Merge pull request #951 from NyaaPantsu/fix-cookies
Fix cookies shared between domains
Cette révision appartient à :
révision
2868065ef8
|
@ -5,6 +5,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
||||||
|
"github.com/NyaaPantsu/nyaa/config"
|
||||||
"github.com/NyaaPantsu/nyaa/service/user"
|
"github.com/NyaaPantsu/nyaa/service/user"
|
||||||
"github.com/NyaaPantsu/nyaa/util/publicSettings"
|
"github.com/NyaaPantsu/nyaa/util/publicSettings"
|
||||||
"github.com/NyaaPantsu/nyaa/util/timeHelper"
|
"github.com/NyaaPantsu/nyaa/util/timeHelper"
|
||||||
|
@ -48,7 +49,7 @@ func ChangePublicSettingsHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
theme := r.FormValue("theme")
|
theme := r.FormValue("theme")
|
||||||
lang := r.FormValue("language")
|
lang := r.FormValue("language")
|
||||||
mascot := r.FormValue("mascot")
|
mascot := r.FormValue("mascot")
|
||||||
mascotUrl := r.FormValue("mascot_url")
|
mascotURL := r.FormValue("mascot_url")
|
||||||
|
|
||||||
availableLanguages := publicSettings.GetAvailableLanguages()
|
availableLanguages := publicSettings.GetAvailableLanguages()
|
||||||
defer r.Body.Close()
|
defer r.Body.Close()
|
||||||
|
@ -58,14 +59,14 @@ func ChangePublicSettingsHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
// FIXME Are the settings actually sanitized?
|
// FIXME Are the settings actually sanitized?
|
||||||
// Limit the mascot URL, so base64-encoded images aren't valid
|
// Limit the mascot URL, so base64-encoded images aren't valid
|
||||||
if len(mascotUrl) > 256 {
|
if len(mascotURL) > 256 {
|
||||||
http.Error(w, "Mascot URL is too long (max is 255 chars)", http.StatusInternalServerError)
|
http.Error(w, "Mascot URL is too long (max is 255 chars)", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := url.Parse(mascotUrl)
|
_, err := url.Parse(mascotURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, "Error parsing mascot URL: " + err.Error(), http.StatusInternalServerError)
|
http.Error(w, "Error parsing mascot URL: "+err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,16 +76,23 @@ func ChangePublicSettingsHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
user.Language = lang
|
user.Language = lang
|
||||||
user.Theme = theme
|
user.Theme = theme
|
||||||
user.Mascot = mascot
|
user.Mascot = mascot
|
||||||
user.MascotURL = mascotUrl
|
user.MascotURL = mascotURL
|
||||||
// I don't know if I should use this...
|
// I don't know if I should use this...
|
||||||
userService.UpdateUserCore(&user)
|
userService.UpdateRawUser(&user)
|
||||||
}
|
}
|
||||||
// Set cookie
|
// Set cookie
|
||||||
http.SetCookie(w, &http.Cookie{Name: "lang", Value: lang, Expires: timeHelper.FewDaysLater(365)})
|
http.SetCookie(w, &http.Cookie{Name: "lang", Value: lang, Domain: getDomainName(), Expires: timeHelper.FewDaysLater(365)})
|
||||||
http.SetCookie(w, &http.Cookie{Name: "theme", Value: theme, Expires: timeHelper.FewDaysLater(365)})
|
http.SetCookie(w, &http.Cookie{Name: "theme", Value: theme, Domain: getDomainName(), Expires: timeHelper.FewDaysLater(365)})
|
||||||
http.SetCookie(w, &http.Cookie{Name: "mascot", Value: mascot, Expires: timeHelper.FewDaysLater(365)})
|
http.SetCookie(w, &http.Cookie{Name: "mascot", Value: mascot, Domain: getDomainName(), Expires: timeHelper.FewDaysLater(365)})
|
||||||
http.SetCookie(w, &http.Cookie{Name: "mascot_url", Value: mascotUrl, Expires: timeHelper.FewDaysLater(365)})
|
http.SetCookie(w, &http.Cookie{Name: "mascot_url", Value: mascotURL, Domain: getDomainName(), Expires: timeHelper.FewDaysLater(365)})
|
||||||
|
|
||||||
url, _ := Router.Get("home").URL()
|
url, _ := Router.Get("home").URL()
|
||||||
http.Redirect(w, r, url.String(), http.StatusSeeOther)
|
http.Redirect(w, r, url.String(), http.StatusSeeOther)
|
||||||
}
|
}
|
||||||
|
func getDomainName() string {
|
||||||
|
domain := config.Conf.Cookies.DomainName
|
||||||
|
if config.Conf.Environment == "DEVELOPMENT" {
|
||||||
|
domain = ""
|
||||||
|
}
|
||||||
|
return domain
|
||||||
|
}
|
||||||
|
|
Référencer dans un nouveau ticket