- Status Nouveau
- Percent Complete
- Task Type Anomalie
- Category Freebox OS → API
- Assigned To No-one
- Operating System Tous
- Severity High
- Priority Very Low
- Reported Version 3.3.1
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
Attached to Project: Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)
Opened by kyis - 26/08/2016
Opened by kyis - 26/08/2016
FS#20609 - GET /api/v3/login/authorize/{tid} retourne du code JS dans la valeur de challenge
GET /api/v3/login/authorize/{tid} Quelque soit le tid la requête me retourne :
{"success":true,"result":{"status":"granted","challenge":["var _pmtrqgv = { _dotl: '_mviD' }; _pmtrqgv._dotl.charAt(eval(unescape('%76%61%72%20%5F%73%73%69%75%64%20%3D%20%30%3B%76%61%72%20%5F%73%64%7A%71%68%20%3D%20%34%3B%76%61%72%20%5F%76%69%65%73%77%76%6E%62%20%3D%20%27%5F%6B%67%7A%76%7A%61%69%27%3B%5F%73%73%69%75%64%20%2A%20%5F%76%69%65%73%77%76%6E%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%73%64%7A%71%68')))","'8'","'P'","var _pjrqrii = '_ejdl';var _isjn = new RegExp(_pjrqrii.charAt(eval(unescape('%28%28%31%20%2A%20%38%20%2D%20%34%29%20%2F%20%34%29'))), 'g');String.fromCharCode(_pjrqrii.replace(_isjn, 's').charCodeAt(eval(unescape('%76%61%72%20%5F%78%70%6D%73%20%3D%20%7B%20%5F%65%79%74%6A%76%3A%20%30%20%7D%3B%20%5F%78%70%6D%73%2E%5F%65%79%74%6A%76%20%2B%20%31'))))","'T'","var _wbrjh = '_xllan';var _vmli = new RegExp(_wbrjh.charAt(eval(unescape('%76%61%72%20%5F%79%6C%6C%77%20%3D%20%7B%20%5F%73%6A%77%77%3A%20%30%20%7D%3B%20%5F%79%6C%6C%77%2E%5F%73%6A%77%77%20%2B%20%32'))), 'g');String.fromCharCode(_wbrjh.replace(_vmli, 'U').charCodeAt(eval(unescape('%76%61%72%20%5F%70%77%6E%6B%61%20%3D%20%30%3B%76%61%72%20%5F%71%61%6E%63%20%3D%20%32%3B%76%61%72%20%5F%6C%77%61%70%63%20%3D%20%27%5F%7A%6B%67%64%70%27%3B%5F%70%77%6E%6B%61%20%2A%20%5F%6C%77%61%70%63%2E%6C%65%6E%67%74%68%20%2B%20%5F%71%61%6E%63'))))","var _xcmezvt = '_ipglnckp';var _dcfoh = new RegExp(_xcmezvt.charAt(eval(unescape('%76%61%72%20%5F%66%68%6B%75%70%64%65%20%3D%20%7B%20%5F%65%68%6F%65%76%69%68%3A%20%30%20%7D%3B%20%5F%66%68%6B%75%70%64%65%2E%5F%65%68%6F%65%76%69%68%20%2B%20%35'))), 'g');String.fromCharCode(_xcmezvt.replace(_dcfoh, 'O').charCodeAt(eval(unescape('%28%28%35%20%2A%20%32%38%20%2D%20%37%30%29%20%2F%20%31%34%29'))))","'P'","'y'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%78%6D%65%6C%70%66%71%63%20%3D%20%39%3B%76%61%72%20%5F%6A%6F%67%7A%79%20%3D%20%31%3B%76%61%72%20%5F%62%64%68%65%6C%62%64%20%3D%20%27%5F%6C%72%65%69%72%70%62%70%27%3B%5F%78%6D%65%6C%70%66%71%63%20%2A%20%5F%62%64%68%65%6C%62%64%2E%6C%65%6E%67%74%68%20%2B%20%5F%6A%6F%67%7A%79'))).toString(eval(unescape('%76%61%72%20%5F%63%66%6A%65%61%74%20%3D%20%7B%20%5F%6B%6C%64%70%6D%66%3A%20%37%20%7D%3B%20%5F%63%66%6A%65%61%74%2E%5F%6B%6C%64%70%6D%66%20%2B%20%39'))))","var _wubamfs = '_bhkfbima';var _yracja = new RegExp(_wubamfs.