Skip to content

A
antSword
Commit d70ddc13 authored by antoor's avatar antoor
Browse files
Options

修复文件名引起的XSS安全问题

parent f9d61b10
Show whitespace changes
Inline Side-by-side
Showing with 98 additions and 98 deletions
source/language/en.jsx
View file @ d70ddc13
......@@ -71,8 +71,8 @@ module.exports = {
del: {
title: 'Delete category',
confirm: 'Are you sure to delete this category?',
success: (category) => `Delete category(${category}) success!`,
error: (category, err) => `Delete category(${category}failed!<br/>${err}`
success: (category) => antSword.noxss(`Delete category(${category}) success!`),
error: (category, err) => antSword.noxss(`Delete category(${category}failed!<br/>${err}`)
}
},
list: {
......@@ -99,10 +99,10 @@ module.exports = {
},
warning: 'Please enter the full!',
success: 'Add shell success!',
error: (err) => `Add shell failed!<br/>${err}`
error: (err) => antSword.noxss(`Add shell failed!<br/>${err}`)
},
edit: {
title: (url) => `Edit shell(${url})`,
title: (url) => antSword.noxss(`Edit shell(${url})`),
toolbar: {
save: 'Save',
clear: 'Clear'
......@@ -116,29 +116,29 @@ module.exports = {
},
warning: 'Please enter the full!',
success: 'Update shell success!',
error: (err) => `Update shell failed!<br/>${err}`
error: (err) => antSword.noxss(`Update shell failed!<br/>${err}`)
},
del: {
title: 'Delete shell',
confirm: (len) => `Are you sure to delete ${len} shells?`,
success: (len) => `Delete ${len} shells success!`,
error: (err) => `Delete failed!<br/>${err}`
confirm: (len) => antSword.noxss(`Are you sure to delete ${len} shells?`),
success: (len) => antSword.noxss(`Delete ${len} shells success!`),
error: (err) => antSword.noxss(`Delete failed!<br/>${err}`)
},
move: {
success: (num) => `Move ${num}datas success!`,
error: (err) => `Move data failed!<br/>${err}`
success: (num) => antSword.noxss(`Move ${num}datas success!`),
error: (err) => antSword.noxss(`Move data failed!<br/>${err}`)
},
clearCache: {
title: 'Clear cache',
confirm: 'Are you sure to clear this cache?',
success: 'Clear cache success!',
error: (err) => `Clear cache failed!<br/>${err}`
error: (err) => antSword.noxss(`Clear cache failed!<br/>${err}`)
},
clearAllCache: {
title: 'Clear all cache',
confirm: 'Are you sure to clear all the cache?',
success: 'Clear all cache success!',
error: (err) => `Clear all cache failed!<br/>${err}`
error: (err) => antSword.noxss(`Clear all cache failed!<br/>${err}`)
}
}
},
......@@ -156,35 +156,35 @@ module.exports = {
title: 'FileManager',
delete: {
title: 'Delete',
confirm: (num) => `Are you sure to delete ${typeof(num) === 'number' ? num + ' files' : num} ?`,
success: (path) => `Delete file [${path}] success!`,
error: (path, err) => `Delete file [${path}] failed!${err ? '<br/>' + err : ''}`
confirm: (num) => antSword.noxss(`Are you sure to delete ${typeof(num) === 'number' ? num + ' files' : num} ?`),
success: (path) => antSword.noxss(`Delete file [${path}] success!`),
error: (path, err) => antSword.noxss(`Delete file [${path}] failed!${err ? '<br/>' + err : ''}`)
},
paste: {
success: (path) => `Paste file success!<br/>${path}`,
error: (path, err) => `Paste file [${path}] failed!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`Paste file success!<br/>${path}`),
error: (path, err) => antSword.noxss(`Paste file [${path}] failed!${err ? '<br/>' + err : ''}`)
},
rename: {
title: 'Rename',
success: 'Rename success!',
error: (err) => `Rename failed!${err ? '<br/>' + err : ''}`
error: (err) => antSword.noxss(`Rename failed!${err ? '<br/>' + err : ''}`)
},
createFolder: {
title: 'Create Folder',
value: 'New Folder',
success: (path) => `Create folder success!<br/>${path}`,
error: (path, err) => `Create folder [${path}] failed!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`Create folder success!<br/>${path}`),
error: (path, err) => antSword.noxss(`Create folder [${path}] failed!${err ? '<br/>' + err : ''}`)
},
createFile: {
title: 'Create File',
value: 'New File.txt',
