Marown/yacy_search_server
1
0
Fork 0
mirror of https://github.com/yacy/yacy_search_server.git synced 2024-09-19 00:01:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
350d13e153
yacy_search_server/htroot/ConfigAppearance_p.html
low012 f5656b2ae1 *) Made sure that only files with appropriate file endings are listed as skin or language files. 
*) Introduced protection against directory traversal attacks in configuration servlets for skin and language configuration. Files can only be deleted if they are contained in a list of files which has been read by the servlet first.


Until now it was possible to delete any data on a system YaCy is running on and which can be deleted by the user who's account has been used to start YaCy. Most of the times a user of YaCy is also the owner of the machine the peer is running on, but this might not always be the case and not even the owner of the machine should be able to use YaCy as a replacement for "rm" or "del".

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@6423 6c8d7289-2bf4-0310-a012-ef5d649a1542
2009-10-17 00:26:14 +00:00

64 lines
2.5 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YaCy '#[clientname]#': Appearance and Integration</title>
#%env/templates/metas.template%#
</head>
<body id="ConfigSkins">
#%env/templates/header.template%#
#%env/templates/submenuCustomization.template%#
<h2>Appearance and Integration</h2>
<p>
You can change the appearance of the YaCy interface with skins.
The selected skin and language also affects the appearance of the search page.
If you <a href="ConfigPortal.html">create a search portal with YaCy</a> then you can
change the appearance of the search page here.
</p>
<h3>Skin Selection</h3>
<p>
Select one of the default skins, download new skins, or create your own skin.
</p><form action="ConfigAppearance_p.html">
<fieldset>
<dl>
<dt><label for="cur_skin">Current skin</label>:</dt>
<dd id="cur_skin">#[currentskin]#&nbsp;</dd>
<dt><label for="skins">Available Skins</label>:</dt>
<dd>
<select id="skins" name="skin">#{skinlist}#
<option value="#[file]#">#[name]#</option>#{/skinlist}#
</select>
</dd>
<dd>
<input type="submit" name="use_button" value="Use" />
<input type="submit" name="delete_button" value="Delete" />
</dd>
</dl>
</fieldset>
</form>
<form action="ConfigAppearance_p.html">
<fieldset>
<dl>
<dt><label for="url">Install new skin from URL</label>:</dt>
<dd><input type="text" name="url" id="url" size="30" /></dd>
<dt><label for="use_url">Use this skin</label></dt>
<dd><input type="checkbox" name="use_skin" id="use_url" value="on" checked="checked" /></dd>
<dd><input type="submit" name="install_button" value="Install" /></dd>
</dl>
<p>Make sure that you only download data from trustworthy sources. The new language file
might overwrite existing data if a file of the same name exists already.</p>
</fieldset>
</form>
#(status)#
::<p><strong>Unable to get URL: #[url]#</strong></p>
::<p><strong>Error saving the skin.</strong></p>
#(/status)#
#%env/templates/footer.template%#
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink