Warn about/prevent multiple direct remote connections #20834
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
by finding the current session and redirecting to it from the login page.
mvollmer
force-pushed
the
prevent-direct-multi-host
branch
from
494265c to
eeb7792
Compare
mvollmer
force-pushed
the
prevent-direct-multi-host
branch
from
eeb7792 to
2d267b8
Compare
cockpituous
reviewed
Aug 7, 2024
| // from two machines into the same browser origin. | ||
|
|
||
| const logged_into = environment["logged-into"]; | ||
| const cur_machine = logged_into.length > 0 ? logged_into[0] : null; |
There was a problem hiding this comment.
This added line is not executed by any test.
Comment on lines
+349
to
+351
| function redirect_to_current_machine() { | ||
| if (cur_machine === ".") | ||
| login_reload("/"); |
There was a problem hiding this comment.
These 3 added lines are not executed by any test.
| if (cur_machine === ".") | ||
| login_reload("/"); | ||
| else | ||
| login_reload("/=" + cur_machine); |
There was a problem hiding this comment.
This added line is not executed by any test.
Comment on lines
+356
to
+358
| if (cur_machine) { | ||
| if (!environment.page.allow_multi_host) | ||
| redirect_to_current_machine(); |
There was a problem hiding this comment.
These 3 added lines are not executed by any test.
Comment on lines
+360
to
+363
| id("multihost-message").textContent = format(_("You are already connected to '$0' in this browser session. Connecting to other hosts will allow them to execute arbitrary code on each other. Please be careful."), | ||
| cur_machine == "." ? "localhost" : cur_machine); | ||
| id("multihost-get-me-there").addEventListener("click", redirect_to_current_machine); | ||
| show('#multihost-warning'); |
There was a problem hiding this comment.
These 4 added lines are not executed by any test.
| @@ -948,6 +977,8 @@ | |||
| } | |||
|
|
|||
| function login_reload (wanted) { | |||
| console.log("RELOAD", wanted); | |||
There was a problem hiding this comment.
This added line is not executed by any test.
This was referenced Aug 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Demo: https://youtu.be/lvR2youiY4M