mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
7f7b10aa09
When showing system-messages, use default Angular sanitizer, also, on the admin panel itself, show the verbatim text of the message. This solves a mild Stored-XSS vulnerability whereby a user could put `<script>` tags in a message. We don't want that, but we do want to be able to use basic html tags.
87 lines
3.5 KiB
Text
87 lines
3.5 KiB
Text
extends ../layout
|
|
|
|
block content
|
|
.content.content-alt
|
|
.container
|
|
.row
|
|
.col-xs-12
|
|
.card
|
|
.page-header
|
|
h1 Admin Panel
|
|
tabset(ng-cloak)
|
|
tab(heading="System Messages")
|
|
each message in systemMessages
|
|
.alert.alert-info.row-spaced #{message.content}
|
|
hr
|
|
form(enctype='multipart/form-data', method='post', action='/admin/messages')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
.form-group
|
|
label(for="content")
|
|
input.form-control(name="content", type="text", placeholder="Message...", required)
|
|
button.btn.btn-primary(type="submit") Post Message
|
|
hr
|
|
form(enctype='multipart/form-data', method='post', action='/admin/messages/clear')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
button.btn.btn-danger(type="submit") Clear all messages
|
|
|
|
|
|
tab(heading="Open Sockets")
|
|
.row-spaced
|
|
ul
|
|
each agents, url in openSockets
|
|
li #{url} - total : #{agents.length}
|
|
ul
|
|
each agent in agents
|
|
li #{agent}
|
|
|
|
tab(heading="Close Editor")
|
|
.row-spaced
|
|
form(enctype='multipart/form-data', method='post',action='/admin/closeEditor')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
button.btn.btn-danger(type="submit") Close Editor
|
|
p.small Will stop anyone opening the editor. Will NOT disconnect already connected users.
|
|
|
|
.row-spaced
|
|
form(enctype='multipart/form-data', method='post',action='/admin/dissconectAllUsers')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
button.btn.btn-danger(type="submit") Disconnect all users
|
|
p.small Will force disconnect all users with the editor open. Make sure to close the editor first to avoid them reconnecting.
|
|
|
|
tab(heading="Subscriptions")
|
|
h3 Link Recurly subscription to user
|
|
.row
|
|
form.form.col-xs-6(enctype='multipart/form-data', method='post',action='/admin/syncUserToSubscription')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
.form-group
|
|
label(for='subscription_id') subscription_id (in Recurly)
|
|
input.form-control(type='text', name='subscription_id', placeholder='subscription_id', required)
|
|
.form-group
|
|
label(for='user_id') user_id
|
|
input.form-control(type='text', name='user_id', placeholder='user_id', required)
|
|
.form-group
|
|
button.btn-primary.btn(type='submit') Link
|
|
|
|
tab(heading="TPDS/Dropbox Management")
|
|
h3 Flush project to TPDS
|
|
.row
|
|
form.col-xs-6(enctype='multipart/form-data', method='post',action='/admin/flushProjectToTpds')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
.form-group
|
|
label(for='project_id') project_id
|
|
input.form-control(type='text', name='project_id', placeholder='project_id', required)
|
|
.form-group
|
|
button.btn-primary.btn(type='submit') Flush
|
|
hr
|
|
h3 Poll Dropbox for user
|
|
.row
|
|
form.col-xs-6(enctype='multipart/form-data', method='post',action='/admin/pollDropboxForUser')
|
|
input(name="_csrf", type="hidden", value=csrfToken)
|
|
.form-group
|
|
label(for='user_id') user_id
|
|
input.form-control(type='text', name='user_id', placeholder='user_id', required)
|
|
.form-group
|
|
button.btn-primary.btn(type='submit') Poll
|
|
|
|
|
|
|
|
|