|
1 | 1 | {-# LANGUAGE RankNTypes, FlexibleContexts, |
2 | 2 | NamedFieldPuns, RecordWildCards, PatternGuards #-} |
3 | | -{-# LANGUAGE LambdaCase #-} |
| 3 | +{-# LANGUAGE LambdaCase, MultiWayIf #-} |
4 | 4 | module Distribution.Server.Features.Documentation ( |
5 | 5 | DocumentationFeature(..), |
6 | 6 | DocumentationResource(..), |
@@ -310,12 +310,22 @@ documentationFeature name |
310 | 310 | case dpath of |
311 | 311 | ("..","doc-index.json") : _ -> True |
312 | 312 | _ -> False |
313 | | - if mtime < UTCTime (fromGregorian 2025 2 1) 0 |
314 | | - || isDocIndex |
315 | | - || digest == "548d676b3e5a52cbfef06d7424ec065c1f34c230407f9f5dc002c27a9666bec4" -- quick-jump.min.js |
316 | | - || digest == "6bd159f6d7b1cfef1bd190f1f5eadcd15d35c6c567330d7465c3c35d5195bc6f" -- quick-jump.css |
317 | | - then pure response |
318 | | - else requireUserContent env response |
| 313 | + isQuickJump = |
| 314 | + case dpath of |
| 315 | + ("..","quick-jump.min.js") : _ -> True |
| 316 | + ("..","quick-jump.css") : _ -> True |
| 317 | + _ -> False |
| 318 | + if |
| 319 | + | isDocIndex || mtime < UTCTime (fromGregorian 2025 2 1) 0 -> pure response |
| 320 | + | isQuickJump -> |
| 321 | + if digest == "548d676b3e5a52cbfef06d7424ec065c1f34c230407f9f5dc002c27a9666bec4" -- quick-jump.min.js |
| 322 | + || digest == "6bd159f6d7b1cfef1bd190f1f5eadcd15d35c6c567330d7465c3c35d5195bc6f" -- quick-jump.css |
| 323 | + then pure response |
| 324 | + else |
| 325 | + -- Because Quick Jump also runs on the package page, and not just on the user content domain, |
| 326 | + -- we cannot accept arbitrary user-uploaded content. |
| 327 | + errForbidden "Quick Jump hash is not correct" [MText "Accepted Quick Jump hashes are listed in the hackage-server source code."] |
| 328 | + | otherwise -> requireUserContent env response |
319 | 329 |
|
320 | 330 | rewriteDocs :: BSL.ByteString -> BSL.ByteString |
321 | 331 | rewriteDocs dochtml = case BSL.breakFindAfter (BS.pack "<head>") dochtml of |
|
0 commit comments