aboutsummaryrefslogtreecommitdiff
path: root/src/main/resources
diff options
context:
space:
mode:
authorMarvin Borner2019-05-04 19:10:18 +0200
committerMarvin Borner2019-05-04 19:10:18 +0200
commitb7540fb2b1bbe016d23b8a7f3e7ab3edafb219c8 (patch)
treeda32ba6ac7467bc7d39f5209c7734ded79911260 /src/main/resources
parent04d0cb43f6a3ede1a61309cf17d78d189caa9dd4 (diff)
Fixed major security issues
Co-authored-by: LarsVomMars <lars@kroenner.eu>
Diffstat (limited to 'src/main/resources')
-rw-r--r--src/main/resources/js/files.js4
-rw-r--r--src/main/resources/views/index.rocker.html1
-rw-r--r--src/main/resources/views/register.rocker.html3
3 files changed, 3 insertions, 5 deletions
diff --git a/src/main/resources/js/files.js b/src/main/resources/js/files.js
index 16b59cb..0102296 100644
--- a/src/main/resources/js/files.js
+++ b/src/main/resources/js/files.js
@@ -23,9 +23,7 @@ drop.addEventListener('drop', e => {
for (let i = 0; i < items.length; i++) {
const item = items[i].webkitGetAsEntry();
const file = items[i].getAsFile();
-
- // TODO: Consider using current date due to updated lastModified state at upload
- const date = new Date(file.lastModified);
+ const date = new Date();
const row = document.getElementById("table").insertRow(-1);
row.setAttribute("data-href", file.name);
diff --git a/src/main/resources/views/index.rocker.html b/src/main/resources/views/index.rocker.html
index 650a4b7..98a659e 100644
--- a/src/main/resources/views/index.rocker.html
+++ b/src/main/resources/views/index.rocker.html
@@ -7,7 +7,6 @@
<div>
@if(username.length() > 0) {
- <!-- TODO: Fix logout button? -->
<a class="button" href="/user/logout">Logout</a>
} else if (!(new DatabaseController()).isSetup()) {
<a class="button" href="/setup">Setup</a>
diff --git a/src/main/resources/views/register.rocker.html b/src/main/resources/views/register.rocker.html
index 6d314dd..af3d127 100644
--- a/src/main/resources/views/register.rocker.html
+++ b/src/main/resources/views/register.rocker.html
@@ -1,4 +1,4 @@
-@args (String username, String message)
+@args (String username, String token, String message)
@layout.template("Register", RockerContent.NONE, RockerContent.NONE) -> {
<div class="flex">
@@ -8,6 +8,7 @@
<h3>Please set a password for user "@username"</h3>
<div>
<input hidden name="username" type="text" value="@username"/>
+ <input hidden name="token" type="text" value="@token"/>
</div>
<div>
<label for="password">Password:</label>