MBonaldo/hfs2
1
0
Fork 0
mirror of https://github.com/rejetto/hfs2.git synced 2025-12-19 10:03:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: login not working if root is protected

Browse Source
This commit is contained in:
Massimo Melina 2020-05-13 23:49:31 +02:00
parent 8d6a51157e
commit 34d4adf0c3
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
default.tpl
View File

@ -845,6 +845,8 @@ function selectionMask() {
}//selectionMask }//selectionMask
function showLogin(options) { function showLogin(options) {
if (!HFS.sid) // the session was just deleted
return location.reload() // but it's necessary for login
var d = dialog('\ var d = dialog('\
<form style="line-height:1.9em">\ <form style="line-height:1.9em">\
Username\ Username\

13
main.pas
View File

@ -5060,7 +5060,7 @@ var
procedure handleRequest(); procedure handleRequest();
var var
dlForbiddenForWholeFolder, specialGrant: boolean; dlForbiddenForWholeFolder, specialGrant: boolean;
urlCmd: string; mode, urlCmd: string;
acc: Paccount; acc: Paccount;
function accessGranted(forceFile:Tfile=NIL):boolean; function accessGranted(forceFile:Tfile=NIL):boolean;
@ -5081,13 +5081,12 @@ var
result:=f.accessFor(data); result:=f.accessFor(data);
// ok, you are referring a section of the template, which virtually resides in the root because of the url starting with /~ // ok, you are referring a section of the template, which virtually resides in the root because of the url starting with /~
// but you don't have access rights to the root. We'll let you pass if it's actually a section and you are using it from a folder that you have access to. // but you don't have access rights to the root. We'll let you pass if it's actually a section and you are using it from a folder that you have access to.
if not result and (f = rootFile) and ansiStartsStr('~', urlCmd) and tpl.sectionExist(copy(urlCmd,2,MAXINT)) if not result and (f = rootFile)
and ((mode='section') or ansiStartsStr('~', urlCmd) and tpl.sectionExist(copy(urlCmd,2,MAXINT)))
and (0 < reMatch(conn.getHeader('Referer'), '://([^@]*@)?'+getSafeHost(data)+'(/.*)', 'i', 1, @m)) then and (0 < reMatch(conn.getHeader('Referer'), '://([^@]*@)?'+getSafeHost(data)+'(/.*)', 'i', 1, @m)) then
begin begin
fTemp:=findFileByUrl(m[2]); result:=TRUE;
result:=assigned(fTemp) and fTemp.accessFor(data); specialGrant:=TRUE;
specialGrant:=result;
freeIfTemp(Ftemp);
end; end;
if result then exit; if result then exit;
conn.reply.realm:=f.getShownRealm(); conn.reply.realm:=f.getShownRealm();
@ -5200,7 +5199,7 @@ var
var var
b: boolean; b: boolean;
s, mode: string; s: string;
i: integer; i: integer;
section: PtplSection; section: PtplSection;
begin begin