success: (path) => `Create file success!<br/>${path}`,
error: (path, err) => `Create file [${path}] failed!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`Create file success!<br/>${path}`),
error: (path, err) => antSword.noxss(`Create file [${path}] failed!${err ? '<br/>' + err : ''}`)
},
retime: {
title: 'Retime File',
success: (path) => `Retime file success!<br/>${path}`,
error: (path, err) => `Retime file [${path}] failed!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`Retime file success!<br/>${path}`),
error: (path, err) => antSword.noxss(`Retime file [${path}] failed!${err ? '<br/>' + err : ''}`)
},
wget: {
title: 'Wget File',
......@@ -193,18 +193,18 @@ module.exports = {
name: 'WGET',
start: 'Start to wget file..',
success: 'Wget success!',
failed: (ret) => `Failed:${ret}`,
error: (err) => `Error:${err}`
failed: (ret) => antSword.noxss(`Failed:${ret}`),
error: (err) => antSword.noxss(`Error:${err}`)
}
},
upload: {
task: {
name: 'Upload',
failed: (err) => `Failed:${err}`,
error: (err) => `Error:${err}`
failed: (err) => antSword.noxss(`Failed:${err}`),
error: (err) => antSword.noxss(`Error:${err}`)
},
success: (path) => `Upload file success!<br/>${path}`,
error: (path, err) => `Upload file [${path}] failed!${err}`,
success: (path) => antSword.noxss(`Upload file success!<br/>${path}`),
error: (path, err) => antSword.noxss(`Upload file [${path}] failed!${err}`),
},
folder: {
title: 'Folders'
......@@ -231,7 +231,7 @@ module.exports = {
prompt: {
add: {
title: 'Add to bookmark',
success: (path) => `Add to bookmark success!<br/>${path}`,
success: (path) => antSword.noxss(`Add to bookmark success!<br/>${path}`),
},
remove: {
title: 'Remove bookmark',
......@@ -271,8 +271,8 @@ module.exports = {
modify: 'Modify the file time',
copy: {
title: 'Copy',
warning: (id) => `Already add to clipboard!<br/>${id}`,
info: (id) => `Add file to the clipboard.<br/>${id}`
warning: (id) => antSword.noxss(`Already add to clipboard!<br/>${id}`),
info: (id) => antSword.noxss(`Add file to the clipboard.<br/>${id}`)
},
create: {
title: 'Create',
......@@ -283,15 +283,15 @@ module.exports = {
}
},
editor: {
title: (path) => `Edit: ${path}`,
title: (path) => antSword.noxss(`Edit: ${path}`),
toolbar: {
save: 'Save',
mode: 'Mode',
encode: 'Encode'
},
loadErr: (err) => `Load file error!<br/>${err}`,
success: (path) => `Save the file success!<br/>${path}`,
error: (path, err) => `Save the file [${path}] failed!${err}`
loadErr: (err) => antSword.noxss(`Load file error!<br/>${err}`),
success: (path) => antSword.noxss(`Save the file success!<br/>${path}`),
error: (path, err) => antSword.noxss(`Save the file [${path}] failed!${err}`)
},
tasks: {
title: 'Tasks',
......@@ -313,10 +313,10 @@ module.exports = {
cancel: 'Cancel download',
start: 'Start to download',
success: 'Download success!',
error: (err) => `Error:${err}`
error: (err) => antSword.noxss(`Error:${err}`)
},
error: (name, err) => `Download file [${name}]error!<br/>${err}`,
success: (name) => `Download file [${name}] success!`
error: (name, err) => antSword.noxss(`Download file [${name}]error!<br/>${err}`),
success: (name) => antSword.noxss(`Download file [${name}] success!`)
}
},
database: {
......@@ -338,10 +338,10 @@ module.exports = {
title: 'Result',
warning: 'Execution is completed, but no results return!',
error: {
database: (err) => `Failed to obtain a list of databases!<br/>${err}`,
table: (err) => `Get table data failed!<br/>${err}`,
column: (err) => `Failed to obtain field list!<br/>${err}`,
query: (err) => `Failure to execute SQL!<br/>${err}`,
database: (err) => antSword.noxss(`Failed to obtain a list of databases!<br/>${err}`),
table: (err) => antSword.noxss(`Get table data failed!<br/>${err}`),
column: (err) => antSword.noxss(`Failed to obtain field list!<br/>${err}`),
query: (err) => antSword.noxss(`Failure to execute SQL!<br/>${err}`),
parse: 'Return data format is incorrect!',
noresult: 'No query results!'
