rejetto forum
Software => HFS ~ HTTP File Server => Programmers corner => Topic started by: Mars on December 18, 2010, 08:21:53 PM
-
Already indicated
procedure handleItem(f:Tfile); //main.pas
var
type_, s, url, fingerprint, itemFolder: string;
nonPerc: TStringDynArray;
begin
//We have to make an exception with virtual links
if not f.isLink and ansiContainsStr(f.resource, '?') then exit; // unicode filename?
if f.size > 0 then inc(totalBytes, f.size);
New: The rerouting login is wrong when the destination does not exist,It was necessary to me to erase cookies concerning HFS under firefox to obtain the web page because hfs jammed because of it.
function getAccountRedirect():string; //main.pas
var
acc: Paccount;
begin
result:='';
acc:=accountRecursion(data.account, ARSC_REDIR);
if acc = NIL then exit;
result:=acc.redir;
if (result = '') or ansiContainsStr(result, '://') then exit;
// if it's not a complete url, it may require some fixing
if not ansiStartsStr('/', result) then result:='/'+result;
result:=xtpl(result,['\','/']);
//add by mars 18/12/2010
if fileExistsByURL(result) then exit;
add2log('Error on redirect with account '+acc.user+crlf+'The path is invalid :'+ result);
result:='';
end; // getAccountRedirect
this can help the admin to detect bad redirect path under accounts dialogbox
procedure ToptionsFrm.loadAccountProperties(); //optionsdlg.pas
....
redirBox.Text:=a.redir;
notesBox.text:=a.notes;
//add by mars 18/12/20010
redirBox.color:=clWindow;
if (a.redir>'') and not fileExistsByURL(a.redir) then redirBox.color:=clRed;
groupsBtn.enabled:=FALSE;
for i:=0 to length(tempAccounts)-1 do
if tempAccounts.group and (i <> accountsBox.itemIndex) then
groupsBtn.enabled:=TRUE;
updateAccessBox();
accountsBox.invalidate();
end; // loadAccountProperties
procedure ToptionsFrm.applyBtnClick(Sender: TObject);
begin
saveValues();
// this is necessary to refresh the account box when we click on the apply button
selectAccount(accountsBox.itemIndex); //add by mars 18/12/2010
end;
-
New: The rerouting login is wrong when the destination does not exist,It was necessary to me to erase cookies concerning HFS under firefox to obtain the web page because hfs jammed because of it.
i just tried specifying a non-existent path.
at login i just got a "not found" message, then clicked on the link to go to the root.
no jamming, no need to erase cookies.
can you please give us some details on the problem you faced, how to reproduce it?
this can help the admin to detect bad redirect path under accounts dialogbox
i like it!
-
can you please give us some details on the problem you faced, how to reproduce it?
A simple example
the root not authorized on access for the person is protected by a compulsory login,.
With the request of login, if the redirect is defective (case of nonexistent directory), we are redirected or towards the not found or towards the new identification.
the only solution to go out of this buckle is to close the sailor browser.
It is not easy to manage to make well understand the principle, but in the long run that can be irritating as situation this 'not found', that is why I recommend the solution of the function getAccountRedirect()
Bad redirect == NO redirect
;)
-
Hi! :)
I added some elements at the code of Mars (in brown color).
If you find these changes useful ... do not forget to activate the "Hint" for the "redirBox" and "accountLinkBox". ;)
procedure ToptionsFrm.loadAccountProperties(); //optionsdlg.pas
var
a: Paccount;
b, bakWrap, existRedir: boolean;
i: integer;
....
redirBox.Text:=a.redir;
existRedir:=fileExistsByURL(a.redir);
redirBox.Hint:='';
redirBox.color:=clWindow; //add by mars 18/12/20010
redirBox.font.color:=clWindowText;
accountLinkBox.hint:='';
notesBox.text:=a.notes;
if (a.redir>'') and not existRedir then redirBox.color:=clRed; //add by mars 18/12/20010
if (a.redir>'') and not existRedir then redirBox.font.color:=clWhite;
if (a.redir>'') and existRedir then
redirBox.Hint:='Redirect URL for "'+a.user+'": '+#13+' '+a.redir;
if (a.redir>'') and not existRedir then
redirBox.Hint:='INVALID redirect URL for "'+a.user+'": '+#13+' '+a.redir+#13'Please correct this error.';
if (accountLinkBox.text>'') then
accountLinkBox.hint:='"'+a.user+'"'+' is member of this(these) group(s): '+#13+' '+join(#13+' ',a.link);
groupsBtn.enabled:=FALSE;
for i:=0 to length(tempAccounts)-1 do
if tempAccounts.group and (i <> accountsBox.itemIndex) then
groupsBtn.enabled:=TRUE;
updateAccessBox();
accountsBox.invalidate();
end; // loadAccountProperties
procedure ToptionsFrm.applyBtnClick(Sender: TObject);
begin
saveValues();
// this is necessary to refresh the account box when we click on the apply button
selectAccount(accountsBox.itemIndex); //add by mars 18/12/2010
end;
-
@rejetto about this topic (http://www.rejetto.com/forum/index.php/topic,9357.msg1053038.html#msg1053038)
At first, I thought of using the code dyndns.host:=trim(dyndns.host);
but later wall up reflection the solution for the user is the following one:
each space is replaced by %20, So the has the choice to correct the domain as he thinks best ;)
function dynDNSinputHost():boolean;
begin
result:=FALSE;
while true do
begin
if not inputQuery('Enter host', 'Enter domain (full form!)', dyndns.host)
or (dyndns.host = '') then exit;
dyndns.host:=hslib.encodeURL(dyndns.host, False, True, False); //add by mars
if pos('://', dyndns.host) > 0 then
chop('://', dyndns.host);
if pos('.', dyndns.host) > 0 then
begin
result:=TRUE;
exit;
end;
msgDlg('Please, enter it in the FULL form, with dots', MB_ICONERROR);
end;
end; // dynDNSinputHost
-
jquery must be moved.
It's a Web resource in free access, but if it is necessary to use the internal resource, it can be blocked(surrounded) by a bad identification.
runEventScript('request');
if data.disconnectReason > '' then
begin
getPage('deny', data);
exit;
end;
if conn.reply.mode = HRM_REDIRECT then
exit;
if data.urlvars.values['mode'] = 'jquery' then
begin
replyWithString(getRes('jquery'));
conn.reply.contentType:='text/javascript';
exit;
end;
// forbid using invalid credentials
if not freeLoginChk.checked and not specialGrant then
if assigned(data.account) and (data.account.pwd <> data.pwd)
or (data.account = NIL) and (data.usr > '') and not usersInVFS.match(data.usr, data.pwd) then
begin
runEventScript('unauthorized');
getPage('unauthorized', data);
conn.reply.realm:='Invalid login';
exit;
end;
if ansiStartsStr('/~img', url) then
begin
if not sendPic(data) then
getPage('not found', data);
exit;
end;
if data.urlvars.values['mode'] = 'jquery' then
begin
replyWithString(getRes('jquery'));
conn.reply.contentType:='text/javascript';
exit;
end;
f:=findFileByURL(url);
-
each space is replaced by %20, So the has the choice to correct the domain as he thinks best ;)
domains cannot have spaces, so it's pointless. If you really care, you should replace spaces with nothing. I used trim just because i guess it's enough for users' needs.
-
jquery must be moved.
It is a Web resource in free access, but if it is necessary to use the internal resource, she can be blocked(surrounded) by a bad identification
does this happen when a template uses jquery in error pages?
if yes i will change it.
-
can a template uses jquery in error pages?
It is the possibility which is not to be neglected, thus for me it justifies the movement ;)
-
in such case we must move also the pics