projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb1f573)
Clearly mark the StoreCode as sensitive
authorAlexander Ebert <ebert@woltlab.com>
Tue, 28 Jun 2022 12:10:20 +0000 (14:10 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Tue, 28 Jun 2022 12:28:16 +0000 (14:28 +0200)
The Plugin-Store StoreCode can contain credentials that are considered to be sensitive and should not be shared with third parties.

This change adds a unique prefix that serves as a warning to prevent users from unintentionally sharing these credentials with others.

In addition, this unique prefix makes it possible to block this string from appearing in messages using the censorship feature.

ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts patch | blob | blame | history
wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js patch | blob | blame | history

diff --git a/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts b/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
index 48c0f7f6016a2d0e546de902199a7e2bc5c2b568..356e82b08421142e25ffd220690f921ba1c873c8 100644 (file)
--- a/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
+++ b/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
@@ -36,8 +36,8 @@ function detectCode(): void {
   const value = codeInput.value.trim();
 
   let isValid = false;
-  if (value.length > 0) {
-    const decodedValue = window.atob(value);
+  if (value.startsWith("WoltLab_StoreCode_Do_Not_Share_")) {
+    const decodedValue = window.atob(value.replace(/^WoltLab_StoreCode_Do_Not_Share_/, ""));
 
     let maybeJson: unknown;
     try {
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
index 6724520a68b5131625c3690f86344bb8e83fa799..5e88b4fb78e0116cb94258edfd4116ecd02cbe85 100644 (file)
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
@@ -17,8 +17,8 @@ define(["require", "exports", "tslib", "../../../Ajax", "../../../Core", "../../
     function detectCode() {
         const value = codeInput.value.trim();
         let isValid = false;
-        if (value.length > 0) {
-            const decodedValue = window.atob(value);
+        if (value.startsWith("WoltLab_StoreCode_Do_Not_Share_")) {
+            const decodedValue = window.atob(value.replace(/^WoltLab_StoreCode_Do_Not_Share_/, ""));
             let maybeJson;
             try {
                 maybeJson = JSON.parse(decodedValue);
WoltLab Suite Core (previously WoltLab Community Framework)