diff options
| author | Andrew Tridgell <tridge@samba.org> | 2005-08-25 08:22:42 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:34:34 -0500 |
| commit | 7f5bb2b866bf4393ba2759a2ed4722d1b90726a7 (patch) | |
| tree | ce80c6797a03a6a3d2b3f9c95a291c1ef041bae5 /swat/scripting | |
| parent | 8f5ac4a178f2bece1066715ecb85bb66758dfe82 (diff) | |
| download | samba-7f5bb2b866bf4393ba2759a2ed4722d1b90726a7.tar.gz samba-7f5bb2b866bf4393ba2759a2ed4722d1b90726a7.tar.xz samba-7f5bb2b866bf4393ba2759a2ed4722d1b90726a7.zip | |
r9610: use a list of allowable extensions for unauthenticated access rather than
a list of file names
(This used to be commit ef61c8de2fa62d37486ea93d5773198d21c1a2c4)
Diffstat (limited to 'swat/scripting')
| -rw-r--r-- | swat/scripting/common.js | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/swat/scripting/common.js b/swat/scripting/common.js index dde40c8e38a..299a67c7020 100644 --- a/swat/scripting/common.js +++ b/swat/scripting/common.js @@ -73,15 +73,15 @@ function page_footer() { This allows the login page to use the same style sheets and images */ function always_allowed(uri) { - var allowed = new Array("/images/favicon.ico", - "/images/linkpad.gif", - "/images/logo.png", - "/images/stripes.png", - "/style/columns.css", - "/style/swat.css", - "/style/common.css"); + var str = string_init(); + var s = str.split('.', uri); + if (s.length < 2) { + return false; + } + var ext = s[s.length-1]; + var allowed = new Array("ico", "gif", "png","css", "js"); for (i in allowed) { - if (allowed[i] == uri) { + if (allowed[i] == ext) { return true; } } |