zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-22 02:25:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Small security update

Browse source
This commit is contained in:
Pinga 2024-02-24 12:16:32 +02:00
parent 25c736b68b
commit 86f2096d1f
3 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cp/app/Controllers/DomainsController.php
View file

@ -2292,7 +2292,7 @@ class DomainsController extends Controller
}
return view($response,'admin/domains/listTransfers.twig', [
'clid' => $clid
'clid' => base64_encode($clid)
]);
}

4
cp/resources/views/admin/domains/listTransfers.twig
View file

@ -54,8 +54,8 @@
</div>
</div>
</div>
<div class="table-responsive">
<div id="transferTable"></div><input type="hidden" id="clid" value="{{ clid }}">
<div class="table-responsive" data-ref="{{ clid }}">
<div id="transferTable"></div>
</div>
</div>
</div>

3
cp/resources/views/partials/js-transfers.twig
View file

@ -18,7 +18,8 @@
var actionButtons = '';
var hasPendingStatus = rowData.trstatus && rowData.trstatus.includes('pending');
var clidValue = document.getElementById('clid').value;
const tableResponsive = document.querySelector('.table-responsive');
const clidValue = atob(tableResponsive.dataset.ref);
if (hasPendingStatus && clidValue === '0') {
actionButtons += `<a class="btn btn-outline-success btn-icon approve-btn" id="approve-btn" href="javascript:void(0);" data-approve-url="transfer/approve/${cell.getRow().getData().name}" title="{{ __('Approve Transfer') }}"><svg xmlns="http://www.w3.org/2000/svg" class="icon" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M9 11l3 3l8 -8" /><path d="M20 12v6a2 2 0 0 1 -2 2h-12a2 2 0 0 1 -2 -2v-12a2 2 0 0 1 2 -2h9" /></svg></a> `;