-
+
+
{{ message }}
@@ -52,6 +53,17 @@ export default {
message() {
return this.confirmPromptOptions.message || ''
},
+ allowHtmlMessage() {
+ return !!this.confirmPromptOptions.allowHtml
+ },
+ sanitizedMessage() {
+ if (!this.allowHtmlMessage) return this.message
+
+ return this.escapeHtml(this.message)
+ .replace(/<br\s*\/?>/gi, '
')
+ .replace(/<code>/gi, '
')
+ .replace(/<\/code>/gi, '')
+ },
callback() {
return this.confirmPromptOptions.callback
},
@@ -103,6 +115,14 @@ export default {
if (this.callback) this.callback(true, this.checkboxValue)
this.show = false
},
+ escapeHtml(value) {
+ return String(value)
+ .replace(/&/g, '&')
+ .replace(//g, '>')
+ .replace(/"/g, '"')
+ .replace(/'/g, ''')
+ },
setShow() {
this.checkboxValue = this.checkboxDefaultValue
this.$eventBus.$emit('showing-prompt', true)
diff --git a/client/pages/config/index.vue b/client/pages/config/index.vue
index b8cf3cff2..7fb84d468 100644
--- a/client/pages/config/index.vue
+++ b/client/pages/config/index.vue
@@ -390,8 +390,8 @@ export default {
},
purgeItemsCache() {
const payload = {
- // message: `This will delete the entire folder at
/metadata/cache/items.
Are you sure you want to purge items cache?`,
message: this.$strings.MessageConfirmPurgeItemsCache,
+ allowHtml: true,
callback: (confirmed) => {
if (confirmed) {
this.sendPurgeItemsCache()
diff --git a/client/pages/config/item-metadata-utils/genres.vue b/client/pages/config/item-metadata-utils/genres.vue
index 87e14bbd8..8abe34eef 100644
--- a/client/pages/config/item-metadata-utils/genres.vue
+++ b/client/pages/config/item-metadata-utils/genres.vue
@@ -90,9 +90,9 @@ export default {
let message = this.$getString('MessageConfirmRenameGenre', [this.editingGenre, this.newGenreName])
if (genreNameExists) {
- message += `
${this.$strings.MessageConfirmRenameGenreMergeNote}`
+ message += ` ${this.$strings.MessageConfirmRenameGenreMergeNote}`
} else if (genreNameExistsOfDifferentCase) {
- message += `
${this.$getString('MessageConfirmRenameGenreWarning', [genreNameExistsOfDifferentCase])}`
+ message += ` ${this.$getString('MessageConfirmRenameGenreWarning', [genreNameExistsOfDifferentCase])}`
}
const payload = {
diff --git a/client/pages/config/item-metadata-utils/tags.vue b/client/pages/config/item-metadata-utils/tags.vue
index 2fe5c0f1a..4dfc39424 100644
--- a/client/pages/config/item-metadata-utils/tags.vue
+++ b/client/pages/config/item-metadata-utils/tags.vue
@@ -86,9 +86,9 @@ export default {
let message = this.$getString('MessageConfirmRenameTag', [this.editingTag, this.newTagName])
if (tagNameExists) {
- message += `
${this.$strings.MessageConfirmRenameTagMergeNote}`
+ message += ` ${this.$strings.MessageConfirmRenameTagMergeNote}`
} else if (tagNameExistsOfDifferentCase) {
- message += `
${this.$getString('MessageConfirmRenameTagWarning', [tagNameExistsOfDifferentCase])}`
+ message += ` ${this.$getString('MessageConfirmRenameTagWarning', [tagNameExistsOfDifferentCase])}`
}
const payload = {
diff --git a/server/auth/TokenManager.js b/server/auth/TokenManager.js
index faa6774a3..5efeb7a64 100644
--- a/server/auth/TokenManager.js
+++ b/server/auth/TokenManager.js
@@ -234,6 +234,13 @@ class TokenManager {
}
const user = await Database.userModel.getUserById(apiKey.userId)
+
+ if (!user?.isActive) {
+ // deny login
+ done(null, null)
+ return
+ }
+
done(null, user)
} else {
// JWT based authentication
diff --git a/server/controllers/PodcastController.js b/server/controllers/PodcastController.js
index 1ebe1d110..c70287600 100644
--- a/server/controllers/PodcastController.js
+++ b/server/controllers/PodcastController.js
@@ -412,6 +412,12 @@ class PodcastController {
Logger.debug(`[PodcastController] Sanitized description from "${req.body[key]}" to "${sanitizedDescription}"`)
req.body[key] = sanitizedDescription
}
+ } else if (key === 'subtitle' && req.body[key]) {
+ const sanitizedSubtitle = htmlSanitizer.sanitize(req.body[key])
+ if (sanitizedSubtitle !== req.body[key]) {
+ Logger.debug(`[PodcastController] Sanitized subtitle from "${req.body[key]}" to "${sanitizedSubtitle}"`)
+ req.body[key] = sanitizedSubtitle
+ }
}
updatePayload[key] = req.body[key]