MeshCentral/MeshCommander
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCommander synced 2025-12-06 06:03:20 +00:00
Code Issues Releases Wiki Activity

Window open security fix.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire
2020-09-22 13:35:27 -07:00
parent 84ee72d723
commit f91e8f359b
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
amt-wsman-0.2.0.js
View File

@@ -124,7 +124,8 @@ var WsmanStackCreateService = function (host, port, user, pass, tls, extra) {
if (!body) return null; if (!body) return null;
if (body.childNodes.length > 0) { if (body.childNodes.length > 0) {
t = body.childNodes[0].localName; t = body.childNodes[0].localName;
if (t.indexOf('_OUTPUT') == t.length - 7) { t = t.substring(0, t.length - 7); } var x = t.indexOf('_OUTPUT');
if ((x != -1) && (x == (t.length - 7))) { t = t.substring(0, t.length - 7); }
r.Header['Method'] = t; r.Header['Method'] = t;
try { try {
r.Body = _ParseWsmanRec(body.childNodes[0]); r.Body = _ParseWsmanRec(body.childNodes[0]);

6
amt-wsman-ws-0.2.0.js
View File

@@ -57,6 +57,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
obj.PerformAjaxEx = function (postdata, callback, tag, url, action) { obj.PerformAjaxEx = function (postdata, callback, tag, url, action) {
if (obj.FailAllError != 0) { obj.gotNextMessagesError({ status: obj.FailAllError }, 'error', null, [postdata, callback, tag, url, action]); return; } if (obj.FailAllError != 0) { obj.gotNextMessagesError({ status: obj.FailAllError }, 'error', null, [postdata, callback, tag, url, action]); return; }
if (!postdata) postdata = ''; if (!postdata) postdata = '';
if (urlvars && urlvars['wsmantrace']) { console.log('WSMAN-SEND(' + postdata.length + '): ' + postdata); }
//console.log('SEND: ' + postdata); // DEBUG //console.log('SEND: ' + postdata); // DEBUG
// We are in a websocket relay environment // We are in a websocket relay environment
@@ -203,11 +204,10 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
// Websocket relay specific private method // Websocket relay specific private method
function _ProcessHttpResponse(header, data) { function _ProcessHttpResponse(header, data) {
//obj.Debug('_ProcessHttpResponse: ' + header.Directive[1]); //obj.Debug('_ProcessHttpResponse: ' + header.Directive[1]);
if (urlvars && urlvars['wsmantrace']) { console.log('WSMAN-RECV(' + data.length + '): ' + data); }
var s = parseInt(header.Directive[1]); var s = parseInt(header.Directive[1]);
if (isNaN(s)) { if (isNaN(s)) { s = 602; }
s = 602;
}
if (s == 401 && ++(obj.authcounter) < 3) { if (s == 401 && ++(obj.authcounter) < 3) {
obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry
if (obj.challengeParams['qop'] != null) { if (obj.challengeParams['qop'] != null) {

4
index.html
View File

@@ -10916,10 +10916,10 @@
if (xxdialogMode) return; if (xxdialogMode) return;
haltEvent(e); haltEvent(e);
// ###BEGIN###{Mode-Firmware} // ###BEGIN###{Mode-Firmware}
var newWindow = window.open('/amt-storage/' + handle, '_blank'); var newWindow = window.open('/amt-storage/' + handle, '_blank', 'noopener,noreferrer');
// ###END###{Mode-Firmware} // ###END###{Mode-Firmware}
// ###BEGIN###{!Mode-Firmware} // ###BEGIN###{!Mode-Firmware}
var newWindow = window.open('http://' + wsstack.comm.host + ':' + wsstack.comm.port + '/amt-storage/' + handle, '_blank'); var newWindow = window.open('http://' + wsstack.comm.host + ':' + wsstack.comm.port + '/amt-storage/' + handle, '_blank', 'noopener,noreferrer');
// ###END###{!Mode-Firmware} // ###END###{!Mode-Firmware}
newWindow.opener = null; newWindow.opener = null;
newWindow.focus(); newWindow.focus();