Patched arbitrary file system access vulnerability and visual changes

2023-08-04 20:45:25 +02:00
parent 9953ef8aab
commit 59bacdbe6d
8 changed files with 128 additions and 104 deletions
--- a/templates/collection.html
+++ b/templates/collection.html
@@ -25,7 +25,7 @@
            </div>
        </div>
        <div class="container" style="padding: 1.5%">
-            <form action="/download/{{ videos[0]['path'] }}">
+            <form action="/download/{{ folder }}">
                <input type="submit" class="btn btn-primary float-end" value="Download all"/>
            </form>
        </div>
--- a/templates/downloader.html
+++ b/templates/downloader.html
@@ -12,13 +12,14 @@
                            {{ form.url.label(class_="form-label") }}
                        </div>
                        <div class="row" style="width: fit-content">
-                            <div class="col">
-                                {{ form.url(class_="form-control") }}
+                            {{ form.url(class_="form-control") }}
+                        </div>
+                        <br>
+                        <div class="row" style="width: fit-content">
+                            <div class="col-md-auto">
+                                    {{ form.ext(class_="form-select") }}
                            </div>
-                            <div class="col">
-                                {{ form.ext(class_="form-select") }}
-                            </div>
-                            <div class="col" style="width: fit-content">
+                            <div class="col-md-auto">
                                {{ form.submit(class_="btn btn-primary") }}
                            </div>
                        </div>
--- a/templates/feedback-simple.html
+++ b/templates/feedback-simple.html
@@ -1,31 +0,0 @@
-{%- extends "base.html" %}
-
-{% block content %}
-    {{ super() }}
-    <div class="container">
-
-        {% if titles %}
-            <div class="container">
-                <table id="videos" class="table">
-                    <thead>
-                        <tr>
-                            <th scope="col" class="text-center">New Title(s)</th>
-                            <th scope="col" class="text-center">URL</th>
-                        </tr>
-                    </thead>
-                    <tbody>
-                        {% for i in range(amount) %}
-                            <tr>
-                                <td class="text-center">{{ titles[i] }}</td>
-                                <td class="text-center"> <a href="{{ urls[i] }}" target="_blank">Link</a></td>
-                            </tr>
-                        {% endfor %}
-                    </tbody>
-                </table>
-                <form target="/start-download"
-                <input type="submit"
-            </div>
-        {% endif %}
-
-    </div>
-{%- endblock %}
--- a/templates/flash-message.html
+++ b/templates/flash-message.html
@@ -0,0 +1 @@
+{%- extends "base.html" %}
--- a/templates/index.html
+++ b/templates/index.html
@@ -6,28 +6,22 @@
        {% if running_downloads %}
            <div class="card">
                <div class="card-body">
-                    <ul class="list-group list-group-flush">
-                        <li class="list-group-item">
-                            <div class="row">
-                                <table id="videos" class="table">
-                                    <thead>
-                                        <tr>
-                                            <th scope="col" class="text-center">Queue</th>
-                                            <th scope="col" class="text-center">Started at</th>
-                                        </tr>
-                                    </thead>
-                                    <tbody>
-                                        {% for entry in running_downloads %}
-                                            <tr>
-                                                <td class="text-center"><a href="{{ entry[0] }}" target="_blank">{{ entry[0] }}</a></td>
-                                                <td class="text-center">{{ entry[1] }}</td>
-                                            </tr>
-                                        {% endfor %}
-                                    </tbody>
-                                </table>
-                            </div>
-                        </li>
-                    </ul>
+                    <table class="table">
+                        <thead>
+                            <tr>
+                                <th scope="col" class="text-center">Queue</th>
+                                <th scope="col" class="text-center">Started at</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for entry in running_downloads %}
+                                <tr>
+                                    <td class="text-center"><a href="{{ entry[0] }}" target="_blank">{{ entry[0] }}</a></td>
+                                    <td class="text-center">{{ entry[1] }}</td>
+                                </tr>
+                            {% endfor %}
+                        </tbody>
+                    </table>
                </div>
            </div>

@@ -35,26 +29,22 @@

            {% if titles %}
                <div class="card">
-                    <ul class="list-group list-group-flush">
-                        <li class="list-group-item">
-                            <div class="row">
-                                <table id="videos" class="table">
-                                    <thead>
-                                        <tr>
-                                            <th scope="col" class="text-center">Currently processing</th>
-                                        </tr>
-                                    </thead>
-                                    <tbody>
-                                        {% for i in range(amount) %}
-                                            <tr>
-                                                <td class="text-center"><a href="{{ urls[i] }}" target="_blank">{{ titles[i] }}</a></td>
-                                            </tr>
-                                        {% endfor %}
-                                    </tbody>
-                                </table>
-                            </div>
-                        </li>
-                    </ul>
+                    <div class="card-body">
+                        <table class="table">
+                            <thead>
+                                <tr>
+                                    <th scope="col" class="text-center">Currently processing</th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                {% for i in range(amount) %}
+                                    <tr>
+                                        <td class="text-center"><a href="{{ urls[i] }}" target="_blank">{{ titles[i] }}</a></td>
+                                    </tr>
+                                {% endfor %}
+                            </tbody>
+                        </table>
+                    </div>
                </div>
            {% endif %}
        {% endif %}