtol_path(path)
Helpers.unzip_file(path) Helpers.unzip_file(path)
self.redirect(f"/panel/server_detail?id={server_id}&subpage=files") self.redirect(f"/panel/server_detail?id={server_id}&subpage=files")
return return

12
app/frontend/templates/panel/dashboard.html
View File

@ -601,17 +601,19 @@
server_players.setAttribute('data-players', server.online); server_players.setAttribute('data-players', server.online);
server_players.setAttribute('data-max', server.max); server_players.setAttribute('data-max', server.max);
let servers = document.getElementsByClassName("server-player-totals"); let servers = Array.from(document.getElementsByClassName("server-player-totals"));
let all_total_players = 0; let all_total_players = 0;
let all_total_max_players = 0; let all_total_max_players = 0;
for (let i = 0; i < servers.length; i++) {
servers.forEach(server => {
try { try {
all_total_players += parseInt(servers[i].getAttribute('data-players')); all_total_players += parseInt(server.getAttribute('data-players'));
all_total_max_players += parseInt(servers[i].getAttribute('data-max')); all_total_max_players += parseInt(server.getAttribute('data-max'));
} catch { } catch {
console.log("Player totals are not of type int"); console.log("Player totals are not of type int");
} }
} })
total_players.innerHTML = all_total_players; total_players.innerHTML = all_total_players;
document.getElementById('max_players').innerHTML = all_total_max_players; document.getElementById('max_players').innerHTML = all_total_max_players;
document.getElementById('sync').innerHTML = ''; document.getElementById('sync').innerHTML = '';

61
app/frontend/templates/panel/server_files.html
View File

@ -450,9 +450,7 @@
var ctxmenuName = e.target.getAttribute('data-name'); var ctxmenuName = e.target.getAttribute('data-name');
document.getElementById('context-title').innerHTML = ctxmenuName; document.getElementById('context-title').innerHTML = ctxmenuName;
console.log(ctxmenuName);
if (!ctxmenuPath) { if (!ctxmenuPath) {
console.log({ 'event.target': e.target, ctxmenuPath });
return; return;
} }
$('#renameItem').show(); $('#renameItem').show();
@ -466,7 +464,6 @@
var isFile = e.target.classList.contains('tree-file'); var isFile = e.target.classList.contains('tree-file');
$('#deleteFile').toggle(isFile); $('#deleteFile').toggle(isFile);
$('#downloadFile').toggle(isFile); $('#downloadFile').toggle(isFile);
console.log({ 'event.target': e.target, isDir, isFile });
if (e.target.classList.contains('root-dir')) { if (e.target.classList.contains('root-dir')) {
$('#createFile').show(); $('#createFile').show();
@ -479,7 +476,6 @@
} }
if (e.target.textContent.endsWith('.zip')) { if (e.target.textContent.endsWith('.zip')) {
$('#unzip').show(); $('#unzip').show();
console.log(e.target.textContent)
} else { } else {
$('#unzip').hide(); $('#unzip').hide();
} }
@ -502,7 +498,6 @@
} }
document.getElementById("files-tree-nav").style.top = clientY + 'px'; document.getElementById("files-tree-nav").style.top = clientY + 'px';
document.getElementById("files-tree-nav").style.left = clientX + 'px'; document.getElementById("files-tree-nav").style.left = clientX + 'px';
console.log(window.innerHeight)
timer = null; timer = null;
}; };
} }
@ -585,7 +580,6 @@
console.log("got response:"); console.log("got response:");
document.getElementById("save_status").innerHTML = '<i class="fal fa-file-check"></i>'; document.getElementById("save_status").innerHTML = '<i class="fal fa-file-check"></i>';
document.getElementById('save_status').style.color = '#2fb689'; document.getElementById('save_status').style.color = '#2fb689';
console.log(data);
}, },
}); });
} }
@ -602,7 +596,6 @@
}, },
success: function (data) { success: function (data) {
console.log("got response:"); console.log("got response:");
console.log(data);
callback(); callback();
}, },
}); });
@ -620,7 +613,6 @@
}, },
success: function (data) { success: function (data) {
console.log("got response:"); console.log("got response:");
console.log(data);
callback(); callback();
}, },
}); });
@ -638,7 +630,6 @@
}, },
success: function (data) { success: function (data) {
console.log("got response:"); console.log("got response:");
console.log(data);
callback(); callback();
}, },
}); });
@ -656,7 +647,6 @@
}, },
success: function (data) { success: function (data) {
console.log("got response:"); console.log("got response:");
console.log(data);
callback(); callback();
}, },
}); });
@ -673,13 +663,13 @@
}, },
success: function (data) { success: function (data) {
console.log("got response:"); console.log("got response:");
console.log(data);
callback(); callback();
}, },
}); });
} }
function unZip(path, callback) { function unZip(path, callback) {
console.log('path: ', path)
var token = getCookie("_xsrf") var token = getCookie("_xsrf")
$.ajax({ $.ajax({
type: "POST", type: "POST",
@ -731,7 +721,6 @@
function uploadFilesE(event) { function uploadFilesE(event) {
path = event.target.parentElement.getAttribute('data-path'); path = event.target.parentElement.getAttribute('data-path');
console.log("PATH: " + path);
$(function () { $(function () {
var uploadHtml = "<div>" + var uploadHtml = "<div>" +
'<form id="upload_file" enctype="multipart/form-data">' + "<label class='upload-area' style='width:100%;text-align:center;' for='files'>" + '<form id="upload_file" enctype="multipart/form-data">' + "<label class='upload-area' style='width:100%;text-align:center;' for='files'>" +
@ -765,14 +754,15 @@
message: waitMessage, message: waitMessage,
closeButton: false closeButton: false
}); });
let nFiles = files.files.length; let nFiles = files.files.length;
for (i = 0; i < files.files.length; i++) { for (i = 0; i < nFiles; i++) {
if (!doUpload) { if (!doUpload) {
doUpload = true; doUpload = true;
hideUploadBox(); hideUploadBox();
break; break;
} }
console.log(files.files[i].name);
const progressHtml = ` const progressHtml = `
<div style="width: 100%; min-width: 100%;"> <div style="width: 100%; min-width: 100%;">
${files.files[i].name}: ${files.files[i].name}:
@ -788,8 +778,8 @@
</div><br> </div><br>
`; `;
$('#upload-progress-bar-parent').append(progressHtml); $('#upload-progress-bar-parent').append(progressHtml);
console.log(files.files.length)
sendFile(files.files[i], path, serverId, files.files.length - i - 1, (progress) => { sendFile(files.files[i], path, serverId, nFiles - i - 1, (progress) => {
$(`#upload-progress-bar-${i + 1}`).attr('aria-valuenow', progress) $(`#upload-progress-bar-${i + 1}`).attr('aria-valuenow', progress)
$(`#upload-progress-bar-${i + 1}`).css('width', progress + '%') $(`#upload-progress-bar-${i + 1}`).css('width', progress + '%')
}); });
@ -804,16 +794,17 @@
var fileList = document.getElementById("files"); var fileList = document.getElementById("files");
fileList.addEventListener("change", function (e) { fileList.addEventListener("change", function (e) {
var list = ""; var list = "";
for (var i = 0; i < this.files.length; i++) { let files = Array.from(this.files)
list += "<li class='col-xs-12 file-list'>" + this.files[i].name + "</li>" files.forEach(file => {
} list += "<li class='col-xs-12 file-list'>" + file.name + "</li>"
})
document.getElementById("fileList").innerHTML = list; document.getElementById("fileList").innerHTML = list;
}, false); }, false);
}); });
} }
function getTreeView(event) {
function getTreeView(event) {
const path = $('#root_dir').data('path');; const path = $('#root_dir').data('path');;
$.ajax({ $.ajax({
@ -822,7 +813,6 @@
dataType: 'text', dataType: 'text',
success: function (data) { success: function (data) {
console.log("got response:"); console.log("got response:");
console.log(data);
dataArr = data.split('\n'); dataArr = data.split('\n');
serverDir = dataArr.shift(); // Remove & return first element (server directory) serverDir = dataArr.shift(); // Remove & return first element (server directory)
@ -899,10 +889,9 @@
} }
function setTreeViewContext() { function setTreeViewContext() {
var treeItems = document.getElementsByClassName('tree-ctx-item'); var treeItems = Array.from(document.getElementsByClassName('tree-ctx-item'));
for (var i = 0; i < treeItems.length; i++) { treeItems.forEach(item => {
var treeItem = treeItems[i];
if ([ if ([
'iPad Simulator', 'iPad Simulator',
'iPhone Simulator', 'iPhone Simulator',
@ -913,10 +902,10 @@
].includes(navigator.platform) ].includes(navigator.platform)
// iPad on iOS 13 detection // iPad on iOS 13 detection
|| (navigator.userAgent.includes("Mac") && "ontouchend" in document)) { || (navigator.userAgent.includes("Mac") && "ontouchend" in document)) {
treeItem.addEventListener("touchstart", touchstart, false); item.addEventListener("touchstart", touchstart, false);
treeItem.addEventListener("touchend", touchend, false); item.addEventListener("touchend", touchend, false);
} }
treeItem.addEventListener('contextmenu', function contextListener(event) { item.addEventListener('contextmenu', function contextListener(event) {
event.preventDefault(); event.preventDefault();
var ctxmenuPath = event.target.getAttribute('data-path'); var ctxmenuPath = event.target.getAttribute('data-path');
var ctxmenuName = event.target.getAttribute('data-name'); var ctxmenuName = event.target.getAttribute('data-name');
@ -933,12 +922,10 @@
$('#upload').toggle(isDir); $('#upload').toggle(isDir);
document.getElementById('context-title').innerHTML = ctxmenuName; document.getElementById('context-title').innerHTML = ctxmenuName;
console.log(ctxmenuName);
var isFile = event.target.classList.contains('tree-file'); var isFile = event.target.classList.contains('tree-file');
$('#deleteFile').toggle(isFile); $('#deleteFile').toggle(isFile);
$('#downloadFile').toggle(isFile); $('#downloadFile').toggle(isFile);
console.log({ 'event.target': event.target, isDir, isFile });
if (event.target.classList.contains('root-dir')) { if (event.target.classList.contains('root-dir')) {
$('#createFile').show(); $('#createFile').show();
@ -951,7 +938,6 @@
} }
if (event.target.textContent.endsWith('.zip')) { if (event.target.textContent.endsWith('.zip')) {
$('#unzip').show(); $('#unzip').show();
console.log(event.target.textContent)
} else { } else {
$('#unzip').hide(); $('#unzip').hide();
} }
@ -959,8 +945,6 @@
var clientX = event.clientX; var clientX = event.clientX;
var clientY = event.clientY; var clientY = event.clientY;
document.getElementById('files-tree-nav-content') document.getElementById('files-tree-nav-content')
.setAttribute('data-path', ctxmenuPath); .setAttribute('data-path', ctxmenuPath);
document.getElementById('files-tree-nav-content') document.getElementById('files-tree-nav-content')
@ -974,10 +958,8 @@
} }
document.getElementById("files-tree-nav").style.top = clientY + 'px'; document.getElementById("files-tree-nav").style.top = clientY + 'px';
document.getElementById("files-tree-nav").style.left = clientX + 'px'; document.getElementById("files-tree-nav").style.left = clientX + 'px';
console.log(domRect)
console.log(window.innerHeight)
}) })
} })
} }
document.addEventListener('click', function (e) { document.addEventListener('click', function (e) {
@ -1049,6 +1031,7 @@
} }
function unzipFilesE(event) { function unzipFilesE(event) {
path = event.target.parentElement.getAttribute('data-path'); path = event.target.parentElement.getAttribute('data-path');
console.log(path)
unZip(path) unZip(path)
} }
@ -1117,10 +1100,10 @@
editor.setKeyboardHandler(handlerName); editor.setKeyboardHandler(handlerName);
var nodes = target.parentNode.querySelectorAll("[data-handler-name]"); var nodes = target.parentNode.querySelectorAll("[data-handler-name]");
for (var i = 0; i < nodes.length; i++) { nodes.forEach(node => {
nodes[i].classList.remove('btn-primary'); node.classList.remove('btn-primary');
nodes[i].classList.add('btn-secondary'); node.classList.add('btn-secondary');
} })
target.classList.remove('btn-secondary'); target.classList.remove('btn-secondary');
target.classList.add('btn-primary'); target.classList.add('btn-primary');

29
app/frontend/templates/server/bedrock_wizard.html
View File

@ -133,7 +133,7 @@
<button class="btn btn-primary mr-2" id="root_files_button" type="button">{{ translate('serverWizard', 'clickRoot', data['lang']) }}</button> <button class="btn btn-primary mr-2" id="root_files_button" type="button">{{ translate('serverWizard', 'clickRoot', data['lang']) }}</button>
</div> </div>
</div> </div>
<div class="col-sm-12"> <div class="col-sm-12">
<div class="form-group"> <div class="form-group">
@ -367,7 +367,7 @@ function hide(event) {
}catch{ }catch{
document.getElementById('files-tree').innerHTML = text; document.getElementById('files-tree').innerHTML = text;
} }
document.getElementsByClassName('files-tree-title')[0].setAttribute('data-path', serverDir); document.getElementsByClassName('files-tree-title')[0].setAttribute('data-path', serverDir);
document.getElementsByClassName('files-tree-title')[0].setAttribute('data-name', 'Files'); document.getElementsByClassName('files-tree-title')[0].setAttribute('data-name', 'Files');
@ -382,7 +382,7 @@ function hide(event) {
document.getElementById(path+"span").classList.toggle("tree-caret-down"); document.getElementById(path+"span").classList.toggle("tree-caret-down");
document.getElementById(path+"span").classList.toggle("tree-caret"); document.getElementById(path+"span").classList.toggle("tree-caret");
} }
function getDirView(event) { function getDirView(event) {
path = event.target.parentElement.getAttribute('data-path'); path = event.target.parentElement.getAttribute('data-path');
@ -417,7 +417,7 @@ function hide(event) {
} }
var toggler = document.getElementById(path); var toggler = document.getElementById(path);
if (toggler.classList.contains('files-tree-title')){ if (toggler.classList.contains('files-tree-title')){
document.getElementById(path+"span").addEventListener("click", function caretListener() { document.getElementById(path+"span").addEventListener("click", function caretListener() {
document.getElementById(path+"ul").classList.toggle("d-block"); document.getElementById(path+"ul").classList.toggle("d-block");
@ -442,27 +442,10 @@ function hide(event) {
document.getElementById('main-tree-input').setAttribute('value', data.path) document.getElementById('main-tree-input').setAttribute('value', data.path)
getTreeView(data.path); getTreeView(data.path);
show_file_tree(); show_file_tree();
}, 5000); }, 5000);
}); });
} }
</script> </script>
<script type="text/javascript"> {% end %}
//<![CDATA[
// array of possible countries in the same order as they appear in the country selection list
function decodeHtmlCharCodes(str) {
return str.replace("&quot;", "\"");
}
function convertHtmlJsonToJavacriptArray(str) {
var result = []
str = decodeHtmlCharCodes(str)
for(var i in str)
result.push([i, str [i]]);
return result
}
//]]>
</script>
{% end %}

36
app/frontend/templates/server/wizard.html
View File

@ -522,13 +522,16 @@
event.target.parentElement.children[1].classList.remove("d-none"); event.target.parentElement.children[1].classList.remove("d-none");
document.getElementById("overlay").classList.remove("d-none"); document.getElementById("overlay").classList.remove("d-none");
} }
function hide(event) { function hide(event) {
var items = document.getElementsByClassName('menu'); var items = document.getElementsByClassName('menu');
for (let i = 0; i < items.length; i++) { items.forEach(item => {
items[i].classList.add("d-none"); item.classList.add("d-none");
} })
document.getElementById("overlay").classList.add("d-none"); document.getElementById("overlay").classList.add("d-none");
} }
$(document).ready(function () { $(document).ready(function () {
console.log('ready'); console.log('ready');
var forms = $('form.server-wizard'); var forms = $('form.server-wizard');
@ -672,24 +675,8 @@
</script> </script>
<script type="text/javascript"> <script type="text/javascript">
//<![CDATA[
// array of possible countries in the same order as they appear in the country selection list
function decodeHtmlCharCodes(str) {
return str.replace("&quot;", "\"");
}
function convertHtmlJsonToJavacriptArray(str) {
var result = []
str = decodeHtmlCharCodes(str)
for (var i in str)
result.push([i, str[i]]);
return result
}
var text = '{% raw data["js_server_types"] %}'; var text = '{% raw data["js_server_types"] %}';
var serverTypesLists = JSON.parse(text); var serverTypesLists = JSON.parse(text);
//convertHtmlJsonToJavacriptArray('{{ data["js_server_types"] }}')
/* CountryChange() is called from the onchange event of a select element. /* CountryChange() is called from the onchange event of a select element.
* param selectObj - the select object which fired the on change event. * param selectObj - the select object which fired the on change event.
*/ */
@ -709,10 +696,10 @@
} }
var newOption; var newOption;
// create new options ordered by ascending // create new options ordered by ascending
for (var i = 0; i < (cList.length); i++) { cList.forEach(type => {
newOption = document.createElement("option"); newOption = document.createElement("option");
newOption.value = which + "|" + cList[i]; // assumes option string and value are the same newOption.value = which + "|" + type; // assumes option string and value are the same
newOption.text = cList[i]; newOption.text = type;
// add the new option // add the new option
try { try {
cSelect.add(newOption); // this will fail in DOM browsers but is needed for IE cSelect.add(newOption); // this will fail in DOM browsers but is needed for IE
@ -720,8 +707,7 @@
catch (e) { catch (e) {
cSelect.appendChild(newOption); cSelect.appendChild(newOption);
} }
} })
} }
//]]>
</script> </script>
{% end %} {% end %}