diff --git a/.vscode/settings.json b/.vscode/settings.json index 5a9e97f1..9185b32b 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,17 @@ { "files.exclude": { + "**/.git": true, + "**/.svn": true, + "**/.hg": true, + "**/CVS": true, + "**/.DS_Store": true, + "**/Thumbs.db": true, + "**/__pycache__": true, + "**/.idea": true, + "**/.classpath": true, + "**/.project": true, + "**/.settings": true, + "**/.factorypath": true, "**/.next": true, "**/node_modules": true } diff --git a/src/components/widgets/glances/glances.jsx b/src/components/widgets/glances/glances.jsx index 69224e60..9a746d2e 100644 --- a/src/components/widgets/glances/glances.jsx +++ b/src/components/widgets/glances/glances.jsx @@ -70,7 +70,7 @@ export default function Widget({ options }) { : [data.fs.find((d) => d.mnt_point === options.disk)].filter((d) => d); } - const addedClasses = classNames('information-widget-glances', { 'information-widget-expanded': options.expanded }) + const addedClasses = classNames('information-widget-glances', { 'expanded': options.expanded }) return ( diff --git a/src/components/widgets/longhorn/node.jsx b/src/components/widgets/longhorn/node.jsx index 64a7f6c4..92311862 100644 --- a/src/components/widgets/longhorn/node.jsx +++ b/src/components/widgets/longhorn/node.jsx @@ -8,7 +8,7 @@ export default function Node({ data, expanded, labels }) { const { t } = useTranslation(); return -
+
{value}
{label}
diff --git a/src/pages/api/config/[path].js b/src/pages/api/config/[path].js index e9988b82..cea6f521 100644 --- a/src/pages/api/config/[path].js +++ b/src/pages/api/config/[path].js @@ -8,16 +8,6 @@ import createLogger from "utils/logger"; const logger = createLogger("configFileService"); -/** - * Verifies that the config file paths are in subdirectory - * @param {string} parent Parent initial folder - * @param {string} child Supposed child path - * @returns {boolean} true if in a subdirectory - */ -function isSubDirectory(parent, child) { - return path.relative(child, parent).startsWith('..'); -} - /** * @param {import("next").NextApiRequest} req * @param {import("next").NextApiResponse} res @@ -25,24 +15,19 @@ function isSubDirectory(parent, child) { export default async function handler(req, res) { const { path: relativePath } = req.query; - const filePath = path.join(CONF_DIR, relativePath); - - if(!isSubDirectory(CONF_DIR, filePath)) + if(relativePath !== 'custom.js' && relativePath !== 'custom.css') { - logger.error(`Forbidden access to parent file: ${ filePath }`); - res.status(403).end('Forbidden access to parent file'); + res.status(422).end('Incorrect file extension, expected custom.js or custom.css') } + const filePath = path.join(CONF_DIR, relativePath); const mimeType = mime.getType(relativePath); try { - // Read the content of the CSS file - const fileContent = fs.readFileSync(filePath, 'utf-8'); + // Read the content of the file or return empty content + const fileContent = fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf-8') : ''; - // Set the response header to indicate that this is a CSS file res.setHeader('Content-Type', mimeType); - - // Send the CSS content as the API response res.status(200).send(fileContent); } catch (error) { logger.error(error);