StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[Security] Address critical flaw in console rendering that allowed arbitrary command execution

Browse source
This commit is contained in:
Dane Everitt 2017-06-26 22:36:09 -05:00
parent ddb98df4af
commit 829453f805
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
11 changed files with 515 additions and 548 deletions
Download patch file Download diff file Expand all files Collapse all files

22
resources/themes/pterodactyl/server/console.blade.php
View file

@ -22,28 +22,36 @@
<head>
<title>{{ Settings::get('company', 'Pterodactyl') }} - Console &rarr; {{ $server->name }}</title>
@include('layouts.scripts')
{!! Theme::css('vendor/terminal/jquery.terminal.css') !!}
{!! Theme::css('vendor/bootstrap/bootstrap.min.css') !!}
{!! Theme::css('css/pterodactyl.css') !!}
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body style="margin:0;width:100%;height:100%;">
<div id="terminal" style="width:100%"></div>
<body style="margin:0;width:100%;height:100%;background:#000;overflow: hidden;">
<div id="terminal" style="width:100%;max-height: none !important;"></div>
<div id="terminal_input">
<span class="terminal_input--prompt">{{ $server->username }}:~$</span> <span class="terminal_input--text"></span>
<input type="text" class="terminal_input--input" />
</div>
<div id="terminalNotify" class="terminal-notify hidden">
<i class="fa fa-bell"></i>
</div>
</body>
<script>window.SkipConsoleCharts = true</script>
{!! Theme::js('js/laroute.js') !!}
{!! Theme::js('vendor/ansi/ansi_up.js') !!}
{!! Theme::js('vendor/jquery/jquery.min.js') !!}
{!! Theme::js('vendor/socketio/socket.io.min.js') !!}
{!! Theme::js('vendor/bootstrap-notify/bootstrap-notify.min.js') !!}
{!! Theme::js('js/frontend/server.socket.js') !!}
{!! Theme::js('vendor/mousewheel/jquery.mousewheel-min.js') !!}
{!! Theme::js('vendor/terminal/jquery.terminal.min.js') !!}
{!! Theme::js('vendor/terminal/unix_formatting.js') !!}
{!! Theme::js('js/frontend/console.js') !!}
<script>
Terminal.resize($(window).innerWidth() - 20, $(window).innerHeight() - 20);
$terminal.height($(window).innerHeight() - 40);
$terminal.width($(window).innerWidth() - 40);
$(window).on('resize', function () {
Terminal.resize($(window).innerWidth() - 20, $(window).innerHeight() - 20);
window.scrollToBottom();
$terminal.height($(window).innerHeight() - 40);
$terminal.width($(window).innerWidth() - 40);
});
</script>
</html>

12
resources/themes/pterodactyl/server/index.blade.php
View file

@ -23,11 +23,6 @@
{{ trans('server.index.title', [ 'name' => $server->name]) }}
@endsection
@section('scripts')
@parent
{!! Theme::css('vendor/terminal/jquery.terminal.css') !!}
@endsection
@section('content-header')
<h1>@lang('server.index.header')<small>@lang('server.index.header_sub')</small></h1>
<ol class="breadcrumb">
@ -42,6 +37,10 @@
<div class="box">
<div class="box-body position-relative">
<div id="terminal" style="width:100%;"></div>
<div id="terminal_input">
<span class="terminal_input--prompt">{{ $server->username }}:~$</span> <span class="terminal_input--text"></span>
<input type="text" class="terminal_input--input" />
</div>
<div id="terminalNotify" class="terminal-notify hidden">
<i class="fa fa-bell"></i>
</div>
@ -81,10 +80,9 @@
@section('footer-scripts')
@parent
{!! Theme::js('vendor/ansi/ansi_up.js') !!}
{!! Theme::js('js/frontend/server.socket.js') !!}
{!! Theme::js('vendor/mousewheel/jquery.mousewheel-min.js') !!}
{!! Theme::js('vendor/terminal/jquery.terminal.min.js') !!}
{!! Theme::js('vendor/terminal/unix_formatting.js') !!}
{!! Theme::js('js/frontend/console.js') !!}
{!! Theme::js('vendor/chartjs/chart.min.js') !!}
{!! Theme::js('vendor/jquery/date-format.min.js') !!}