r9610: use a list of allowable extensions for unauthenticated access rather than

author Andrew Tridgell <tridge@samba.org>

Thu, 25 Aug 2005 08:22:42 +0000 (08:22 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:34:34 +0000 (13:34 -0500)
author Andrew Tridgell <tridge@samba.org>
Thu, 25 Aug 2005 08:22:42 +0000 (08:22 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:34:34 +0000 (13:34 -0500)
diff --git a/swat/scripting/common.js b/swat/scripting/common.js

index dde40c8e38a469032248b7d79c3c3ec4980c189b..299a67c7020b1da922eb75e55270500ee21644d0 100644 (file)
--- a/swat/scripting/common.js
+++ b/swat/scripting/common.js
@@ -73,15 +73,15 @@ function page_footer() {
    This allows the login page to use the same style sheets and images
  */
  function always_allowed(uri) {
-       var allowed = new Array("/images/favicon.ico", 
-                               "/images/linkpad.gif",
-                               "/images/logo.png",
-                               "/images/stripes.png",
-                               "/style/columns.css",
-                               "/style/swat.css",
-                               "/style/common.css");
+       var str = string_init();
+       var s = str.split('.', uri);
+       if (s.length < 2) {
+               return false;
+       }
+       var ext = s[s.length-1];
+       var allowed = new Array("ico", "gif", "png","css", "js");
         for (i in allowed) {
-               if (allowed[i] == uri) {
+               if (allowed[i] == ext) {
                         return true;
                 }
         }
author	Andrew Tridgell <tridge@samba.org>
	Thu, 25 Aug 2005 08:22:42 +0000 (08:22 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:34:34 +0000 (13:34 -0500)