display version info after login

It is a security risk to display version info to unauthenticated users.

display version info after login
It is a security risk to display version info to unauthenticated users.
cf444f03 · Dietmar Maurer · 8dd924cc · cf444f03 · cf444f03
Commit cf444f03 authored Jun 25, 2012 by Dietmar Maurer
Show whitespace changes
Inline Side-by-side

Showing with 27 additions and 4 deletions

Workspace.js www/manager/Workspace.js +26 -1

index.pl www/manager/index.pl +1 -3

No files found.
--- a/www/manager/Workspace.js
+++ b/www/manager/Workspace.js
@@ -211,6 +211,15 @@ Ext.define('PVE.StdWorkspace', {

 	if (loginData) {
 	    PVE.data.ResourceStore.startUpdate();
+
+	    PVE.Utils.API2Request({
+		url: '/version',
+		method: 'GET',
+		success: function(response) {
+		    PVE.VersionInfo = response.result.data;
+		    me.updateVersionInfo();
+		}
+	    });
 	}
    },

@@ -228,6 +237,21 @@ Ext.define('PVE.StdWorkspace', {
 	ui.doLayout();
    },

+    updateVersionInfo: function() {
+	var me = this;
+
+	var ui = me.query('#versioninfo')[0];
+
+	if (PVE.VersionInfo) {
+	    var version = PVE.VersionInfo.version + '-' + PVE.VersionInfo.release + '/' +
+		PVE.VersionInfo.repoid;
+	    ui.update('<span class="x-panel-header-text">Proxmox Virtual Environment<br>' + gettext('Version') + ': ' + version + "</span>");
+	} else {
+	    ui.update('<span class="x-panel-header-text">Proxmox Virtual Environment</span>');
+	}
+	ui.doLayout();
+    },
+
    initComponent : function() {
 	var me = this;

@@ -341,7 +365,8 @@ Ext.define('PVE.StdWorkspace', {
 			{
 			    minWidth: 200,
 			    flex: 1,
-			    html: '<span class="x-panel-header-text">Proxmox Virtual Environment<br>' + gettext('Version') + ' ' + PVE.GUIVersion + "</span>"
+			    id: 'versioninfo',
+			    html: '<span class="x-panel-header-text">Proxmox Virtual Environment</span>'
 			},
 			{
 			    pack: 'end',

--- a/www/manager/index.pl
+++ b/www/manager/index.pl
@@ -4,7 +4,6 @@ use strict;
 use mod_perl2 '1.9922';
 use Encode;
 use CGI;
-use PVE::pvecfg;
 use PVE::JSONSchema;
 use PVE::AccessControl;
 use PVE::REST;
@@ -42,7 +41,7 @@ if (my $cookie = $r->headers_in->{Cookie}) {
 	$token = PVE::AccessControl::assemble_csrf_prevention_token($username);
    }
 }
-my $version = PVE::pvecfg::version_text();
+
 $username = '' if !$username;

 my $cgi = CGI->new($r);
@@ -53,7 +52,6 @@ my $workspace = defined($args{console}) ?

 my $jssrc = <<_EOJS;
 if (!PVE) PVE = {};
-PVE.GUIVersion = '$version';
 PVE.UserName = '$username';
 PVE.CSRFPreventionToken = '$token';
 _EOJS