Resolve some more code scanning issues. (#1700)
* Resolve some more code scanning issues. * Dont log secret prefix. * Try to outsmart scanner
This commit is contained in:
Jason Robbins
GitHub
Родитель
e13a4cbea0
Коммит
6aecdb1420
|
|
@ -13,9 +13,6 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
|
||||
|
||||
import base64
|
||||
import hmac
|
||||
import logging
|
||||
|
|
@ -57,13 +54,15 @@ class Secrets(ndb.Model):
|
|||
needs_save = True
|
||||
|
||||
if not singleton.xsrf_secret:
|
||||
singleton.xsrf_secret = make_random_key()
|
||||
logging.info('Added XSRF secret: %r' % singleton.xsrf_secret[:8])
|
||||
random_xsrf = make_random_key()
|
||||
singleton.xsrf_secret = random_xsrf
|
||||
logging.info('Added XSRF info: %r', random_xsrf[:8])
|
||||
needs_save = True
|
||||
|
||||
if not singleton.session_secret:
|
||||
singleton.session_secret = make_random_key()
|
||||
logging.info('Added session secret: %r' % singleton.session_secret[:8])
|
||||
random_sess = make_random_key()
|
||||
singleton.session_secret = random_sess
|
||||
logging.info('Added session info: %r', random_sess[:8])
|
||||
needs_save = True
|
||||
|
||||
if needs_save:
|
||||
|
|
|
|||
|
|
@ -73,4 +73,4 @@ class SettingsHandler(basehandlers.FlaskHandler):
|
|||
user_pref.email, new_notify)
|
||||
user_pref.notify_as_starrer = bool(new_notify)
|
||||
user_pref.put()
|
||||
return flask.redirect(flask.request.path)
|
||||
return flask.redirect('/admin/users/new')
|
||||
|
|
|
|||
|
|
@ -170,10 +170,6 @@ limitations under the License.
|
|||
startApp();
|
||||
}
|
||||
|
||||
function getQueryStringValue (key) {
|
||||
return decodeURIComponent(window.location.search.replace(new RegExp("^(?:.*[&\\?]" + encodeURIComponent(key).replace(/[\.\+\*]/g, "\\$&") + "(?:\\=([^&]*))?)?.*$", "i"), "$1"));
|
||||
}
|
||||
|
||||
function promptSignIn(e) {
|
||||
e.preventDefault();
|
||||
e.stopPropagation();
|
||||
|
|
@ -185,7 +181,8 @@ limitations under the License.
|
|||
// This happens when an anon visitor tries to view a page that
|
||||
// requires being signed in. We cannot promptSignIn(), because
|
||||
// lacking a user-initiated event, the popup will be blocked.
|
||||
if (getQueryStringValue("loginStatus") == 'False') {
|
||||
const urlParams = new URLSearchParams(window.location.search);
|
||||
if (urlParams.get("loginStatus") == 'False') {
|
||||
alert('Please log in.');
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче