search

HelloZeroNet / ZeroNet

ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network
https://zeronet.io
Other
18.37k stars 2.27k forks source link

When ui interface is restricted it display a lot of information even if access is forbidden #203

Closed TheNain38 closed 9 years ago

TheNain38 commented 9 years ago

example with parameters:

it display:

Forbidden
Please report it if you think this an error.
Details:

{
    "GATEWAY_INTERFACE": "CGI/1.1", 
    "HTTP_ACCEPT": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", 
    "HTTP_ACCEPT_ENCODING": "gzip,deflate", 
    "HTTP_ACCEPT_LANGUAGE": "en-us", 
    "HTTP_CONNECTION": "keep-alive", 
    "HTTP_DNT": "1", 
    "HTTP_HOST": "***.***.***.***:43110", 
    "HTTP_USER_AGENT": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10", 
    "PATH_INFO": "/", 
    "QUERY_STRING": "", 
    "REMOTE_ADDR": "***.***.***.***", 
    "REMOTE_PORT": "*****", 
    "REQUEST_METHOD": "GET", 
    "SCRIPT_NAME": "", 
    "SERVER_NAME": "*********", 
    "SERVER_PORT": "1604", 
    "SERVER_PROTOCOL": "HTTP/1.1", 
    "SERVER_SOFTWARE": "gevent/1.0 Python/2.7", 
    "arguments": {
        "action": "main", 
        "batch": false, 
        "coffeescript_compiler": "type %s | tools\\coffee\\coffee.cmd", 
        "config_file": "zeronet.conf", 
        "data_dir": "data", 
        "debug": false, 
        "debug_socket": false, 
        "disable_encryption": false, 
        "disable_sslcompression": true, 
        "disable_udp": false, 
        "fileserver_ip": "*", 
        "fileserver_port": 15441, 
        "homepage": "1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr", 
        "ip_external": null, 
        "log_dir": "log", 
        "msgpack_purepython": true, 
        "open_browser": null, 
        "proxy": null, 
        "size_limit": 10, 
        "stream_downloads": false, 
        "trackers": [
            "udp://open.demonii.com:1337", 
            "udp://tracker.leechers-paradise.org:6969", 
            "udp://9.rarbg.com:2710", 
            "http://tracker.aletorrenty.pl:2710/announce", 
            "http://retracker.telecom.kz/announce", 
            "http://torrent.gresille.org/announce"
        ], 
        "trackers_file": false, 
        "ui_ip": "*", 
        "ui_port": 43110, 
        "ui_restrict": [
            "192.168.0.253", 
            "127.0.0.1"
        ], 
        "use_openssl": true, 
        "use_tempfiles": false
    }, 
    "plugins": [
        "Sidebar", 
        "Stats", 
        "Trayicon", 
        "Zeroname"
    ], 
    "version_gevent": "1.0.1", 
    "version_python": "2.7.9 (default, Dec 10 2014, 12:24:55) [MSC v.1500 32 bit (Intel)]", 
    "version_zeronet": "0.3.2 r480", 
    "wsgi.url_scheme": "http"
}

It displays too much information to someone who's access is forbidden

HelloZeroNet commented 9 years ago

Thanks, fixed: 713baeab63b546dca6a69608a2e3613dd6e87118