}
......@@ -363,7 +363,7 @@ module.exports = {
title: 'Delete configuration',
confirm: 'Determine delete this configuration?',
success: 'Delete configuration success!',
error: (err) => `Delete configuration failed!<br/>${err}`
error: (err) => antSword.noxss(`Delete configuration failed!<br/>${err}`)
}
}
},
......@@ -395,6 +395,6 @@ module.exports = {
}
},
plugin: {
error: (err) => `Load plugin center failed!<br/>${err}`
error: (err) => antSword.noxss(`Load plugin center failed!<br/>${err}`)
}
}
\ No newline at end of file
source/language/zh.jsx
View file @ d70ddc13
......@@ -72,8 +72,8 @@ module.exports = {
del: {
title: '删除分类',
confirm: '确定删除此分类吗?(数据将清空)',
success: (category) => `成功删除分类(${category})!`,
error: (category, err) => `删除分类(${category})失败!<br/>${err}`
success: (category) => antSword.noxss(`成功删除分类(${category})!`),
error: (category, err) => antSword.noxss(`删除分类(${category})失败!<br/>${err}`)
}
},
list: {
......@@ -100,10 +100,10 @@ module.exports = {
},
warning: '请输入完整!',
success: '添加数据成功!',
error: (err) => `添加数据失败!<br/>${err}`
error: (err) => antSword.noxss(`添加数据失败!<br/>${err}`)
},
edit: {
title: (url) => `编辑数据(${url})`,
title: (url) => antSword.noxss(`编辑数据(${url})`),
toolbar: {
save: '保存',
clear: '清空'
......@@ -117,29 +117,29 @@ module.exports = {
},
warning: '请输入完整!',
success: '更新数据成功!',
error: (err) => `更新数据失败!<br/>${err}`
error: (err) => antSword.noxss(`更新数据失败!<br/>${err}`)
},
del: {
title: '删除数据',
confirm: (len) => `确定删除选中的${len}条数据吗?`,
success: (len) => `成功删除${len}条数据!`,
error: (err) => `删除失败!<br/>${err}`
confirm: (len) => antSword.noxss(`确定删除选中的${len}条数据吗?`),
success: (len) => antSword.noxss(`成功删除${len}条数据!`),
error: (err) => antSword.noxss(`删除失败!<br/>${err}`)
},
move: {
success: (num) => `成功移动${num}条数据!`,
error: (err) => `移动数据失败!<br/>${err}`
success: (num) => antSword.noxss(`成功移动${num}条数据!`),
error: (err) => antSword.noxss(`移动数据失败!<br/>${err}`)
},
clearCache: {
title: '清空缓存',
confirm: '确定清空此缓存吗?',
success: '清空缓存完毕!',
error: (err) => `清空缓存失败!<br/>${err}`
error: (err) => antSword.noxss(`清空缓存失败!<br/>${err}`)
},
clearAllCache: {
title: '清空缓存',
confirm: '确定清空所有缓存数据吗?',
success: '清空全部缓存完毕!',
error: (err) => `清空全部缓存失败!<br/>${err}`
error: (err) => antSword.noxss(`清空全部缓存失败!<br/>${err}`)
}
}
},
......@@ -157,35 +157,35 @@ module.exports = {
title: '文件管理',
delete: {
title: '删除文件',
confirm: (num) => `你确定要删除 ${typeof(num) === 'number' ? num + ' 个文件' : num} 吗?`,
success: (path) => `删除文件成功!<br/>${path}`,
error: (path, err) => `删除文件 [${path}] 失败!${err ? '<br/>' + err : ''}`
confirm: (num) => antSword.noxss(`你确定要删除 ${typeof(num) === 'number' ? num + ' 个文件' : num} 吗?`),
success: (path) => antSword.noxss(`删除文件成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`删除文件 [${path}] 失败!${err ? '<br/>' + err : ''}`)
},
paste: {
success: (path) => `粘贴文件成功!<br/>${path}`,
error: (path, err) => `粘贴文件 [${path}] 失败!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`粘贴文件成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`粘贴文件 [${path}] 失败!${err ? '<br/>' + err : ''}`)
