github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-08-19 21:03:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #10272 from Chocobo1/login_v41x

Browse source 
Prevent login credential appearing in URL (for v4_1_x branch)
This commit is contained in:
Mike Tzou 2019-02-10 13:31:20 +08:00 committed by GitHub
commit 5877308a49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 33 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/base/http/connection.cpp
View file

@ -66,7 +66,7 @@ void Connection::read()
case RequestParser::ParseStatus::Incomplete: { case RequestParser::ParseStatus::Incomplete: {
const long bufferLimit = RequestParser::MAX_CONTENT_SIZE * 1.1; // some margin for headers const long bufferLimit = RequestParser::MAX_CONTENT_SIZE * 1.1; // some margin for headers
if (m_receivedData.size() > bufferLimit) { if (m_receivedData.size() > bufferLimit) {
Logger::instance()->addMessage(tr("Http request size exceeds limiation, closing socket. Limit: %ld, IP: %s") Logger::instance()->addMessage(tr("Http request size exceeds limiation, closing socket. Limit: %1, IP: %2")
.arg(bufferLimit).arg(m_socket->peerAddress().toString()), Log::WARNING); .arg(bufferLimit).arg(m_socket->peerAddress().toString()), Log::WARNING);
Response resp(413, "Payload Too Large"); Response resp(413, "Payload Too Large");
@ -79,7 +79,7 @@ void Connection::read()
return; return;
case RequestParser::ParseStatus::BadRequest: { case RequestParser::ParseStatus::BadRequest: {
Logger::instance()->addMessage(tr("Bad Http request, closing socket. IP: %s") Logger::instance()->addMessage(tr("Bad Http request, closing socket. IP: %1")
.arg(m_socket->peerAddress().toString()), Log::WARNING); .arg(m_socket->peerAddress().toString()), Log::WARNING);
Response resp(400, "Bad Request"); Response resp(400, "Bad Request");

8
src/webui/www/private/css/noscript.css Normal file
View file

@ -0,0 +1,8 @@
#desktop {
display: none;
}
#noscript {
color: #f00;
text-align: center;
}

6
src/webui/www/private/index.html
View file

@ -13,6 +13,9 @@
<link rel="stylesheet" type="text/css" href="css/Layout.css" /> <link rel="stylesheet" type="text/css" href="css/Layout.css" />
<link rel="stylesheet" type="text/css" href="css/Window.css" /> <link rel="stylesheet" type="text/css" href="css/Window.css" />
<link rel="stylesheet" type="text/css" href="css/Tabs.css" /> <link rel="stylesheet" type="text/css" href="css/Tabs.css" />
<noscript>
<link rel="stylesheet" type="text/css" href="css/noscript.css?v=${VERSION}" />
</noscript>
<script src="scripts/lib/mootools-1.2-core-yc.js"></script> <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
<script src="scripts/lib/mootools-1.2-more.js"></script> <script src="scripts/lib/mootools-1.2-more.js"></script>
<!--[if IE]> <!--[if IE]>
@ -29,6 +32,9 @@
</head> </head>
<body> <body>
<noscript id="noscript">
<h1>QBT_TR(JavaScript Required! You must enable JavaScript for the Web UI to work properly)QBT_TR[CONTEXT=HttpServer]</h1>
</noscript>
<div id="desktop"> <div id="desktop">
<div id="desktopHeader"> <div id="desktopHeader">
<!--<div id="desktopTitlebar"> <!--<div id="desktopTitlebar">

8
src/webui/www/public/css/noscript.css Normal file
View file

@ -0,0 +1,8 @@
#formplace {
display: none;
}
#noscript {
color: #f00;
text-align: center;
}

8
src/webui/www/public/login.html
View file

@ -7,6 +7,9 @@
<link rel="icon" type="image/png" href="images/skin/qbittorrent32.png" /> <link rel="icon" type="image/png" href="images/skin/qbittorrent32.png" />
<link rel="stylesheet" type="text/css" href="css/login.css" /> <link rel="stylesheet" type="text/css" href="css/login.css" />
<script src="scripts/lib/mootools-1.2-core-yc.js"></script> <script src="scripts/lib/mootools-1.2-core-yc.js"></script>
<noscript>
<link rel="stylesheet" type="text/css" href="css/noscript.css?v=${VERSION}" />
</noscript>
<script> <script>
window.onload = function() { window.onload = function() {
$('username').focus(); $('username').focus();
@ -51,13 +54,16 @@
</head> </head>
<body> <body>
<noscript id="noscript">
<h1>QBT_TR(JavaScript Required! You must enable JavaScript for the Web UI to work properly)QBT_TR[CONTEXT=HttpServer]</h1>
</noscript>
<div id="main"> <div id="main">
<h1>qBittorrent QBT_TR(Web UI)QBT_TR[CONTEXT=OptionsDialog]</h1> <h1>qBittorrent QBT_TR(Web UI)QBT_TR[CONTEXT=OptionsDialog]</h1>
<div id="logo" class="col"> <div id="logo" class="col">
<img src="images/skin/qbittorrent-tray.svg" alt="qBittorrent logo" /> <img src="images/skin/qbittorrent-tray.svg" alt="qBittorrent logo" />
</div> </div>
<div id="formplace" class="col"> <div id="formplace" class="col">
<form id="loginform"> <form id="loginform" method="post">
<div class="row"> <div class="row">
<label for="username">QBT_TR(Username)QBT_TR[CONTEXT=HttpServer]</label><br /> <label for="username">QBT_TR(Username)QBT_TR[CONTEXT=HttpServer]</label><br />
<input type="text" id="username" name="username" /></div> <input type="text" id="username" name="username" /></div>

2
src/webui/www/webui.qrc
View file

@ -6,6 +6,7 @@
<file>private/css/Core.css</file> <file>private/css/Core.css</file>
<file>private/css/dynamicTable.css</file> <file>private/css/dynamicTable.css</file>
<file>private/css/Layout.css</file> <file>private/css/Layout.css</file>
<file>private/css/noscript.css</file>
<file>private/css/style.css</file> <file>private/css/style.css</file>
<file>private/css/Tabs.css</file> <file>private/css/Tabs.css</file>
<file>private/css/Window.css</file> <file>private/css/Window.css</file>
@ -47,6 +48,7 @@
<file>private/upload.html</file> <file>private/upload.html</file>
<file>private/uploadlimit.html</file> <file>private/uploadlimit.html</file>
<file>public/css/login.css</file> <file>public/css/login.css</file>
<file>public/css/noscript.css</file>
<file>public/login.html</file> <file>public/login.html</file>
<file>public/scripts/lib/mootools-1.2-core-yc.js</file> <file>public/scripts/lib/mootools-1.2-core-yc.js</file>
</qresource> </qresource>