lucaspalomodevelop/opnsense-core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/opnsense-core.git synced 2026-03-13 00:07:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

src: allow login/error page to use cache_safe()

Browse Source 
Now that we don't have version leakage we can extend the use
to the login page without risk (except that people know it's
at least the version that feature was introduced in).
This commit is contained in:
Franco Fichtner 2018-09-16 12:25:38 +02:00
parent 4178038bed
commit 866ff2ba92
3 changed files with 16 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/etc/inc/authgui.inc
View File

@ -244,8 +244,8 @@ function display_error_form($http_code, $desc)
<title><?=$http_code?></title>
<link href="/ui/themes/<?= $themename ?>/build/css/main.css" rel="stylesheet">
<link href="/ui/themes/<?= $themename ?>/build/images/favicon.png" rel="shortcut icon">
<link href="<?= cache_safe("/ui/themes/{$themename}/build/css/main.css") ?>" rel="stylesheet">
<link href="<?= cache_safe("/ui/themes/{$themename}/build/images/favicon.png") ?>" rel="shortcut icon">
<!--[if lt IE 9]><script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js"></script><![endif]-->
</head>
@ -312,17 +312,15 @@ function display_login_form($Login_Error)
<title><?=gettext("Login"); ?></title>
<link href="/ui/themes/<?= $themename ?>/build/css/main.css" rel="stylesheet">
<link href="/ui/themes/<?= $themename ?>/build/images/favicon.png" rel="shortcut icon">
<link href="<?= cache_safe("/ui/themes/{$themename}/build/css/main.css") ?>" rel="stylesheet">
<link href="<?= cache_safe("/ui/themes/{$themename}/build/images/favicon.png") ?>" rel="shortcut icon">
<script src="/ui/js/jquery-3.2.1.min.js"></script>
<script src="/ui/js/jquery-migrate-3.0.1.min.js"></script>
<?php
if (file_exists("/usr/local/opnsense/www/themes/".$themename."/build/js/theme.js")):?>
<script src="/ui/themes/<?=$themename?>/build/js/theme.js"></script>
<?php
endif;?>
<?php if (file_exists("/usr/local/opnsense/www/themes/{$themename}/build/js/theme.js")): ?>
<script src="<?= cache_safe("/ui/themes/{$themename}/build/js/theme.js") ?>"></script>
<?php endif ?>
<!--[if lt IE 9]><script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js"></script><![endif]-->

9
src/etc/inc/util.inc
View File

@ -906,6 +906,15 @@ function url_safe($format, $args = array())
return vsprintf($format, $args);
}
function cache_safe($url)
{
$info = stat('/usr/local/opnsense/www/index.php');
if (!empty($info['mtime'])) {
return "{$url}?v=" . substr(md5($info['mtime']), 0, 16);
}
return $url;
}
/****f* util/exec_command
* NAME

10
src/www/guiconfig.inc
View File

@ -61,16 +61,6 @@ function html_safe($text)
return htmlspecialchars($text, ENT_QUOTES | ENT_HTML401);
}
function cache_safe($url)
{
$info = stat('/usr/local/opnsense/www/index.php');
if (!empty($info['mtime'])) {
return "{$url}?v=" . substr(md5($info['mtime']), 0, 16);
}
return $url;
}
/**
* search for a themed filename or return distribution standard
* @param string $url relative url