mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-22 00:16:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

Merge pull request #17 from nashe/patch-admin-bypass

Browse source 
Case-insensitive check /admin/ access restriction
This commit is contained in:
John McLear 2018-04-06 21:27:16 +01:00 committed by GitHub
commit 76cd39d11a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/node/hooks/express/webaccess.js
View file

@ -20,7 +20,7 @@ exports.basicAuth = function (req, res, next) {
// Do not require auth for static paths and the API...this could be a bit brittle // Do not require auth for static paths and the API...this could be a bit brittle
if (req.path.match(/^\/(static|javascripts|pluginfw|api)/)) return cb(true); if (req.path.match(/^\/(static|javascripts|pluginfw|api)/)) return cb(true);
if (req.path.indexOf('/admin') != 0) { if (req.path.toLowerCase().indexOf('/admin') != 0) {
if (!settings.requireAuthentication) return cb(true); if (!settings.requireAuthentication) return cb(true);
if (!settings.requireAuthorization && req.session && req.session.user) return cb(true); if (!settings.requireAuthorization && req.session && req.session.user) return cb(true);
} }