Add HTTPS warning

2015-06-30 21:21:14 -07:00 · 2015-06-30 21:21:14 -07:00 · 88d7fa955a
parent 1ea74847ae
commit 88d7fa955a
6 changed files with 26 additions and 10 deletions
--- a/assets/javascripts/discourse/components/query-result.js.es6
+++ b/assets/javascripts/discourse/components/query-result.js.es6
@ -46,8 +46,8 @@ const QueryResultComponent = Ember.Component.extend({

  columnHandlers: function() {
    const self = this;
-    if (!this.get('content')) {
-      return;
+    if (!this.get('columns')) {
+      return [];
    }
    if (self.get('opts.notransform')) {
      return this.get('columns').map(function(colName) {
--- a/assets/javascripts/discourse/controllers/admin-plugins-explorer.js.es6
+++ b/assets/javascripts/discourse/controllers/admin-plugins-explorer.js.es6
@ -35,6 +35,14 @@ export default Ember.ArrayController.extend({
    this.set('results', null);
  },

+  not_https: function() {
+    return !(
+      window.location.protocol === "https:" ||
+      window.location.hostname === "localhost" ||
+      window.location.hostname.endsWith(".local")
+    );
+  }.property(),
+
  actions: {
    dummy() {},

--- a/assets/javascripts/discourse/templates/admin/plugins-explorer.hbs
+++ b/assets/javascripts/discourse/templates/admin/plugins-explorer.hbs
@ -1,5 +1,12 @@
 <h2>Queries</h2>

+{{#if not_https}}
+  <div class="https-warning">
+    {{fa-icon "warning"}}
+    {{i18n "explorer.https_warning"}}
+  </div>
+{{/if}}
+
 <div class="query-list">
  {{combo-box valueAttribute="id" value=selectedQueryId nameProperty="listName" content=content castInteger="true" nameChanges="true"}}
  {{d-button action="showCreate" icon="plus" class="no-text"}}
@ -19,8 +26,6 @@
  {{partial "admin/plugins-explorer-show" model=selectedItem}}
 </div>

-{{conditional-loading-spinner condition=loading}}
-
 <div class="query-run">
  {{#if selectedItem.param_names}}
    <div class="query-params">
@ -44,6 +49,8 @@

 <hr>

+{{conditional-loading-spinner condition=loading}}
+
 {{#if results}}
  <div class="query-results">
    {{#if showResults}}
--- a/assets/stylesheets/explorer.scss
+++ b/assets/stylesheets/explorer.scss
@ -1,4 +1,6 @@
-
+.https-warning {
+  color: $danger;
+}
 .query-list {
  margin: 10px 0;
 }
@ -47,6 +49,6 @@
  }
 }

-.query-list, .query-edit, .query-results, .query-params {
+.query-list, .query-edit, .query-results, .query-params, .https-warning {
  margin: 10px 0;
 }
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@ -40,3 +40,4 @@ en:
      explain_label: "Include query plan?"
      save_params: "Set Defaults"
      reset_params: "Reset"
+      https_warning: "Use of the Data Explorer on sites not protected by HTTPS is discouraged. Please be careful to not retrieve sensitive information over insecure links."
--- a/plugin.rb
+++ b/plugin.rb
@ -80,11 +80,9 @@ after_initialize do
      query_args = (query.qopts[:defaults] || {}).with_indifferent_access.merge(params)

      # Rudimentary types
-      query_args.map! do |arg|
+      query_args.each do |k, arg|
        if arg =~ /\A\d+\z/
-          arg.to_i
-        else
-          arg
+          query_args[k] = arg.to_i
        end
      end