Files
@ 22da5f258118
Branch filter:
Location: kallithea/init.d/kallithea-daemon-arch - annotation
22da5f258118
1.3 KiB
text/plain
pullrequests: prevent XSS in 'Potential Reviewers' list when first and last names cannot be trusted
The user information passed to autocompleteFormatter from select2 is the raw
data which might contain HTML markup controlled by the user.
That could cause XSS issues, already when loading a PR page.
To avoid that, make sure autocompleteHighlightMatch always escape user
information. That makes the user safe as long as a rogue user isn't selected ...
The user information passed to autocompleteFormatter from select2 is the raw
data which might contain HTML markup controlled by the user.
That could cause XSS issues, already when loading a PR page.
To avoid that, make sure autocompleteHighlightMatch always escape user
information. That makes the user safe as long as a rogue user isn't selected ...
99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 2c3d30095d5e 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 2c3d30095d5e 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 e285bb7abb28 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 e285bb7abb28 | #!/bin/bash
###########################################
#### THIS IS AN ARCH LINUX RC.D SCRIPT ####
###########################################
. /etc/rc.conf
. /etc/rc.d/functions
DAEMON=kallithea
APP_HOMEDIR="/srv"
APP_PATH="$APP_HOMEDIR/$DAEMON"
CONF_NAME="production.ini"
LOG_FILE="/var/log/$DAEMON.log"
PID_FILE="/run/daemons/$DAEMON"
APPL=/usr/bin/gearbox
RUN_AS="*****"
ARGS="serve --daemon \
--user=$RUN_AS \
--group=$RUN_AS \
--pid-file=$PID_FILE \
--log-file=$LOG_FILE \
-c $APP_PATH/$CONF_NAME"
[ -r /etc/conf.d/$DAEMON ] && . /etc/conf.d/$DAEMON
if [[ -r $PID_FILE ]]; then
read -r PID < "$PID_FILE"
if [[ $PID && ! -d /proc/$PID ]]; then
unset PID
rm_daemon $DAEMON
fi
fi
case "$1" in
start)
stat_busy "Starting $DAEMON"
export HOME=$APP_PATH
[ -z "$PID" ] && $APPL $ARGS &>/dev/null
if [ $? = 0 ]; then
add_daemon $DAEMON
stat_done
else
stat_fail
exit 1
fi
;;
stop)
stat_busy "Stopping $DAEMON"
[ -n "$PID" ] && kill $PID &>/dev/null
if [ $? = 0 ]; then
rm_daemon $DAEMON
stat_done
else
stat_fail
exit 1
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
stat_busy "Checking $name status";
ck_status $name
;;
*)
echo "usage: $0 {start|stop|restart|status}"
esac
|