From 7f5bb2b866bf4393ba2759a2ed4722d1b90726a7 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 25 Aug 2005 08:22:42 +0000
Subject: r9610: use a list of allowable extensions for unauthenticated access
 rather than a list of file names (This used to be commit
 ef61c8de2fa62d37486ea93d5773198d21c1a2c4)

---
 swat/scripting/common.js | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'swat/scripting')

diff --git a/swat/scripting/common.js b/swat/scripting/common.js
index dde40c8e38..299a67c702 100644
--- a/swat/scripting/common.js
+++ b/swat/scripting/common.js
@@ -73,15 +73,15 @@ function page_footer() {
   This allows the login page to use the same style sheets and images
 */
 function always_allowed(uri) {
-	var allowed = new Array("/images/favicon.ico", 
-				"/images/linkpad.gif",
-				"/images/logo.png",
-				"/images/stripes.png",
-				"/style/columns.css",
-				"/style/swat.css",
-				"/style/common.css");
+	var str = string_init();
+	var s = str.split('.', uri);
+	if (s.length < 2) {
+		return false;
+	}
+	var ext = s[s.length-1];
+	var allowed = new Array("ico", "gif", "png","css", "js");
 	for (i in allowed) {
-		if (allowed[i] == uri) {
+		if (allowed[i] == ext) {
 			return true;
 		}
 	}
-- 
cgit