From 174c6c744c5eac385da213891a0bae7bb26032f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Astori?= Date: Sat, 11 Aug 2018 18:06:23 -0400 Subject: [PATCH 1/3] Disallow URL override of network-related fields on the client when the network is locked --- client/js/socket-events/configuration.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/client/js/socket-events/configuration.js b/client/js/socket-events/configuration.js index 3289dfeb..cf9041e1 100644 --- a/client/js/socket-events/configuration.js +++ b/client/js/socket-events/configuration.js @@ -176,6 +176,12 @@ function parseOverrideParams(params, data) { continue; } + // When the network is locked, URL overrides should not affect disabled fields + if (data.lockNetwork && + ["host", "port", "tls", "rejectUnauthorized"].includes(key)) { + continue; + } + if (key === "join") { value = value.split(",").map((chan) => { if (!chan.match(/^[#&!+]/)) { From 039d1220cb4c8a08701d47d1993fc828ac9a1ec1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Astori?= Date: Sat, 11 Aug 2018 18:10:13 -0400 Subject: [PATCH 2/3] Pass network name along to the client connect window when network is locked and not displayed --- src/server.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/server.js b/src/server.js index bb4f609d..8223e170 100644 --- a/src/server.js +++ b/src/server.js @@ -590,6 +590,7 @@ function getClientConfiguration(network) { } else { // Only send defaults that are visible on the client config.defaults = _.pick(network || Helper.config.defaults, [ + "name", "nick", "username", "password", From 13e6f37edae7c4e992057904bd4ce09a0849eadc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Astori?= Date: Sat, 11 Aug 2018 18:12:49 -0400 Subject: [PATCH 3/3] Make sure the network name cannot be changed through URL override when the network info is not displayed --- client/js/socket-events/configuration.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/js/socket-events/configuration.js b/client/js/socket-events/configuration.js index cf9041e1..5443283c 100644 --- a/client/js/socket-events/configuration.js +++ b/client/js/socket-events/configuration.js @@ -182,6 +182,11 @@ function parseOverrideParams(params, data) { continue; } + // When the network is not displayed, its name in the UI is not customizable + if (!data.displayNetwork && key === "name") { + continue; + } + if (key === "join") { value = value.split(",").map((chan) => { if (!chan.match(/^[#&!+]/)) {