From 0bbe5d5dddbf38ffa2f00825892ce9960718dac2 Mon Sep 17 00:00:00 2001 From: Aevann Date: Fri, 30 Dec 2022 15:32:58 +0200 Subject: [PATCH] show live commit to everyone --- files/routes/admin.py | 21 +-------------------- files/routes/front.py | 18 +++++++++++++++++- files/templates/admin/admin_home.html | 5 ----- files/templates/home.html | 4 ++++ 4 files changed, 22 insertions(+), 26 deletions(-) diff --git a/files/routes/admin.py b/files/routes/admin.py index 00a5ef304a..e8fd20217d 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -455,27 +455,8 @@ def admin_home(v): if v.admin_level >= PERMS['SITE_SETTINGS_UNDER_ATTACK']: under_attack = (get_security_level() or 'high') == 'under_attack' - gitref = admin_git_head() - return render_template("admin/admin_home.html", v=v, - under_attack=under_attack, - gitref=gitref) - -def admin_git_head(): - short_len = 12 - # Note: doing zero sanitization. Git branch names are extremely permissive. - # However, they forbid '..', so I don't see an obvious dir traversal attack. - # Also, a malicious branch name would mean someone already owned the server - # or repo, so I think this isn't a weak link. - try: - with open('.git/HEAD', encoding='utf_8') as head_f: - head_txt = head_f.read() - head_path = git_regex.match(head_txt).group(1) - with open('.git/' + head_path, encoding='utf_8') as ref_f: - gitref = ref_f.read()[0:short_len] - except: - return '', '' - return (gitref, head_txt) + under_attack=under_attack) @app.post("/admin/site_settings/") @admin_level_required(PERMS['SITE_SETTINGS']) diff --git a/files/routes/front.py b/files/routes/front.py index e890be546f..3eeabe5e7c 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -10,6 +10,22 @@ from files.helpers.sorting_and_time import * from files.routes.wrappers import * from files.__main__ import app, cache, limiter +def git_head(): + short_len = 12 + # Note: doing zero sanitization. Git branch names are extremely permissive. + # However, they forbid '..', so I don't see an obvious dir traversal attack. + # Also, a malicious branch name would mean someone already owned the server + # or repo, so I think this isn't a weak link. + try: + with open('.git/HEAD', encoding='utf_8') as head_f: + head_txt = head_f.read() + head_path = git_regex.match(head_txt).group(1) + with open('.git/' + head_path, encoding='utf_8') as ref_f: + gitref = ref_f.read()[0:short_len] + except: + return '', '' + return (gitref, head_txt) + @app.get("/") @app.get("/h/") @app.get("/s/") @@ -70,7 +86,7 @@ def front_all(v, sub=None, subdomain=None): award_timers(v) if v and v.client: return {"data": [x.json(g.db) for x in posts], "next_exists": next_exists} - return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes) + return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes, gitref=git_head()) @cache.memoize(timeout=86400) diff --git a/files/templates/admin/admin_home.html b/files/templates/admin/admin_home.html index 1c9c2b24bc..43ae041bac 100644 --- a/files/templates/admin/admin_home.html +++ b/files/templates/admin/admin_home.html @@ -131,9 +131,4 @@ {% endif %} {% endif %} -

Server Status

-
- Live Revision: {{gitref[0]}}{{gitref[1]}} -
- {% endblock %} diff --git a/files/templates/home.html b/files/templates/home.html index d42e206452..528e632314 100644 --- a/files/templates/home.html +++ b/files/templates/home.html @@ -177,4 +177,8 @@ {% endif %} +
+ Live Commit: {{gitref[0]}} +
+ {% endblock %}