mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-19 00:01:41 +02:00
Enforced access controls to System settings pages
This commit is contained in:
parent
de6820d257
commit
4ed055bcdf
|
@ -35,6 +35,7 @@ import java.util.regex.PatternSyntaxException;
|
|||
|
||||
import net.yacy.cora.order.Digest;
|
||||
import net.yacy.cora.protocol.RequestHeader;
|
||||
import net.yacy.data.TransactionManager;
|
||||
import net.yacy.http.InetPathAccessHandler;
|
||||
import net.yacy.kelondro.util.Formatter;
|
||||
import net.yacy.peers.Network;
|
||||
|
@ -67,6 +68,9 @@ public class SettingsAck_p {
|
|||
return prop;
|
||||
}
|
||||
|
||||
/* Check this is a valid transaction */
|
||||
TransactionManager.checkPostTransaction(header, post);
|
||||
|
||||
// admin password
|
||||
if (post.containsKey("adminaccount")) {
|
||||
// read and process data
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="admin">Crawler Settings</legend>
|
||||
<table border="0" cellspacing="5" width="100%">
|
||||
<tr><td colspan="3"><p><strong>Generic Crawler Settings</strong>:</p></td></tr>
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
</div>
|
||||
|
||||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data" class="form-horizontal">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset>
|
||||
<legend>Solr communication</legend>
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="messageForwarding">Message Forwarding</legend>
|
||||
<p>With this settings you can activate or deactivate forwarding of yacy-messages via email.</p>
|
||||
<table border="0" cellspacing="5">
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="proxy">Remote Proxy (optional)</legend>
|
||||
<p>YaCy can use another proxy to connect to the internet. You can enter the address for the remote proxy here:</p>
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="http">Proxy Settings</legend>
|
||||
<table border="0" cellspacing="5">
|
||||
<tr valign="top">
|
||||
|
@ -38,6 +39,7 @@
|
|||
</fieldset>
|
||||
</form>
|
||||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="ProxyAccess">Proxy Access Settings</legend>
|
||||
<p>
|
||||
These settings configure the access method to your own http proxy and server.
|
||||
|
|
|
@ -13,6 +13,7 @@ Visited websites can process this information as they whish, so this can become
|
|||
</p>
|
||||
|
||||
<form action="SettingsAck_p.html" method="post" class="form-horizontal">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset>
|
||||
<legend>Global policy</legend>
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
but only if there have been changes to the seed-list.
|
||||
</p>
|
||||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<table border="0" cellspacing="5">
|
||||
<tr valign="top">
|
||||
<td><label for="method">Upload Method</label>:</td>
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
<p><strong>Store into filesystem:</strong></p>
|
||||
<p>You must configure this if you want to store the seed-list file onto the file system.</p>
|
||||
<form action="SettingsAck_p.html" method="post">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<table border="0" cellspacing="5">
|
||||
<tr valign="top">
|
||||
<td><label for="fs_path">File Location:</label></td>
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
but only if there had been changes to the seed-list.
|
||||
</p>
|
||||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<table border="0" cellspacing="5">
|
||||
<tr valign="top">
|
||||
<td><label for="ftp_server">Server</label>:</td>
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
<p><strong>Uploading via SCP:</strong></p>
|
||||
<p>This is the account for a server where you are able to login via ssh.</p>
|
||||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<table border="0" cellspacing="5">
|
||||
<tr valign="top">
|
||||
<td><label for="scp_serv">Server</label>:</td>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<form action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="general">Server Access Settings</legend>
|
||||
<table border="0" cellspacing="5">
|
||||
<tr valign="top">
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
|
||||
<form id="urlproxysettings" action="SettingsAck_p.html" method="post" enctype="multipart/form-data">
|
||||
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
|
||||
<fieldset><legend id="urlproxy">URL Proxy Settings</legend>
|
||||
<p>
|
||||
With this settings you can activate or deactivate URL proxy.
|
||||
|
|
|
@ -26,6 +26,7 @@ import java.util.HashMap;
|
|||
import java.util.Iterator;
|
||||
|
||||
import net.yacy.cora.protocol.RequestHeader;
|
||||
import net.yacy.data.TransactionManager;
|
||||
import net.yacy.http.ReferrerPolicy;
|
||||
import net.yacy.peers.Network;
|
||||
import net.yacy.peers.Seed;
|
||||
|
@ -47,6 +48,9 @@ public final class Settings_p {
|
|||
|
||||
final String page = (post == null) ? "general" : post.get("page", "general");
|
||||
|
||||
/* Acquire a transaction token for the next possible POST form submission */
|
||||
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header, "/SettingsAck_p.html"));
|
||||
|
||||
if (page.equals("ProxyAccess")) {
|
||||
prop.put("settingsTables", "Settings_ProxyAccess.inc");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user