forked from rDrama/rDrama
show live commit to everyone
parent
2805ecbfca
commit
0bbe5d5ddd
|
@ -455,27 +455,8 @@ def admin_home(v):
|
||||||
if v.admin_level >= PERMS['SITE_SETTINGS_UNDER_ATTACK']:
|
if v.admin_level >= PERMS['SITE_SETTINGS_UNDER_ATTACK']:
|
||||||
under_attack = (get_security_level() or 'high') == 'under_attack'
|
under_attack = (get_security_level() or 'high') == 'under_attack'
|
||||||
|
|
||||||
gitref = admin_git_head()
|
|
||||||
|
|
||||||
return render_template("admin/admin_home.html", v=v,
|
return render_template("admin/admin_home.html", v=v,
|
||||||
under_attack=under_attack,
|
under_attack=under_attack)
|
||||||
gitref=gitref)
|
|
||||||
|
|
||||||
def admin_git_head():
|
|
||||||
short_len = 12
|
|
||||||
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
|
||||||
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
|
||||||
# Also, a malicious branch name would mean someone already owned the server
|
|
||||||
# or repo, so I think this isn't a weak link.
|
|
||||||
try:
|
|
||||||
with open('.git/HEAD', encoding='utf_8') as head_f:
|
|
||||||
head_txt = head_f.read()
|
|
||||||
head_path = git_regex.match(head_txt).group(1)
|
|
||||||
with open('.git/' + head_path, encoding='utf_8') as ref_f:
|
|
||||||
gitref = ref_f.read()[0:short_len]
|
|
||||||
except:
|
|
||||||
return '<unable to read>', ''
|
|
||||||
return (gitref, head_txt)
|
|
||||||
|
|
||||||
@app.post("/admin/site_settings/<setting>")
|
@app.post("/admin/site_settings/<setting>")
|
||||||
@admin_level_required(PERMS['SITE_SETTINGS'])
|
@admin_level_required(PERMS['SITE_SETTINGS'])
|
||||||
|
|
|
@ -10,6 +10,22 @@ from files.helpers.sorting_and_time import *
|
||||||
from files.routes.wrappers import *
|
from files.routes.wrappers import *
|
||||||
from files.__main__ import app, cache, limiter
|
from files.__main__ import app, cache, limiter
|
||||||
|
|
||||||
|
def git_head():
|
||||||
|
short_len = 12
|
||||||
|
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
||||||
|
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
||||||
|
# Also, a malicious branch name would mean someone already owned the server
|
||||||
|
# or repo, so I think this isn't a weak link.
|
||||||
|
try:
|
||||||
|
with open('.git/HEAD', encoding='utf_8') as head_f:
|
||||||
|
head_txt = head_f.read()
|
||||||
|
head_path = git_regex.match(head_txt).group(1)
|
||||||
|
with open('.git/' + head_path, encoding='utf_8') as ref_f:
|
||||||
|
gitref = ref_f.read()[0:short_len]
|
||||||
|
except:
|
||||||
|
return '<unable to read>', ''
|
||||||
|
return (gitref, head_txt)
|
||||||
|
|
||||||
@app.get("/")
|
@app.get("/")
|
||||||
@app.get("/h/<sub>")
|
@app.get("/h/<sub>")
|
||||||
@app.get("/s/<sub>")
|
@app.get("/s/<sub>")
|
||||||
|
@ -70,7 +86,7 @@ def front_all(v, sub=None, subdomain=None):
|
||||||
award_timers(v)
|
award_timers(v)
|
||||||
|
|
||||||
if v and v.client: return {"data": [x.json(g.db) for x in posts], "next_exists": next_exists}
|
if v and v.client: return {"data": [x.json(g.db) for x in posts], "next_exists": next_exists}
|
||||||
return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes)
|
return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes, gitref=git_head())
|
||||||
|
|
||||||
|
|
||||||
@cache.memoize(timeout=86400)
|
@cache.memoize(timeout=86400)
|
||||||
|
|
|
@ -131,9 +131,4 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<h4>Server Status</h4>
|
|
||||||
<div>
|
|
||||||
Live Revision: <code>{{gitref[0]}}</code> — <code>{{gitref[1]}}</code>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
@ -177,4 +177,8 @@
|
||||||
<script defer src="{{'js/fp.js' | asset}}"></script>
|
<script defer src="{{'js/fp.js' | asset}}"></script>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
<div class="mt-3">
|
||||||
|
Live Commit: <a href="https://fsdfsd.net/rDrama/rDrama/commit/{{gitref[0]}}">{{gitref[0]}}</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
Loading…
Reference in New Issue