liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: admin security UI

Browse Source
This commit is contained in:
NGPixel 2020-05-30 16:42:48 -04:00
parent 1f9e5b3fd0
commit 83f7c2867d
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
client/components/admin/admin-security.vue
View File

@ -20,7 +20,7 @@
v-card-info(color='red') v-card-info(color='red')
span Make sure to understand the implications before turning on / off a security feature. span Make sure to understand the implications before turning on / off a security feature.
v-card-text v-card-text
v-switch.mt-3( v-switch(
inset inset
label='Block Open Redirect' label='Block Open Redirect'
color='red darken-2' color='red darken-2'
@ -29,6 +29,7 @@
hint='Prevents user controlled URLs from directing to websites outside of your wiki. This provides Open Redirect protection.' hint='Prevents user controlled URLs from directing to websites outside of your wiki. This provides Open Redirect protection.'
) )
v-divider.mt-3
v-switch.mt-3( v-switch.mt-3(
inset inset
label='Block IFrame Embedding' label='Block IFrame Embedding'

2
server/middlewares/security.js
View File

@ -39,7 +39,7 @@ module.exports = function (req, res, next) {
// -> Prevent Open Redirect from user provided URL // -> Prevent Open Redirect from user provided URL
if (WIKI.config.security.securityOpenRedirect) { if (WIKI.config.security.securityOpenRedirect) {
// Strips out all repeating / character in the provided URL // Strips out all repeating / character in the provided URL
req.url = req.url.replace(/(\/)(?=\/*\1)/g, "") req.url = req.url.replace(/(\/)(?=\/*\1)/g, '')
} }
return next() return next()