diff options
Diffstat (limited to 'lib/scripts')
| -rw-r--r-- | lib/scripts/behaviour.js | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/lib/scripts/behaviour.js b/lib/scripts/behaviour.js index 70b60ef9a..cd2ace459 100644 --- a/lib/scripts/behaviour.js +++ b/lib/scripts/behaviour.js @@ -56,6 +56,7 @@ var dw_behaviour = { dw_behaviour.checkWindowsShares(); dw_behaviour.subscription(); dw_behaviour.pageRestoreConfirm(); + dw_behaviour.securityCheck(); dw_behaviour.revisionBoxHandler(); jQuery(document).on('click','#page__revisions input[type=checkbox]', @@ -204,6 +205,36 @@ var dw_behaviour = { } }); } + }, + + /** + * Check that access to the data directory is properly secured + * + * A successful check (a 403 error was returned when loading the image) is saved + * to session storage and not repeated again until the next browser session. This + * avoids overeager security bans (see #3363) + */ + securityCheck: function () { + var $checkDiv = jQuery('#security__check'); + if (!$checkDiv.length) return; + if (sessionStorage.getItem('dw-security-check:' + DOKU_BASE)) { + // check was already executed successfully + $checkDiv.remove(); + return; + } + + var img = new Image(); + img.onerror = function () { + // successful check will not be repeated during session + $checkDiv.remove(); + sessionStorage.setItem('dw-security-check:' + DOKU_BASE, true); + }; + img.onload = function () { + // check failed, display a warning message + $checkDiv.html(LANG.data_insecure); + $checkDiv.addClass('error'); + }; + img.src = $checkDiv.data('src') + '?t=' + Date.now(); } }; |