deepcrayon
/
lila
1
0
Fork 0
Code Releases Activity

fix unsafe routing

reactivemongo-up
Thibault Duplessis 2018-12-25 15:04:55 +08:00
parent 769d8dd4de
commit dcde1d4b8a
5 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/Page.scala
View File

@ -5,7 +5,15 @@ import views._
object Page extends LilaController {
def bookmark(name: String) = Open { implicit ctx =>
val tos = bookmark("tos")
val thanks = bookmark("thanks")
val help = bookmark("help")
val howToCheat = bookmark("how-to-cheat")
val privacy = bookmark("privacy")
val about = bookmark("about")
val master = bookmark("master")
private def bookmark(name: String) = Open { implicit ctx =>
pageHit
OptionOk(Prismic getBookmark name) {
case (doc, resolver) => views.html.site.page(doc, resolver)

2
app/views/auth/signup.scala.html
View File

@ -9,7 +9,7 @@
}
@tosLink = {
<a href="@routes.Page.bookmark("tos")">@trans.termsOfService()</a>
<a href="@routes.Page.tos">@trans.termsOfService()</a>
}
@auth.layout(

4
app/views/base/fpmenu.scala.html
View File

@ -86,8 +86,8 @@
<a href="/patron">@trans.donate()</a> ı
}
<a href="/contact">@trans.contact()</a> ı
<a href="@routes.Page.bookmark("tos")">@trans.termsOfService()</a> ı
<a href="@routes.Page.bookmark("privacy")">@trans.privacy()</a>
<a href="@routes.Page.tos">@trans.termsOfService()</a> ı
<a href="@routes.Page.privacy">@trans.privacy()</a>
@NotForKids {
ı <a href="https://database.lichess.org/" target="_blank">@trans.database()</a>
ı <a href="https://github.com/ornicar/lila" target="_blank">@trans.sourceCode()</a>

2
app/views/site/contact.scala
View File

@ -77,7 +77,7 @@ object contact {
Leaf("title", "I want my title displayed on lichess", frag(
p(
"To show your title on your lichess profile, and participate to Titled Arenas, ",
a(href := routes.Page.bookmark(name = "master"))(
a(href := routes.Page.master)(
"visit the title confirmation page"
),
"."

14
conf/routes
View File

@ -597,21 +597,21 @@ POST /mobile/register/:platform/:deviceId controllers.Main.mobileRegister(platf
POST /mobile/unregister controllers.Main.mobileUnregister
# Pages
GET /thanks controllers.Page.bookmark(name = "thanks")
GET /terms-of-service controllers.Page.bookmark(name = "tos")
GET /privacy controllers.Page.bookmark(name = "privacy")
GET /thanks controllers.Page.thanks
GET /terms-of-service controllers.Page.tos
GET /privacy controllers.Page.privacy
GET /contact controllers.Main.contact
GET /about controllers.Page.bookmark(name = "about")
GET /about controllers.Page.about
GET /swag controllers.Page.swag
GET /how-to-cheat controllers.Page.bookmark(name = "how-to-cheat")
GET /how-to-cheat controllers.Page.howToCheat
# Variants
GET /variant controllers.Page.variantHome
GET /variant/:key controllers.Page.variant(key)
# Help
GET /help/contribute controllers.Page.bookmark(name = "help")
GET /help/master controllers.Page.bookmark(name = "master")
GET /help/contribute controllers.Page.help
GET /help/master controllers.Page.master
GET /prismic-preview controllers.Blog.preview(token: String)
POST /jslog/$id<\w{12}> controllers.Main.jslog(id: String)