diff --git a/web/lib/auth.js b/web/lib/auth.js index f17551d28b6e0ffe250f6d069e8f939b2aa7518a..2164aa53137a3a4ecf70189922d305951831c9b5 100644 --- a/web/lib/auth.js +++ b/web/lib/auth.js @@ -48,6 +48,7 @@ function setCookie(usr, sessionKey) { function validateSession(cookies) { + var usr = new User(0); for (var c in cookies) { if (cookies[c].search(/^\d+,\w+$/) < 0) continue; @@ -55,7 +56,7 @@ function validateSession(cookies) { var cookie = cookies[c].split(','); try { - var usr = new User(cookie[0]); + usr.number = cookie[0]; if (usr.number < 1) { throw 'Invalid user number ' + cookie[0] + ' in cookie.'; } @@ -70,17 +71,20 @@ function validateSession(cookies) { continue; } - authenticate(usr.alias, usr.security.password); + var _usr = authenticate(usr.alias, usr.security.password); + _usr = undefined; setCookie(usr, session.key); setSessionValue(usr.number, 'ip_address', client.ip_address); break; } + usr = undefined; } function destroySession(cookies) { + var usr = new User(0); for (var c in cookies) { if (cookies[c].search(/^\d+,\w+$/) < 0) continue; @@ -89,7 +93,7 @@ function destroySession(cookies) { try { - var usr = new User(cookie[0]); + usr.number = cookie[0]; if(usr.number < 1) { throw 'Invalid user number ' + cookie[0] + ' in cookie.'; } @@ -123,6 +127,7 @@ function destroySession(cookies) { } } + usr = undefined; } @@ -174,6 +179,7 @@ if (user.number === 0) { if (gn > 0) { var gu = new User(gn); login(gu.alias, gu.security.password); + gu = undefined; } else { // Otherwise just kill the script, for security's sake exit(); diff --git a/web/pages/.examples/More/001-userlist.xjs b/web/pages/.examples/More/001-userlist.xjs index fca38c012ed6d35d239200e66279ddb2eb8e33f9..bf63f03c7a98ac4a92aa935baa048d053e98ef6f 100644 --- a/web/pages/.examples/More/001-userlist.xjs +++ b/web/pages/.examples/More/001-userlist.xjs @@ -152,6 +152,7 @@ } users.push(copyProperties(usr, {})); } + usr = undefined; users.sort(sortUsers); return users.slice(offset, offset + pageSize); } diff --git a/web/root/api/system.ssjs b/web/root/api/system.ssjs index 2ebcc4688f75b3eaf2c1ba70f934dc9b79732713..34a888720eed8c4d549a21e324220b497dbacdf9 100644 --- a/web/root/api/system.ssjs +++ b/web/root/api/system.ssjs @@ -19,7 +19,7 @@ if ((http_request.method === 'GET' || http_request.method === 'POST') && switch (http_request.query.call[0]) { case 'node-list': - var usr = new User(1); + var usr = new User(0); reply = system.node_list.map(function (node) { usr.number = node.useron; return ({ @@ -42,6 +42,7 @@ if ((http_request.method === 'GET' || http_request.method === 'POST') && user : usr.alias }); } + usr = undefined; break; case 'send-telegram':