d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Migrate away from unsafe function 

MooTools More has CVE-2021-20088 and qbt is affected by it by using the
unsafe function call `String.parseQueryString()`, so migrate away from
it.

PR #18554.
adaptive-webui-19844
Chocobo1 2 years ago committed by GitHub
parent
3fea9f5a33
commit
6a4bb5c1b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      src/webui/www/private/scripts/client.js

13
src/webui/www/private/scripts/client.js
Unescape View File

@ -1387,11 +1387,11 @@ function registerMagnetHandler() { @@ -1387,11 +1387,11 @@ function registerMagnetHandler() {
return;
}
const hashParams = getHashParamsFromUrl();
hashParams.download = '';
const templateHashString = Object.toQueryString(hashParams).replace('download=', 'download=%s');
const hashString = location.hash ? location.hash.replace(/^#/, '') : '';
const hashParams = new URLSearchParams(hashString);
hashParams.set('download', '');
const templateHashString = hashParams.toString().replace('download=', 'download=%s');
const templateUrl = location.origin + location.pathname
+ location.search + '#' + templateHashString;
@ -1411,11 +1411,6 @@ function handleDownloadParam() { @@ -1411,11 +1411,6 @@ function handleDownloadParam() {
showDownloadPage([url]);
}
function getHashParamsFromUrl() {
const hashString = location.hash ? location.hash.replace(/^#/, '') : '';
return (hashString.length > 0) ? String.parseQueryString(hashString) : {};
}
function closeWindows() {
MochaUI.closeAll();
}

Write Preview
Loading…
Cancel
Save