misc_pterodactyl-panel/resources/themes/pterodactyl/admin/servers/view/details.blade.php
Stepan Fedotov 1cd08e2f8d
Fix XSS in server owner selection (#2441)
Co-authored-by: Stepan Fedotov <stepan@crident.com>
Co-authored-by: Sergej <me@sergiz.com>
2020-10-03 09:55:35 -07:00

143 lines
7 KiB
PHP

{{-- Pterodactyl - Panel --}}
{{-- Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com> --}}
{{-- This software is licensed under the terms of the MIT license. --}}
{{-- https://opensource.org/licenses/MIT --}}
@extends('layouts.admin')
@section('title')
Server {{ $server->name }}: Details
@endsection
@section('content-header')
<h1>{{ $server->name }}<small>Edit details for this server including owner and container.</small></h1>
<ol class="breadcrumb">
<li><a href="{{ route('admin.index') }}">Admin</a></li>
<li><a href="{{ route('admin.servers') }}">Servers</a></li>
<li><a href="{{ route('admin.servers.view', $server->id) }}">{{ $server->name }}</a></li>
<li class="active">Details</li>
</ol>
@endsection
@section('content')
<div class="row">
<div class="col-xs-12">
<div class="nav-tabs-custom nav-tabs-floating">
<ul class="nav nav-tabs">
<li><a href="{{ route('admin.servers.view', $server->id) }}">About</a></li>
@if($server->installed === 1)
<li class="active"><a href="{{ route('admin.servers.view.details', $server->id) }}">Details</a></li>
<li><a href="{{ route('admin.servers.view.build', $server->id) }}">Build Configuration</a></li>
<li><a href="{{ route('admin.servers.view.startup', $server->id) }}">Startup</a></li>
<li><a href="{{ route('admin.servers.view.database', $server->id) }}">Database</a></li>
<li><a href="{{ route('admin.servers.view.manage', $server->id) }}">Manage</a></li>
@endif
<li class="tab-danger"><a href="{{ route('admin.servers.view.delete', $server->id) }}">Delete</a></li>
<li class="tab-success"><a href="{{ route('server.index', $server->uuidShort) }}"><i class="fa fa-external-link"></i></a></li>
</ul>
</div>
</div>
</div>
<div class="row">
<div class="col-xs-12">
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">Base Information</h3>
</div>
<form action="{{ route('admin.servers.view.details', $server->id) }}" method="POST">
<div class="box-body">
<div class="form-group">
<label for="name" class="control-label">Server Name <span class="field-required"></span></label>
<input type="text" name="name" value="{{ old('name', $server->name) }}" class="form-control" />
<p class="text-muted small">Character limits: <code>a-zA-Z0-9_-</code> and <code>[Space]</code> (max 35 characters).</p>
</div>
<div class="form-group">
<label for="external_id" class="control-label">External Identifier</label>
<input type="text" name="external_id" value="{{ old('external_id', $server->external_id) }}" class="form-control" />
<p class="text-muted small">Leave empty to not assign an external identifier for this server. The external ID should be unique to this server and not be in use by any other servers.</p>
</div>
<div class="form-group">
<label for="pUserId" class="control-label">Server Owner <span class="field-required"></span></label>
<select name="owner_id" class="form-control" id="pUserId">
<option value="{{ $server->owner_id }}" selected>{{ $server->user->email }}</option>
</select>
<p class="text-muted small">You can change the owner of this server by changing this field to an email matching another use on this system. If you do this a new daemon security token will be generated automatically.</p>
</div>
<div class="form-group">
<label for="description" class="control-label">Server Description</label>
<textarea name="description" rows="3" class="form-control">{{ old('description', $server->description) }}</textarea>
<p class="text-muted small">A brief description of this server.</p>
</div>
</div>
<div class="box-footer">
{!! csrf_field() !!}
{!! method_field('PATCH') !!}
<input type="submit" class="btn btn-sm btn-primary" value="Update Details" />
</div>
</form>
</div>
</div>
</div>
@endsection
@section('footer-scripts')
@parent
<script>
function escapeHtml(str) {
var div = document.createElement('div');
div.appendChild(document.createTextNode(str));
return div.innerHTML;
}
$('#pUserId').select2({
ajax: {
url: Router.route('admin.users.json'),
dataType: 'json',
delay: 250,
data: function (params) {
return {
q: params.term, // search term
page: params.page,
};
},
processResults: function (data, params) {
return { results: data };
},
cache: true,
},
escapeMarkup: function (markup) { return markup; },
minimumInputLength: 2,
templateResult: function (data) {
if (data.loading) return escapeHtml(data.text);
return '<div class="user-block"> \
<img class="img-circle img-bordered-xs" src="https://www.gravatar.com/avatar/' + escapeHtml(data.md5) + '?s=120" alt="User Image"> \
<span class="username"> \
<a href="#">' + escapeHtml(data.name_first) + ' ' + escapeHtml(data.name_last) +'</a> \
</span> \
<span class="description"><strong>' + escapeHtml(data.email) + '</strong> - ' + escapeHtml(data.username) + '</span> \
</div>';
},
templateSelection: function (data) {
if (typeof data.name_first === 'undefined') {
data = {
md5: '{{ md5(strtolower($server->user->email)) }}',
name_first: '{{ $server->user->name_first }}',
name_last: '{{ $server->user->name_last }}',
email: '{{ $server->user->email }}',
id: {{ $server->owner_id }}
};
}
return '<div> \
<span> \
<img class="img-rounded img-bordered-xs" src="https://www.gravatar.com/avatar/' + escapeHtml(data.md5) + '?s=120" style="height:28px;margin-top:-4px;" alt="User Image"> \
</span> \
<span style="padding-left:5px;"> \
' + escapeHtml(data.name_first) + ' ' + escapeHtml(data.name_last) + ' (<strong>' + escapeHtml(data.email) + '</strong>) \
</span> \
</div>';
}
});
</script>
@endsection