From: Alexander Ebert <ebert@woltlab.com>
Date: Tue, 28 Jun 2022 12:10:20 +0000 (+0200)
Subject: Clearly mark the StoreCode as sensitive
X-Git-Tag: 5.5.0_RC_3~14^2^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bf2391f5b2aa64910bc265136c183ed991f8cdc8;p=GitHub%2FWoltLab%2FWCF.git

Clearly mark the StoreCode as sensitive

The Plugin-Store StoreCode can contain credentials that are considered to be sensitive and should not be shared with third parties.

This change adds a unique prefix that serves as a warning to prevent users from unintentionally sharing these credentials with others.

In addition, this unique prefix makes it possible to block this string from appearing in messages using the censorship feature.
---

diff --git a/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts b/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
index 48c0f7f601..356e82b084 100644
--- a/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
+++ b/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
@@ -36,8 +36,8 @@ function detectCode(): void {
   const value = codeInput.value.trim();
 
   let isValid = false;
-  if (value.length > 0) {
-    const decodedValue = window.atob(value);
+  if (value.startsWith("WoltLab_StoreCode_Do_Not_Share_")) {
+    const decodedValue = window.atob(value.replace(/^WoltLab_StoreCode_Do_Not_Share_/, ""));
 
     let maybeJson: unknown;
     try {
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
index 6724520a68..5e88b4fb78 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
@@ -17,8 +17,8 @@ define(["require", "exports", "tslib", "../../../Ajax", "../../../Core", "../../
     function detectCode() {
         const value = codeInput.value.trim();
         let isValid = false;
-        if (value.length > 0) {
-            const decodedValue = window.atob(value);
+        if (value.startsWith("WoltLab_StoreCode_Do_Not_Share_")) {
+            const decodedValue = window.atob(value.replace(/^WoltLab_StoreCode_Do_Not_Share_/, ""));
             let maybeJson;
             try {
                 maybeJson = JSON.parse(decodedValue);