r9610: use a list of allowable extensions for unauthenticated access rather than

a list of file names
author: Andrew Tridgell <tridge@samba.org> 2005-08-25 08:22:42 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:34:34 -0500
commit: ef61c8de2fa62d37486ea93d5773198d21c1a2c4 (patch)
tree: 3851fc18c8d57bceca6b0d23db4cb66327bf8e5a /swat
parent: 7e6957b906be760e7eb7e6ab6dbc86efeb0c42d2 (diff)
download: samba-ef61c8de2fa62d37486ea93d5773198d21c1a2c4.tar.gz
samba-ef61c8de2fa62d37486ea93d5773198d21c1a2c4.tar.xz
samba-ef61c8de2fa62d37486ea93d5773198d21c1a2c4.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/swat/scripting/common.js b/swat/scripting/common.js
index dde40c8e38a..299a67c7020 100644
--- a/swat/scripting/common.js
+++ b/swat/scripting/common.js
@@ -73,15 +73,15 @@ function page_footer() {
   This allows the login page to use the same style sheets and images
 */
 function always_allowed(uri) {
-	var allowed = new Array("/images/favicon.ico", 
-				"/images/linkpad.gif",
-				"/images/logo.png",
-				"/images/stripes.png",
-				"/style/columns.css",
-				"/style/swat.css",
-				"/style/common.css");
+	var str = string_init();
+	var s = str.split('.', uri);
+	if (s.length < 2) {
+		return false;
+	}
+	var ext = s[s.length-1];
+	var allowed = new Array("ico", "gif", "png","css", "js");
 	for (i in allowed) {
-		if (allowed[i] == uri) {
+		if (allowed[i] == ext) {
 			return true;
 		}
 	}
author	Andrew Tridgell <tridge@samba.org>	2005-08-25 08:22:42 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:34:34 -0500
commit	ef61c8de2fa62d37486ea93d5773198d21c1a2c4 (patch)
tree	3851fc18c8d57bceca6b0d23db4cb66327bf8e5a /swat
parent	7e6957b906be760e7eb7e6ab6dbc86efeb0c42d2 (diff)
download	samba-ef61c8de2fa62d37486ea93d5773198d21c1a2c4.tar.gz samba-ef61c8de2fa62d37486ea93d5773198d21c1a2c4.tar.xz samba-ef61c8de2fa62d37486ea93d5773198d21c1a2c4.zip