-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ajaxify Cors section in Personal settings #37560
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
0be3ced
to
b4ee363
Compare
0b8d577
to
03eab90
Compare
Codecov Report
@@ Coverage Diff @@
## master #37560 +/- ##
============================================
+ Coverage 64.66% 64.69% +0.03%
- Complexity 19343 19345 +2
============================================
Files 1279 1279
Lines 75600 75589 -11
Branches 1333 1333
============================================
+ Hits 48885 48902 +17
+ Misses 26323 26295 -28
Partials 392 392
Continue to review full report at Codecov.
|
b54a7c4
to
3bcc4bd
Compare
@VicDeo can you point to the Support case? |
\array_push($domains, $domain); | ||
|
||
// In case same domain is added | ||
$domains = \array_unique($domains); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the initial domain list is already sanitized, an in_array(...)
check should be faster to know if the domain is there.
If we don't trust the list is sanitized, we should assume the same in every place where we're retrieving the list from the user's preferences (removeDomain
function would just remove one domain, but not the duplicates, if any)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't touch this code - just wrapped it with if
condition https://github.com/owncloud/core/pull/37560/files?w=1
In addition it is not something that expected to have millions of domains and to be used on daily basis.
settings/js/panels/cors.js
Outdated
@@ -1,33 +1,67 @@ | |||
var PersonalCors = { | |||
renderRow: function(domain){ | |||
var row = $('<tr />').appendTo('#cors .grid tbody'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe something like var htmlRow = '<tr><td>' + domain + '</td><td><input ..... /></td></tr>'
(with a readable format) is easier to follow?
Then just $('#cors .grid tbody').append(htmlRow);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nope, what if domain
contains <script>alert(1)</script>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I'd expect the domain to be sanitized at that point... 😅
Maybe...
var row = $('<tr></tr>')
.append($('<td></td>').text(domain))
.append('<td><input ..... /></td>')
$('#cors .grid tbody').append(row);
or maybe
var col1 = $('<td></td>').text(domain);
var col2 = '<td><input .... /></td>';
var row = $('<tr></tr>').append(col1).append(col2);
$('#cors .grid tbody').append(row);
anyway, up to you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is only one requested change for readability, but not critical. Up to @VicDeo to decide
Description
CORS section silently fail when a new domain is incorrect
Motivation and Context
How Has This Been Tested?
Expected
Domain is not added, Error message
Actual
Domain is not added, No error message
Screenshot
Types of changes
Checklist: