mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-19 00:01:41 +02:00
f5656b2ae1
*) Introduced protection against directory traversal attacks in configuration servlets for skin and language configuration. Files can only be deleted if they are contained in a list of files which has been read by the servlet first. Until now it was possible to delete any data on a system YaCy is running on and which can be deleted by the user who's account has been used to start YaCy. Most of the times a user of YaCy is also the owner of the machine the peer is running on, but this might not always be the case and not even the owner of the machine should be able to use YaCy as a replacement for "rm" or "del". git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@6423 6c8d7289-2bf4-0310-a012-ef5d649a1542
64 lines
2.5 KiB
HTML
64 lines
2.5 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>YaCy '#[clientname]#': Appearance and Integration</title>
|
|
#%env/templates/metas.template%#
|
|
</head>
|
|
<body id="ConfigSkins">
|
|
#%env/templates/header.template%#
|
|
#%env/templates/submenuCustomization.template%#
|
|
<h2>Appearance and Integration</h2>
|
|
<p>
|
|
You can change the appearance of the YaCy interface with skins.
|
|
The selected skin and language also affects the appearance of the search page.
|
|
If you <a href="ConfigPortal.html">create a search portal with YaCy</a> then you can
|
|
change the appearance of the search page here.
|
|
</p>
|
|
|
|
<h3>Skin Selection</h3>
|
|
<p>
|
|
Select one of the default skins, download new skins, or create your own skin.
|
|
</p><form action="ConfigAppearance_p.html">
|
|
<fieldset>
|
|
<dl>
|
|
<dt><label for="cur_skin">Current skin</label>:</dt>
|
|
<dd id="cur_skin">#[currentskin]# </dd>
|
|
|
|
<dt><label for="skins">Available Skins</label>:</dt>
|
|
<dd>
|
|
<select id="skins" name="skin">#{skinlist}#
|
|
<option value="#[file]#">#[name]#</option>#{/skinlist}#
|
|
</select>
|
|
</dd>
|
|
<dd>
|
|
<input type="submit" name="use_button" value="Use" />
|
|
<input type="submit" name="delete_button" value="Delete" />
|
|
</dd>
|
|
</dl>
|
|
</fieldset>
|
|
</form>
|
|
|
|
<form action="ConfigAppearance_p.html">
|
|
<fieldset>
|
|
<dl>
|
|
<dt><label for="url">Install new skin from URL</label>:</dt>
|
|
<dd><input type="text" name="url" id="url" size="30" /></dd>
|
|
|
|
<dt><label for="use_url">Use this skin</label></dt>
|
|
<dd><input type="checkbox" name="use_skin" id="use_url" value="on" checked="checked" /></dd>
|
|
<dd><input type="submit" name="install_button" value="Install" /></dd>
|
|
</dl>
|
|
<p>Make sure that you only download data from trustworthy sources. The new language file
|
|
might overwrite existing data if a file of the same name exists already.</p>
|
|
</fieldset>
|
|
</form>
|
|
|
|
#(status)#
|
|
::<p><strong>Unable to get URL: #[url]#</strong></p>
|
|
::<p><strong>Error saving the skin.</strong></p>
|
|
#(/status)#
|
|
|
|
#%env/templates/footer.template%#
|
|
</body>
|
|
</html>
|