[http deprecation] enforce HTTPS for externalcss URLs

This commit is contained in:
Calvin Montgomery 2016-12-10 23:23:57 -08:00
parent e8d39850c5
commit 453ed607ba
5 changed files with 125 additions and 50 deletions

View File

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.24.3", "version": "3.25.0",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

View File

@ -3,6 +3,10 @@ var Config = require("../config");
var Utilities = require("../utilities"); var Utilities = require("../utilities");
var url = require("url"); var url = require("url");
function realTypeOf(thing) {
return thing === null ? 'null' : typeof thing;
}
function OptionsModule(channel) { function OptionsModule(channel) {
ChannelModule.apply(this, arguments); ChannelModule.apply(this, arguments);
this.opts = { this.opts = {
@ -100,8 +104,11 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
return; return;
} }
var sendUpdate = false;
if ("allow_voteskip" in data) { if ("allow_voteskip" in data) {
this.opts.allow_voteskip = Boolean(data.allow_voteskip); this.opts.allow_voteskip = Boolean(data.allow_voteskip);
sendUpdate = true;
} }
if ("voteskip_ratio" in data) { if ("voteskip_ratio" in data) {
@ -110,6 +117,7 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
ratio = 0; ratio = 0;
} }
this.opts.voteskip_ratio = ratio; this.opts.voteskip_ratio = ratio;
sendUpdate = true;
} }
if ("afk_timeout" in data) { if ("afk_timeout" in data) {
@ -125,12 +133,14 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
u.autoAFK(); u.autoAFK();
}); });
} }
sendUpdate = true;
} }
if ("pagetitle" in data && user.account.effectiveRank >= 3) { if ("pagetitle" in data && user.account.effectiveRank >= 3) {
var title = (""+data.pagetitle).substring(0, 100); var title = (""+data.pagetitle).substring(0, 100);
if (!title.trim().match(Config.get("reserved-names.pagetitles"))) { if (!title.trim().match(Config.get("reserved-names.pagetitles"))) {
this.opts.pagetitle = (""+data.pagetitle).substring(0, 100); this.opts.pagetitle = (""+data.pagetitle).substring(0, 100);
sendUpdate = true;
} else { } else {
user.socket.emit("errorMsg", { user.socket.emit("errorMsg", {
msg: "That pagetitle is reserved", msg: "That pagetitle is reserved",
@ -151,31 +161,42 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
ml = 0; ml = 0;
} }
this.opts.maxlength = ml; this.opts.maxlength = ml;
sendUpdate = true;
} }
if ("externalcss" in data && user.account.effectiveRank >= 3) { if ("externalcss" in data && user.account.effectiveRank >= 3) {
var link = (""+data.externalcss).substring(0, 255); var prefix = "Invalid URL for external CSS: ";
if (typeof data.externalcss !== "string") {
user.socket.emit("validationError", {
target: "#cs-externalcss",
message: prefix + "URL must be a string, not "
+ realTypeOf(data.externalcss)
});
}
var link = data.externalcss.substring(0, 255).trim();
if (!link) { if (!link) {
this.opts.externalcss = ""; this.opts.externalcss = "";
sendUpdate = true;
} else { } else {
try { var data = url.parse(link);
var data = url.parse(link); if (!data.protocol || data.protocol !== 'https:') {
if (!data.protocol || !data.protocol.match(/^(https?|ftp):/)) { user.socket.emit("validationError", {
throw "Unacceptable protocol " + data.protocol; target: "#cs-externalcss",
} else if (!data.host) { message: prefix + " URL must begin with 'https://'"
throw "URL is missing host";
} else {
link = data.href;
}
} catch (e) {
user.socket.emit("errorMsg", {
msg: "Invalid URL for external CSS: " + e,
alert: true
}); });
return; } else if (!data.host) {
user.socket.emit("validationError", {
target: "#cs-externalcss",
message: prefix + "missing hostname"
});
} else {
user.socket.emit("validationPassed", {
target: "#cs-externalcss"
});
this.opts.externalcss = data.href;
sendUpdate = true;
} }
this.opts.externalcss = link;
} }
} }
@ -183,6 +204,7 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
var link = (""+data.externaljs).substring(0, 255); var link = (""+data.externaljs).substring(0, 255);
if (!link) { if (!link) {
this.opts.externaljs = ""; this.opts.externaljs = "";
sendUpdate = true;
} else { } else {
try { try {
@ -203,11 +225,13 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
} }
this.opts.externaljs = link; this.opts.externaljs = link;
sendUpdate = true;
} }
} }
if ("chat_antiflood" in data) { if ("chat_antiflood" in data) {
this.opts.chat_antiflood = Boolean(data.chat_antiflood); this.opts.chat_antiflood = Boolean(data.chat_antiflood);
sendUpdate = true;
} }
if ("chat_antiflood_params" in data) { if ("chat_antiflood_params" in data) {
@ -238,38 +262,46 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
sustained: s, sustained: s,
cooldown: c cooldown: c
}; };
sendUpdate = true;
} }
if ("show_public" in data && user.account.effectiveRank >= 3) { if ("show_public" in data && user.account.effectiveRank >= 3) {
this.opts.show_public = Boolean(data.show_public); this.opts.show_public = Boolean(data.show_public);
sendUpdate = true;
} }
if ("enable_link_regex" in data) { if ("enable_link_regex" in data) {
this.opts.enable_link_regex = Boolean(data.enable_link_regex); this.opts.enable_link_regex = Boolean(data.enable_link_regex);
sendUpdate = true;
} }
if ("password" in data && user.account.effectiveRank >= 3) { if ("password" in data && user.account.effectiveRank >= 3) {
var pw = data.password + ""; var pw = data.password + "";
pw = pw === "" ? false : pw.substring(0, 100); pw = pw === "" ? false : pw.substring(0, 100);
this.opts.password = pw; this.opts.password = pw;
sendUpdate = true;
} }
if ("allow_dupes" in data) { if ("allow_dupes" in data) {
this.opts.allow_dupes = Boolean(data.allow_dupes); this.opts.allow_dupes = Boolean(data.allow_dupes);
sendUpdate = true;
} }
if ("torbanned" in data && user.account.effectiveRank >= 3) { if ("torbanned" in data && user.account.effectiveRank >= 3) {
this.opts.torbanned = Boolean(data.torbanned); this.opts.torbanned = Boolean(data.torbanned);
sendUpdate = true;
} }
if ("allow_ascii_control" in data && user.account.effectiveRank >= 3) { if ("allow_ascii_control" in data && user.account.effectiveRank >= 3) {
this.opts.allow_ascii_control = Boolean(data.allow_ascii_control); this.opts.allow_ascii_control = Boolean(data.allow_ascii_control);
sendUpdate = true;
} }
if ("playlist_max_per_user" in data && user.account.effectiveRank >= 3) { if ("playlist_max_per_user" in data && user.account.effectiveRank >= 3) {
var max = parseInt(data.playlist_max_per_user); var max = parseInt(data.playlist_max_per_user);
if (!isNaN(max) && max >= 0) { if (!isNaN(max) && max >= 0) {
this.opts.playlist_max_per_user = max; this.opts.playlist_max_per_user = max;
sendUpdate = true;
} }
} }
@ -277,6 +309,7 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
var delay = data.new_user_chat_delay; var delay = data.new_user_chat_delay;
if (!isNaN(delay) && delay >= 0) { if (!isNaN(delay) && delay >= 0) {
this.opts.new_user_chat_delay = delay; this.opts.new_user_chat_delay = delay;
sendUpdate = true;
} }
} }
@ -284,11 +317,14 @@ OptionsModule.prototype.handleSetOptions = function (user, data) {
var delay = data.new_user_chat_link_delay; var delay = data.new_user_chat_link_delay;
if (!isNaN(delay) && delay >= 0) { if (!isNaN(delay) && delay >= 0) {
this.opts.new_user_chat_link_delay = delay; this.opts.new_user_chat_link_delay = delay;
sendUpdate = true;
} }
} }
this.channel.logger.log("[mod] " + user.getName() + " updated channel options"); this.channel.logger.log("[mod] " + user.getName() + " updated channel options");
this.sendOpts(this.channel.users); if (sendUpdate) {
this.sendOpts(this.channel.users);
}
}; };
module.exports = OptionsModule; module.exports = OptionsModule;

View File

@ -49,7 +49,6 @@ Callbacks = {
}, },
costanza: function (data) { costanza: function (data) {
hidePlayer();
$("#costanza-modal").modal("hide"); $("#costanza-modal").modal("hide");
var modal = makeModal(); var modal = makeModal();
modal.attr("id", "costanza-modal") modal.attr("id", "costanza-modal")
@ -61,7 +60,6 @@ Callbacks = {
.appendTo(body); .appendTo(body);
$("<strong/>").text(data.msg).appendTo(body); $("<strong/>").text(data.msg).appendTo(body);
hidePlayer();
modal.modal(); modal.modal();
}, },
@ -1052,6 +1050,38 @@ Callbacks = {
HAS_CONNECTED_BEFORE = false; HAS_CONNECTED_BEFORE = false;
ioServerConnect(socketConfig); ioServerConnect(socketConfig);
setupCallbacks(); setupCallbacks();
},
validationError: function (error) {
var target = $(error.target);
target.parent().find(".text-danger").remove();
var formGroup = target.parent();
while (!formGroup.hasClass("form-group") && formGroup.length > 0) {
formGroup = formGroup.parent();
}
if (formGroup.length > 0) {
formGroup.addClass("has-error");
}
$("<p/>").addClass("text-danger")
.text(error.message)
.insertAfter(target);
},
validationPassed: function (data) {
var target = $(data.target);
target.parent().find(".text-danger").remove();
var formGroup = target.parent();
while (!formGroup.hasClass("form-group") && formGroup.length > 0) {
formGroup = formGroup.parent();
}
if (formGroup.length > 0) {
formGroup.removeClass("has-error");
}
} }
} }

