From af1143b9baf567c913ce2450abc3f77b22206589 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 9 Sep 2010 13:31:25 +0200 Subject: check data directory security FS#2020 This is a javascript based check, executed from the admin menu. If the data directory is readable, a warning is displayed. Doing this check in JavaScript makes sure we have a real client side test (opposed to the check executed from ?do=check) Question: should this be localized? --- lib/scripts/script.js | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'lib/scripts') diff --git a/lib/scripts/script.js b/lib/scripts/script.js index 57917aeb5..84114923f 100644 --- a/lib/scripts/script.js +++ b/lib/scripts/script.js @@ -537,3 +537,35 @@ addInitEvent(function(){ }); } }); + +/** + * Check data directory security + * + * Tries to access data/_dummy from the client. + * In a proper setup this should fail, if it succeeds a warning is displayed. + * This is only done on the Admin screen + */ +addInitEvent(function(){ + var isadmin = $('admin__version'); + if(!isadmin) return; + + var ajax = new sack(DOKU_BASE + 'data/_dummy'); + ajax.AjaxFailedAlert = ''; + ajax.encodeURIString = false; + if(ajax.failed) return true; + ajax.method = 'GET'; + + ajax.onCompletion = function(){ + if(this.response && (this.response.substr(0,14) == 'data directory')){ + var msg = document.createElement('div'); + msg.className = 'error'; + msg.innerHTML = 'Important: Your data directory is not properly '+ + 'secured. This is a serious security problem and should be fixed '+ + 'immeadiately.
You can find more info on our '+ + 'security page.'; + var container = $('admin__version').parentNode; + container.insertBefore(msg,container.childNodes[0]); + } + }; + ajax.runAJAX(); +}); -- cgit v1.2.3 From c95a5b7dd09aa1bd32e773cc1d582de72fb3e54c Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 9 Sep 2010 15:58:33 +0200 Subject: use background image based data security check in admin --- lib/scripts/script.js | 31 ------------------------------- 1 file changed, 31 deletions(-) (limited to 'lib/scripts') diff --git a/lib/scripts/script.js b/lib/scripts/script.js index 84114923f..c79c9b683 100644 --- a/lib/scripts/script.js +++ b/lib/scripts/script.js @@ -538,34 +538,3 @@ addInitEvent(function(){ } }); -/** - * Check data directory security - * - * Tries to access data/_dummy from the client. - * In a proper setup this should fail, if it succeeds a warning is displayed. - * This is only done on the Admin screen - */ -addInitEvent(function(){ - var isadmin = $('admin__version'); - if(!isadmin) return; - - var ajax = new sack(DOKU_BASE + 'data/_dummy'); - ajax.AjaxFailedAlert = ''; - ajax.encodeURIString = false; - if(ajax.failed) return true; - ajax.method = 'GET'; - - ajax.onCompletion = function(){ - if(this.response && (this.response.substr(0,14) == 'data directory')){ - var msg = document.createElement('div'); - msg.className = 'error'; - msg.innerHTML = 'Important: Your data directory is not properly '+ - 'secured. This is a serious security problem and should be fixed '+ - 'immeadiately.
You can find more info on our '+ - 'security page.'; - var container = $('admin__version').parentNode; - container.insertBefore(msg,container.childNodes[0]); - } - }; - ajax.runAJAX(); -}); -- cgit v1.2.3 From de3eb1d7f990c4cc17722ce3bdff7b9568ab8b9c Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Tue, 28 Sep 2010 16:38:14 +0200 Subject: Small fixes / cleanup --- lib/scripts/media.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/scripts') diff --git a/lib/scripts/media.js b/lib/scripts/media.js index 95b1ab69e..dcd692f42 100644 --- a/lib/scripts/media.js +++ b/lib/scripts/media.js @@ -1,5 +1,5 @@ /** - * JavaScript functionalitiy for the media management popup + * JavaScript functionality for the media management popup * * @author Andreas Gohr */ -- cgit v1.2.3 From b30533d018b82813eba2177d2e938fab1d71432c Mon Sep 17 00:00:00 2001 From: Gina Haeussge Date: Sat, 2 Oct 2010 14:38:06 +0200 Subject: FS#2034: Removed close button. --- lib/scripts/media.js | 7 ------- 1 file changed, 7 deletions(-) (limited to 'lib/scripts') diff --git a/lib/scripts/media.js b/lib/scripts/media.js index dcd692f42..c8ddfa40a 100644 --- a/lib/scripts/media.js +++ b/lib/scripts/media.js @@ -469,13 +469,6 @@ var media_manager = { media_manager.popup.appendChild(btnp); btnp.setAttribute('class','btnlbl'); - var cls = document.createElement('input'); - cls.type = 'button'; - cls.setAttribute('class','button'); - cls.value = LANG['mediaclose']; - btnp.appendChild(cls); - addEvent(cls,'click',function(event){ return media_manager.closePopup(event,this); }); - var btn = document.createElement('input'); btn.type = 'button'; btn.id = 'media__sendbtn'; -- cgit v1.2.3 From 658296ab9f537037176727350f34a0ec3f2f9bc6 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sat, 2 Oct 2010 20:07:34 +0200 Subject: Remove trailing whitespace in the link wizard FS#1760 --- lib/scripts/linkwiz.js | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/scripts') diff --git a/lib/scripts/linkwiz.js b/lib/scripts/linkwiz.js index 225868592..779c4d704 100644 --- a/lib/scripts/linkwiz.js +++ b/lib/scripts/linkwiz.js @@ -201,6 +201,13 @@ var linkwiz = { if(sel.start == 0 && sel.end == 0) sel = linkwiz.selection; var stxt = sel.getText(); + + // don't include trailing space in selection + if(stxt.charAt(stxt.length - 1) == ' '){ + sel.end--; + stxt = sel.getText(); + } + if(!stxt && !DOKU_UHC) stxt=title; // prepend colon inside namespaces for non namespace pages -- cgit v1.2.3 From 34c350b273b2b5046b7dbd7ba852fcd3e137a6f7 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sat, 2 Oct 2010 20:34:35 +0200 Subject: Link wizard starts with the last opened namespace FS#1989 --- lib/scripts/linkwiz.js | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/scripts') diff --git a/lib/scripts/linkwiz.js b/lib/scripts/linkwiz.js index 779c4d704..e4e92cdd2 100644 --- a/lib/scripts/linkwiz.js +++ b/lib/scripts/linkwiz.js @@ -225,6 +225,8 @@ var linkwiz = { pasteText(sel,link,{startofs: so, endofs: eo}); linkwiz.hide(); + // reset the entry to the parent namespace and remove : at the beginning + linkwiz.entry.value = linkwiz.entry.value.replace(/(^:)?[^:]*$/, ''); }, /** -- cgit v1.2.3 From 05fea6befaf95c4615538cd6ebd127e83712c9c9 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 3 Oct 2010 13:32:09 +0100 Subject: FS#1958 --- lib/scripts/hotkeys.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lib/scripts') diff --git a/lib/scripts/hotkeys.js b/lib/scripts/hotkeys.js index 356b691ea..ad608b227 100644 --- a/lib/scripts/hotkeys.js +++ b/lib/scripts/hotkeys.js @@ -208,7 +208,7 @@ function Hotkeys() { /** * @property isMac */ - this.isMac = (navigator.userAgent.indexOf('Mac') != -1); + this.isMac = is_macos; /** * Apply function cb on each element of o in the namespace of s @@ -272,9 +272,7 @@ function Hotkeys() { } t.each(t.shortcuts, function(o) { - if (t.isMac && o.ctrl != e.metaKey) - return; - else if (!t.isMac && o.ctrl != e.ctrlKey) + if (o.ctrl != e.ctrlKey) return; if (o.alt != e.altKey) -- cgit v1.2.3