show live commit to everyone
parent
2805ecbfca
commit
0bbe5d5ddd
|
@ -455,27 +455,8 @@ def admin_home(v):
|
|||
if v.admin_level >= PERMS['SITE_SETTINGS_UNDER_ATTACK']:
|
||||
under_attack = (get_security_level() or 'high') == 'under_attack'
|
||||
|
||||
gitref = admin_git_head()
|
||||
|
||||
return render_template("admin/admin_home.html", v=v,
|
||||
under_attack=under_attack,
|
||||
gitref=gitref)
|
||||
|
||||
def admin_git_head():
|
||||
short_len = 12
|
||||
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
||||
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
||||
# Also, a malicious branch name would mean someone already owned the server
|
||||
# or repo, so I think this isn't a weak link.
|
||||
try:
|
||||
with open('.git/HEAD', encoding='utf_8') as head_f:
|
||||
head_txt = head_f.read()
|
||||
head_path = git_regex.match(head_txt).group(1)
|
||||
with open('.git/' + head_path, encoding='utf_8') as ref_f:
|
||||
gitref = ref_f.read()[0:short_len]
|
||||
except:
|
||||
return '<unable to read>', ''
|
||||
return (gitref, head_txt)
|
||||
under_attack=under_attack)
|
||||
|
||||
@app.post("/admin/site_settings/<setting>")
|
||||
@admin_level_required(PERMS['SITE_SETTINGS'])
|
||||
|
|
|
@ -10,6 +10,22 @@ from files.helpers.sorting_and_time import *
|
|||
from files.routes.wrappers import *
|
||||
from files.__main__ import app, cache, limiter
|
||||
|
||||
def git_head():
|
||||
short_len = 12
|
||||
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
||||
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
||||
# Also, a malicious branch name would mean someone already owned the server
|
||||
# or repo, so I think this isn't a weak link.
|
||||
try:
|
||||
with open('.git/HEAD', encoding='utf_8') as head_f:
|
||||
head_txt = head_f.read()
|
||||
head_path = git_regex.match(head_txt).group(1)
|
||||
with open('.git/' + head_path, encoding='utf_8') as ref_f:
|
||||
gitref = ref_f.read()[0:short_len]
|
||||
except:
|
||||
return '<unable to read>', ''
|
||||
return (gitref, head_txt)
|
||||
|
||||
@app.get("/")
|
||||
@app.get("/h/<sub>")
|
||||
@app.get("/s/<sub>")
|
||||
|
@ -70,7 +86,7 @@ def front_all(v, sub=None, subdomain=None):
|
|||
award_timers(v)
|
||||
|
||||
if v and v.client: return {"data": [x.json(g.db) for x in posts], "next_exists": next_exists}
|
||||
return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes)
|
||||
return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes, gitref=git_head())
|
||||
|
||||
|
||||
@cache.memoize(timeout=86400)
|
||||
|
|
|
@ -131,9 +131,4 @@
|
|||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
<h4>Server Status</h4>
|
||||
<div>
|
||||
Live Revision: <code>{{gitref[0]}}</code> — <code>{{gitref[1]}}</code>
|
||||
</div>
|
||||
|
||||
{% endblock %}
|
||||
|
|
|
@ -177,4 +177,8 @@
|
|||
<script defer src="{{'js/fp.js' | asset}}"></script>
|
||||
{% endif %}
|
||||
|
||||
<div class="mt-3">
|
||||
Live Commit: <a href="https://fsdfsd.net/rDrama/rDrama/commit/{{gitref[0]}}">{{gitref[0]}}</a>
|
||||
</div>
|
||||
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in New Issue