View File

@ -488,7 +488,6 @@ $("#voteskip").click(function() {
$("#getplaylist").click(function() { $("#getplaylist").click(function() {
var callback = function(data) { var callback = function(data) {
hidePlayer();
var idx = socket.listeners("errorMsg").indexOf(errCallback); var idx = socket.listeners("errorMsg").indexOf(errCallback);
if (idx >= 0) { if (idx >= 0) {
socket.listeners("errorMsg").splice(idx); socket.listeners("errorMsg").splice(idx);
@ -523,7 +522,6 @@ $("#getplaylist").click(function() {
$("<div/>").addClass("modal-footer").appendTo(modal); $("<div/>").addClass("modal-footer").appendTo(modal);
outer.on("hidden.bs.modal", function() { outer.on("hidden.bs.modal", function() {
outer.remove(); outer.remove();
unhidePlayer();
}); });
outer.modal(); outer.modal();
}; };
@ -862,7 +860,6 @@ applyOpts();
})(); })();
var EMOTELISTMODAL = $("#emotelist"); var EMOTELISTMODAL = $("#emotelist");
EMOTELISTMODAL.on("hidden.bs.modal", unhidePlayer);
$("#emotelistbtn").click(function () { $("#emotelistbtn").click(function () {
EMOTELISTMODAL.modal(); EMOTELISTMODAL.modal();
}); });

View File

@ -616,11 +616,6 @@ function rebuildPlaylist() {
/* user settings menu */ /* user settings menu */
function showUserOptions() { function showUserOptions() {
hidePlayer();
$("#useroptions").on("hidden.bs.modal", function () {
unhidePlayer();
});
if (CLIENT.rank < 2) { if (CLIENT.rank < 2) {
$("a[href='#us-mod']").parent().hide(); $("a[href='#us-mod']").parent().hide();
} else { } else {
@ -2046,21 +2041,6 @@ function waitUntilDefined(obj, key, fn) {
fn(); fn();
} }
function hidePlayer() {
/* 2015-09-16
* Originally used to hide the player while a modal was open because of
* certain flash videos that always rendered on top. Seems to no longer
* be an issue. Uncomment this if it is.
if (!PLAYER) return;
$("#ytapiplayer").hide();
*/
}
function unhidePlayer() {
//$("#ytapiplayer").show();
}
function chatDialog(div) { function chatDialog(div) {
var parent = $("<div/>").addClass("profile-box") var parent = $("<div/>").addClass("profile-box")
.css({ .css({
@ -2103,6 +2083,44 @@ function errDialog(err) {
return div; return div;
} }
/**
* 2016-12-08
* I *promise* that one day I will actually split this file into submodules
* -cal
*/
function modalAlert(options) {
if (typeof options !== "object" || options === null) {
throw new Error("modalAlert() called without required parameter");
}
var modal = makeModal();
modal.addClass("cytube-modal-alert");
modal.removeClass("fade");
modal.find(".modal-dialog").addClass("modal-dialog-nonfluid");
if (options.title) {
$("<h3/>").text(options.title).appendTo(modal.find(".modal-header"));
}
var contentDiv = $("<div/>").addClass("modal-body");
if (options.htmlContent) {
contentDiv.html(options.htmlContent);
} else if (options.textContent) {
contentDiv.text(options.textContent);
}
contentDiv.appendTo(modal.find(".modal-content"));
var footer = $("<div/>").addClass("modal-footer");
var okButton = $("<button/>").addClass("btn btn-primary")
.attr({ "data-dismiss": "modal"})
.text("OK")
.appendTo(footer);
footer.appendTo(modal.find(".modal-content"));
modal.appendTo(document.body);
modal.modal();
}
function queueMessage(data, type) { function queueMessage(data, type) {
if (!data) if (!data)
data = { link: null }; data = { link: null };
@ -2237,7 +2255,6 @@ function makeModal() {
.appendTo(head); .appendTo(head);
wrap.on("hidden.bs.modal", function () { wrap.on("hidden.bs.modal", function () {
unhidePlayer();
wrap.remove(); wrap.remove();
}); });
return wrap; return wrap;
@ -3160,11 +3177,6 @@ window.CSEMOTELIST = new CSEmoteList("#cs-emotes");
window.CSEMOTELIST.sortAlphabetical = USEROPTS.emotelist_sort; window.CSEMOTELIST.sortAlphabetical = USEROPTS.emotelist_sort;
function showChannelSettings() { function showChannelSettings() {
hidePlayer();
$("#channeloptions").on("hidden.bs.modal", function () {
unhidePlayer();
});
$("#channeloptions").modal(); $("#channeloptions").modal();
} }