Marown/yacy_search_server
1
0
Fork 0
mirror of https://github.com/yacy/yacy_search_server.git synced 2024-09-19 00:01:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
353a924760
yacy_search_server/htroot/ConfigLanguage_p.html
low012 f5656b2ae1 *) Made sure that only files with appropriate file endings are listed as skin or language files. 
*) Introduced protection against directory traversal attacks in configuration servlets for skin and language configuration. Files can only be deleted if they are contained in a list of files which has been read by the servlet first.


Until now it was possible to delete any data on a system YaCy is running on and which can be deleted by the user who's account has been used to start YaCy. Most of the times a user of YaCy is also the owner of the machine the peer is running on, but this might not always be the case and not even the owner of the machine should be able to use YaCy as a replacement for "rm" or "del".

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@6423 6c8d7289-2bf4-0310-a012-ef5d649a1542
2009-10-17 00:26:14 +00:00

65 lines
2.5 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YaCy '#[clientname]#': Language selection</title>
#%env/templates/metas.template%#
</head>
<body id="ConfigLanguage">
#%env/templates/header.template%#
#%env/templates/submenuCustomization.template%#
<h2>Language selection</h2>
<p>
You can change the language of the YaCy-webinterface with translation files.
</p>
<form action="ConfigLanguage_p.html">
<fieldset>
<dl>
<dt><label for="cur_lang">Current language</label>:</dt>
<dd id="cur_lang"><!-- lang -->default(english)&nbsp;</dd>
<dt><label for="lang_file">Author(s) (chronological)</label>:</dt>
<dd id="lang_file"><!-- author -->&nbsp;</dd>
<dt><label for="lang_maintainer"><em>Send additions to maintainer</em></label>:</dt>
<dd id="lang_maintainer"><!-- maintainer -->&nbsp;</dd>
<dt><label for="lang_list">Available Languages</label>:</dt>
<dd>
<select name="language" id="lang_list">#{langlist}#
<option value="#[file]#" #[selected]#>#[name]#</option>#{/langlist}#
</select>
</dd>
<dd>
<input type="submit" name="use_button" value="Use" />
<input type="submit" name="delete" value="Delete" />
</dd>
</dl>
</fieldset>
</form>
<form action="ConfigLanguage_p.html">
<fieldset>
<dl>
<dt><label for="url_install">Install new language from URL</label>:</dt>
<dd>
<input type="text" name="url" id="url_install" size="30" />
</dd>
<dt><label for="use_lang"> Use this language</label></dt>
<dd>
<input type="checkbox" name="use_lang" id="use_lang" value="on" checked="checked" />
</dd>
<dd><input type="submit" value="Install" /></dd>
</dl>
<p>Make sure that you only download data from trustworthy sources. The new language file
might overwrite existing data if a file of the same name exists already.</p>
</fieldset>
</form>
#(status)#
::<p><strong>Unable to get URL: #[url]#</strong></p>
::<p><strong>Error saving the language file.</strong></p>
#(/status)#
#%env/templates/footer.template%#
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink