From 7f5bb2b866bf4393ba2759a2ed4722d1b90726a7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 25 Aug 2005 08:22:42 +0000 Subject: r9610: use a list of allowable extensions for unauthenticated access rather than a list of file names (This used to be commit ef61c8de2fa62d37486ea93d5773198d21c1a2c4) --- swat/scripting/common.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'swat/scripting') diff --git a/swat/scripting/common.js b/swat/scripting/common.js index dde40c8e38a..299a67c7020 100644 --- a/swat/scripting/common.js +++ b/swat/scripting/common.js @@ -73,15 +73,15 @@ function page_footer() { This allows the login page to use the same style sheets and images */ function always_allowed(uri) { - var allowed = new Array("/images/favicon.ico", - "/images/linkpad.gif", - "/images/logo.png", - "/images/stripes.png", - "/style/columns.css", - "/style/swat.css", - "/style/common.css"); + var str = string_init(); + var s = str.split('.', uri); + if (s.length < 2) { + return false; + } + var ext = s[s.length-1]; + var allowed = new Array("ico", "gif", "png","css", "js"); for (i in allowed) { - if (allowed[i] == uri) { + if (allowed[i] == ext) { return true; } } -- cgit