diff --git a/client/components/app/Appbar.vue b/client/components/app/Appbar.vue index f74134041..428ae6ebf 100644 --- a/client/components/app/Appbar.vue +++ b/client/components/app/Appbar.vue @@ -196,6 +196,7 @@ export default { requestBatchQuickEmbed() { const payload = { message: this.$strings.MessageConfirmQuickEmbed, + allowHtml: true, callback: (confirmed) => { if (confirmed) { this.$axios diff --git a/client/components/modals/item/tabs/Tools.vue b/client/components/modals/item/tabs/Tools.vue index d96550887..8e40ca3c0 100644 --- a/client/components/modals/item/tabs/Tools.vue +++ b/client/components/modals/item/tabs/Tools.vue @@ -107,6 +107,7 @@ export default { quickEmbed() { const payload = { message: this.$strings.MessageConfirmQuickEmbed, + allowHtml: true, callback: (confirmed) => { if (confirmed) { this.$axios diff --git a/client/components/prompt/Confirm.vue b/client/components/prompt/Confirm.vue index 361765e2d..d0828c7d1 100644 --- a/client/components/prompt/Confirm.vue +++ b/client/components/prompt/Confirm.vue @@ -3,7 +3,8 @@
-

+

+

{{ message }}

@@ -52,6 +53,17 @@ export default { message() { return this.confirmPromptOptions.message || '' }, + allowHtmlMessage() { + return !!this.confirmPromptOptions.allowHtml + }, + sanitizedMessage() { + if (!this.allowHtmlMessage) return this.message + + return this.escapeHtml(this.message) + .replace(/<br\s*\/?>/gi, '
') + .replace(/<code>/gi, '') + .replace(/<\/code>/gi, '') + }, callback() { return this.confirmPromptOptions.callback }, @@ -103,6 +115,14 @@ export default { if (this.callback) this.callback(true, this.checkboxValue) this.show = false }, + escapeHtml(value) { + return String(value) + .replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, ''') + }, setShow() { this.checkboxValue = this.checkboxDefaultValue this.$eventBus.$emit('showing-prompt', true) diff --git a/client/pages/config/index.vue b/client/pages/config/index.vue index b8cf3cff2..7fb84d468 100644 --- a/client/pages/config/index.vue +++ b/client/pages/config/index.vue @@ -390,8 +390,8 @@ export default { }, purgeItemsCache() { const payload = { - // message: `This will delete the entire folder at /metadata/cache/items.
Are you sure you want to purge items cache?`, message: this.$strings.MessageConfirmPurgeItemsCache, + allowHtml: true, callback: (confirmed) => { if (confirmed) { this.sendPurgeItemsCache() diff --git a/client/pages/config/item-metadata-utils/genres.vue b/client/pages/config/item-metadata-utils/genres.vue index 87e14bbd8..8abe34eef 100644 --- a/client/pages/config/item-metadata-utils/genres.vue +++ b/client/pages/config/item-metadata-utils/genres.vue @@ -90,9 +90,9 @@ export default { let message = this.$getString('MessageConfirmRenameGenre', [this.editingGenre, this.newGenreName]) if (genreNameExists) { - message += `
${this.$strings.MessageConfirmRenameGenreMergeNote}` + message += ` ${this.$strings.MessageConfirmRenameGenreMergeNote}` } else if (genreNameExistsOfDifferentCase) { - message += `
${this.$getString('MessageConfirmRenameGenreWarning', [genreNameExistsOfDifferentCase])}` + message += ` ${this.$getString('MessageConfirmRenameGenreWarning', [genreNameExistsOfDifferentCase])}` } const payload = { diff --git a/client/pages/config/item-metadata-utils/tags.vue b/client/pages/config/item-metadata-utils/tags.vue index 2fe5c0f1a..4dfc39424 100644 --- a/client/pages/config/item-metadata-utils/tags.vue +++ b/client/pages/config/item-metadata-utils/tags.vue @@ -86,9 +86,9 @@ export default { let message = this.$getString('MessageConfirmRenameTag', [this.editingTag, this.newTagName]) if (tagNameExists) { - message += `
${this.$strings.MessageConfirmRenameTagMergeNote}` + message += ` ${this.$strings.MessageConfirmRenameTagMergeNote}` } else if (tagNameExistsOfDifferentCase) { - message += `
${this.$getString('MessageConfirmRenameTagWarning', [tagNameExistsOfDifferentCase])}` + message += ` ${this.$getString('MessageConfirmRenameTagWarning', [tagNameExistsOfDifferentCase])}` } const payload = { diff --git a/server/auth/TokenManager.js b/server/auth/TokenManager.js index faa6774a3..5efeb7a64 100644 --- a/server/auth/TokenManager.js +++ b/server/auth/TokenManager.js @@ -234,6 +234,13 @@ class TokenManager { } const user = await Database.userModel.getUserById(apiKey.userId) + + if (!user?.isActive) { + // deny login + done(null, null) + return + } + done(null, user) } else { // JWT based authentication diff --git a/server/controllers/PodcastController.js b/server/controllers/PodcastController.js index 1ebe1d110..c70287600 100644 --- a/server/controllers/PodcastController.js +++ b/server/controllers/PodcastController.js @@ -412,6 +412,12 @@ class PodcastController { Logger.debug(`[PodcastController] Sanitized description from "${req.body[key]}" to "${sanitizedDescription}"`) req.body[key] = sanitizedDescription } + } else if (key === 'subtitle' && req.body[key]) { + const sanitizedSubtitle = htmlSanitizer.sanitize(req.body[key]) + if (sanitizedSubtitle !== req.body[key]) { + Logger.debug(`[PodcastController] Sanitized subtitle from "${req.body[key]}" to "${sanitizedSubtitle}"`) + req.body[key] = sanitizedSubtitle + } } updatePayload[key] = req.body[key]