mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-04-10 21:03:01 +00:00
fix: Address multiple issues in debug script, array rendering, and custom feeds
1. debug_install.sh: Make log path dynamic instead of hardcoded - Compute project root from script location - Use dynamic LOG_DIR instead of hardcoded /home/ledpi/LEDMatrix/logs/ - Works from any clone location and user 2. plugins_manager.js renderArrayObjectItem: Fix XSS and metadata issues - HTML-escape logoValue.path in img src attribute (XSS prevention) - Add data-file-data attribute to preserve file metadata for serialization - Add data-prop-key attribute for proper property tracking - Use schema-driven remove button label (x-removeLabel) with fallback to 'Remove item' 3. base.html addCustomFeedRow: Fix duplicate enabled field and hardcoded pluginId - Remove duplicate hidden input for enabled field (checkbox alone is sufficient) - Add pluginId parameter to function signature - Pass pluginId to handleCustomFeedLogoUpload instead of hardcoded 'ledmatrix-news' - Update caller in plugin_config.html to pass plugin_id These fixes improve security (XSS prevention), functionality (metadata preservation), and maintainability (no hardcoded values).
This commit is contained in:
Chuck
@@ -68,13 +68,17 @@ fi
|
||||
echo ""
|
||||
|
||||
echo "8. Latest installation log:"
|
||||
LOG_FILE=$(ls -t /home/ledpi/LEDMatrix/logs/first_time_install_*.log 2>/dev/null | head -1)
|
||||
# Determine project root directory (parent of scripts/install/)
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
LOG_DIR="$PROJECT_ROOT_DIR/logs"
|
||||
LOG_FILE=$(ls -t "$LOG_DIR"/first_time_install_*.log 2>/dev/null | head -1)
|
||||
if [ -n "$LOG_FILE" ]; then
|
||||
echo " Found: $LOG_FILE"
|
||||
echo " Last 30 lines:"
|
||||
tail -30 "$LOG_FILE" | sed 's/^/ /'
|
||||
else
|
||||
echo " No log files found in /home/ledpi/LEDMatrix/logs/"
|
||||
echo " No log files found in $LOG_DIR/"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
|
||||
@@ -2506,18 +2506,20 @@ function renderArrayObjectItem(fieldId, fullKey, itemProperties, itemValue, inde
|
||||
const logoValue = propValue || {};
|
||||
|
||||
// Display existing logo if present, but disable upload functionality
|
||||
// Store file metadata in data-file-data attribute for serialization
|
||||
if (logoValue.path) {
|
||||
const fileDataJson = JSON.stringify(logoValue).replace(/'/g, "'").replace(/"/g, """);
|
||||
html += `
|
||||
<div class="file-upload-widget-inline">
|
||||
<div class="file-upload-widget-inline" data-file-data='${fileDataJson}' data-prop-key="${propKey}">
|
||||
<div class="mt-2 flex items-center space-x-2">
|
||||
<img src="/${logoValue.path}" alt="Logo" class="w-16 h-16 object-cover rounded border">
|
||||
<img src="/${escapeHtml(logoValue.path)}" alt="Logo" class="w-16 h-16 object-cover rounded border">
|
||||
<span class="text-sm text-gray-500 italic">File upload not yet available for array items</span>
|
||||
</div>
|
||||
</div>
|
||||
`;
|
||||
} else {
|
||||
html += `
|
||||
<div class="file-upload-widget-inline">
|
||||
<div class="file-upload-widget-inline" data-prop-key="${propKey}">
|
||||
<button type="button"
|
||||
disabled
|
||||
class="px-3 py-2 text-sm bg-gray-200 text-gray-400 rounded-md cursor-not-allowed opacity-50"
|
||||
@@ -2567,11 +2569,13 @@ function renderArrayObjectItem(fieldId, fullKey, itemProperties, itemValue, inde
|
||||
html += `</div>`;
|
||||
});
|
||||
|
||||
// Use schema-driven label for remove button, fallback to generic "Remove item"
|
||||
const removeLabel = itemsSchema['x-removeLabel'] || 'Remove item';
|
||||
html += `
|
||||
<button type="button"
|
||||
onclick="removeArrayObjectItem('${fieldId}', ${index})"
|
||||
class="mt-2 px-3 py-2 text-sm text-red-600 hover:text-red-800 hover:bg-red-50 rounded-md transition-colors">
|
||||
<i class="fas fa-trash mr-1"></i> Remove Feed
|
||||
<i class="fas fa-trash mr-1"></i> ${escapeHtml(removeLabel)}
|
||||
</button>
|
||||
</div>`;
|
||||
|
||||
|
||||
@@ -4822,7 +4822,7 @@
|
||||
|
||||
<!-- Custom feeds table helper functions -->
|
||||
<script>
|
||||
function addCustomFeedRow(fieldId, fullKey, maxItems) {
|
||||
function addCustomFeedRow(fieldId, fullKey, maxItems, pluginId) {
|
||||
const tbody = document.getElementById(fieldId + '_tbody');
|
||||
if (!tbody) return;
|
||||
|
||||
@@ -4859,7 +4859,7 @@
|
||||
id="${fieldId}_logo_${newIndex}"
|
||||
accept="image/png,image/jpeg,image/bmp,image/gif"
|
||||
style="display: none;"
|
||||
onchange="handleCustomFeedLogoUpload(event, '${fieldId}', ${newIndex}, 'ledmatrix-news', '${fullKey}')">
|
||||
onchange="handleCustomFeedLogoUpload(event, '${fieldId}', ${newIndex}, '${pluginId}', '${fullKey}')">
|
||||
<button type="button"
|
||||
onclick="document.getElementById('${fieldId}_logo_${newIndex}').click()"
|
||||
class="px-2 py-1 text-xs bg-gray-200 hover:bg-gray-300 rounded">
|
||||
@@ -4869,7 +4869,6 @@
|
||||
</div>
|
||||
</td>
|
||||
<td class="px-4 py-3 whitespace-nowrap text-center">
|
||||
<input type="hidden" name="${fullKey}.${newIndex}.enabled" value="false">
|
||||
<input type="checkbox"
|
||||
name="${fullKey}.${newIndex}.enabled"
|
||||
checked
|
||||
|
||||
@@ -274,7 +274,7 @@
|
||||
</tbody>
|
||||
</table>
|
||||
<button type="button"
|
||||
onclick="addCustomFeedRow('{{ field_id }}', '{{ full_key }}', {{ max_items }})"
|
||||
onclick="addCustomFeedRow('{{ field_id }}', '{{ full_key }}', {{ max_items }}, '{{ plugin_id }}')"
|
||||
class="mt-3 px-4 py-2 text-sm bg-blue-600 hover:bg-blue-700 text-white rounded-md"
|
||||
{% if array_value|length >= max_items %}disabled style="opacity: 0.5;"{% endif %}>
|
||||
<i class="fas fa-plus mr-1"></i> Add Feed
|
||||
|
||||
Reference in New Issue
Block a user