},
rename: {
title: '重命名',
success: '重命名文件成功!',
error: (err) => `重命名文件失败!${err ? '<br/>' + err : ''}`
error: (err) => antSword.noxss(`重命名文件失败!${err ? '<br/>' + err : ''}`)
},
createFolder: {
title: '新建目录',
value: '新目录',
success: (path) => `新建目录成功!<br/>${path}`,
error: (path, err) => `新建目录 [${path}] 失败!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`新建目录成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`新建目录 [${path}] 失败!${err ? '<br/>' + err : ''}`)
},
createFile: {
title: '新建文件',
value: '新文件.txt',
success: (path) => `新建文件成功!<br/>${path}`,
error: (path, err) => `新建文件 [${path}] 失败!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`新建文件成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`新建文件 [${path}] 失败!${err ? '<br/>' + err : ''}`)
},
retime: {
title: '更改时间',
success: (path) => `更改文件时间成功!<br/>${path}`,
error: (path, err) => `更改文件时间 [${path}] 失败!${err ? '<br/>' + err : ''}`
success: (path) => antSword.noxss(`更改文件时间成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`更改文件时间 [${path}] 失败!${err ? '<br/>' + err : ''}`)
},
wget: {
title: 'Wget下载文件',
......@@ -194,18 +194,18 @@ module.exports = {
name: 'WGET下载',
start: '开始下载..',
success: '下载成功!',
failed: (ret) => `失败:${ret}`,
error: (err) => `错误:${err}`
failed: (ret) => antSword.noxss(`失败:${ret}`),
error: (err) => antSword.noxss(`错误:${err}`)
}
},
upload: {
task: {
name: '上传',
failed: (err) => `失败:${err}`,
error: (err) => `出错:${err}`
failed: (err) => antSword.noxss(`失败:${err}`),
error: (err) => antSword.noxss(`出错:${err}`)
},
success: (path) => `上传文件成功!<br/>${path}`,
error: (path, err) => `上传文件 [${path}] 失败!${err}`,
success: (path) => antSword.noxss(`上传文件成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`上传文件 [${path}] 失败!${err}`),
},
folder: {
title: '目录列表'
......@@ -232,7 +232,7 @@ module.exports = {
prompt: {
add: {
title: '添加到书签',
success: (path) => `添加书签成功!<br/>${path}`,
success: (path) => antSword.noxss(`添加书签成功!<br/>${path}`),
},
remove: {
title: '移除书签',
......@@ -272,8 +272,8 @@ module.exports = {
modify: '更改文件时间',
copy: {
title: '复制文件',
warning: (id) => `已经添加到剪贴板!<br/>${id}`,
info: (id) => `添加文件到剪贴板<br/>${id}`
warning: (id) => antSword.noxss(`已经添加到剪贴板!<br/>${id}`),
info: (id) => antSword.noxss(`添加文件到剪贴板<br/>${id}`)
},
create: {
title: '新建',
......@@ -284,15 +284,15 @@ module.exports = {
}
},
editor: {
title: (path) => `编辑: ${path}`,
title: (path) => antSword.noxss(`编辑: ${path}`),
toolbar: {
save: '保存',
mode: '高亮',
encode: '编码'
},
loadErr: (err) => `加载文件出错!<br/>${err}`,
success: (path) => `保存文件成功!<br/>${path}`,
error: (path, err) => `保存文件 [${path}] 失败!${err}`
loadErr: (err) => antSword.noxss(`加载文件出错!<br/>${err}`),
success: (path) => antSword.noxss(`保存文件成功!<br/>${path}`),
error: (path, err) => antSword.noxss(`保存文件 [${path}] 失败!${err}`)
},
tasks: {
title: '任务列表',
......@@ -314,10 +314,10 @@ module.exports = {
cancel: '取消下载',
start: '开始下载',
success: '下载成功',
error: (err) => `出错:${err}`
error: (err) => antSword.noxss(`出错:${err}`)
},
error: (name, err) => `下载文件[${name}]出错!<br/>${err}`,
success: (name) => `下载文件[${name}]成功!`
error: (name, err) => antSword.noxss(`下载文件[${name}]出错!<br/>${err}`),
success: (name) => antSword.noxss(`下载文件[${name}]成功!`)
}
},
database: {
......@@ -339,10 +339,10 @@ module.exports = {
title: '执行结果',
warning: '操作完毕,但没有结果返回!',
error: {
database: (err) => `获取数据库列表失败!<br/>${err}`,
table: (err) => `获取表数据失败!<br/>${err}`,
column: (err) => `获取字段列表失败!<br/>${err}`,
query: (err) => `执行SQL失败!<br/>${err}`,
database: (err) => antSword.noxss(`获取数据库列表失败!<br/>${err}`),
table: (err) => antSword.noxss(`获取表数据失败!<br/>${err}`),
column: (err) => antSword.noxss(`获取字段列表失败!<br/>${err}`),
query: (err) => antSword.noxss(`执行SQL失败!<br/>${err}`),
parse: '返回数据格式不正确!',
noresult: '没有查询结果!'
}
......@@ -364,7 +364,7 @@ module.exports = {
title: '删除配置',
confirm: '确定删除此配置吗?',
success: '删除配置成功!',
error: (err) => `删除配置失败!<br/>${err}`
error: (err) => antSword.noxss(`删除配置失败!<br/>${err}`)
}
}
},
......@@ -396,6 +396,6 @@ module.exports = {
}
},
plugin: {
error: (err) => `加载插件中心失败!<br/>${err}`
error: (err) => antSword.noxss(`加载插件中心失败!<br/>${err}`)
}
}
\ No newline at end of file
source/modules/filemanager/files.jsx
View file @ d70ddc13
......@@ -228,7 +228,7 @@ class Files {
let _Clipboard_num = 0;
for (let c in self.Clipboard) {
_Clipboard.push({
text: c,
text: antSword.noxss(c),
icon: 'fa fa-' + (c.endsWith('/') ? 'folder-o' : 'file-o'),
action: ( (source, name) => {
return () => {
......
source/modules/filemanager/index.jsx
View file @ d70ddc13
......@@ -277,8 +277,8 @@ class FileManager {
renameFile(name) {
const isDir = name.endsWith('/');
layer.prompt({
value: name.replace(/\/$/, ''),
title: `<i class="fa fa-fa fa-font"></i> ${LANG['rename']['title']} (${name})`
value: antSword.noxss(name.replace(/\/$/, '')),
title: `<i class="fa fa-fa fa-font"></i> ${LANG['rename']['title']} (${antSword.noxss(name)})`
}, (value, index, elem) => {
this.files.cell.progressOn();
this.core.filemanager.rename({
......@@ -352,7 +352,7 @@ class FileManager {
retimeFile(name, oldtime) {
layer.prompt({
value: oldtime,
title: `<i class="fa fa-clock-o"></i> ${LANG['retime']['title']} (${name})`,
title: `<i class="fa fa-clock-o"></i> ${LANG['retime']['title']} (${antSword.noxss(name)})`,
content: `<input type="text" class="layui-layer-input" onClick="laydate({istime: true, format: 'YYYY-MM-DD hh:mm:ss'});" value="${oldtime}">`
}, (value, i, e) => {
this.files.cell.progressOn();
......
source/modules/filemanager/tasks.jsx
View file @ d70ddc13
......@@ -48,8 +48,8 @@ class Tasks {
const hash = String(+new Date() + Math.random()).replace('.', '_');
this.grid.addRow(
hash, [
name,
desc,
antSword.noxss(name),
antSword.noxss(desc),
`<div id="filemanager_progress_${hash}">-</div>`,
new Date().format('yyyy-MM-dd hh:mm:ss'),
`<div id="filemanager_end_time_${hash}">-</div>`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment