kallithea Files · init.d/kallithea-daemon-debian

Files @ c9cfaeb1cdfe

Branch filter:

Location: kallithea/init.d/kallithea-daemon-debian - annotation

c9cfaeb1cdfe 1.7 KiB text/plain Show Source Show as Raw Download as Raw

Mads Kiilerich

tooltips: fix unsafe insertion of userdata into the DOM as html

This fixes js injection in the admin journal ... and probably also in other places.

Tooltips are used both with hardcoded strings (which is safe and simple) and
with user provided strings wrapped in html formatting (which requires careful
escaping before being put into the DOM as html). The templating will
automatically take care of one level of escaping, but here it requires two
levels to do it correctly ... and that was not always done correctly.

Instead, by default, just insert it into the DOM as text, not as html.

The few places where we know the tooltip contains safe html are handled
specially - the element is given the safe-html-title class. That is the case in
file annotation and in display of tip revision in repo lists.

99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3
99ad9d0af1a3

#!/bin/sh -e
########################################
#### THIS IS A DEBIAN INIT.D SCRIPT ####
########################################
 
### BEGIN INIT INFO
# Provides:          kallithea          
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts instance of kallithea
# Description:       starts instance of kallithea using start-stop-daemon
### END INIT INFO
 
APP_NAME="kallithea"
APP_HOMEDIR="opt"
APP_PATH="/$APP_HOMEDIR/$APP_NAME"
 
CONF_NAME="production.ini"
 
PID_PATH="$APP_PATH/$APP_NAME.pid"
LOG_PATH="$APP_PATH/$APP_NAME.log"
 
PYTHON_PATH="/$APP_HOMEDIR/$APP_NAME-venv"
 
RUN_AS="root"
 
DAEMON="$PYTHON_PATH/bin/paster"
 
DAEMON_OPTS="serve --daemon \
 --user=$RUN_AS \
 --group=$RUN_AS \
 --pid-file=$PID_PATH \
 --log-file=$LOG_PATH  $APP_PATH/$CONF_NAME"
 
 
start() {
  echo "Starting $APP_NAME"
  PYTHON_EGG_CACHE="/tmp" start-stop-daemon -d $APP_PATH \
      --start --quiet \
      --pidfile $PID_PATH \
      --user $RUN_AS \
      --exec $DAEMON -- $DAEMON_OPTS
}
 
stop() {
  echo "Stopping $APP_NAME"
  start-stop-daemon -d $APP_PATH \
      --stop --quiet \
      --pidfile $PID_PATH || echo "$APP_NAME - Not running!"
 
  if [ -f $PID_PATH ]; then
    rm $PID_PATH
  fi
}
 
status() {
  echo -n "Checking status of $APP_NAME ... "
  pid=`cat $PID_PATH`
  status=`ps ax | grep $pid | grep -ve grep`
  if [ "$?" -eq 0 ]; then
    echo "running"
  else
    echo "NOT running"
  fi
}
 
case "$1" in
  status)
   status
    ;;
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    echo "Restarting $APP_NAME"
    ### stop ###
    stop
    wait
    ### start ###
    start
    ;;
  *)
    echo "Usage: $0 {start|stop|restart}"
    exit 1
esac