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%35%33%29%20%2B%20%33%20%2D%20%31'))), 'g');String.fromCharCode(_wubamfs.replace(_yracja, 'Q').charCodeAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%36%2E%39%38%29%20%2B%20%31%20%2D%20%31'))))","var _sqcuor = { _oquhhfk: '_wkxselia' }; _sqcuor._oquhhfk.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%39%33%29%20%2B%20%31%20%2D%20%31')))","'+'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%62%69%66%65%74%20%3D%20%7B%20%5F%64%79%73%79%6D%76%69%3A%20%31%37%20%7D%3B%20%5F%62%69%66%65%74%2E%5F%64%79%73%79%6D%76%69%20%2B%20%35%36'))).toString(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%33%2E%37%30%29%20%2B%20%31%33%20%2D%20%31'))))","var _chaxsme = '_ecdjguqf';var _rwek = new RegExp(_chaxsme.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%39%34%29%20%2B%20%32%20%2D%20%31'))), 'g');String.fromCharCode(_chaxsme.replace(_rwek, 'H').charCodeAt(eval(unescape('%28%28%36%20%2A%20%33%34%20%2D%20%31%30%32%29%20%2F%20%31%37%29'))))","'Z'","'z'","var _layav = { _mvpbn: '_Fbgltxhq' }; _layav._mvpbn.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%38%36%29%20%2B%20%30%20%2D%20%31')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%30%20%2A%20%31%36%20%2D%20%35%36%30%29%20%2F%20%38%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%36%20%2D%20%32%30%38%29%20%2F%20%31%33%29'))))","var _rwvyzgb = '_zyopn';var _bpintb = new RegExp(_rwvyzgb.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%39%31%29%20%2B%20%30%20%2D%20%31'))), 'g');String.fromCharCode(_rwvyzgb.replace(_bpintb, '5').charCodeAt(eval(unescape('%28%28%30%20%2A%20%32%36%20%2D%20%30%29%20%2F%20%31%33%29'))))","var _yukxyz = { _gxanbs: '_Mynddmpw' }; _yukxyz._gxanbs.charAt(eval(unescape('%31')))","'x'","var _hhnd = { _ienyekft: 'txihjy' }; _hhnd._ienyekft.charAt(eval(unescape('%76%61%72%20%5F%77%6D%7A%72%20%3D%20%30%3B%76%61%72%20%5F%6E%69%65%6E%6B%6F%68%6A%20%3D%20%30%3B%76%61%72%20%5F%72%7A%69%76%72%61%20%3D%20%27%5F%6D%6A%74%65%66%6C%77%79%27%3B%5F%77%6D%7A%72%20%2A%20%5F%72%7A%69%76%72%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%6E%69%65%6E%6B%6F%68%6A')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%38%20%2A%20%32%38%20%2D%20%31%30%39%32%29%20%2F%20%31%34%29'))).toString(eval(unescape('%31%36'))))","var _stnjdc = { _pzikvu: '_jauwtq' }; _stnjdc._pzikvu.charAt(eval(unescape('%35')))","var _uipq = { _byax: '_uuc9tnhs' }; _uipq._byax.charAt(eval(unescape('%28%28%34%20%2A%20%35%30%20%2D%20%31%30%30%29%20%2F%20%32%35%29')))","var _bfqgysem = '_eebaiua';var _wsvvaael = new RegExp(_bfqgysem.charAt(eval(unescape('%76%61%72%20%5F%72%72%61%6B%71%20%3D%20%30%3B%76%61%72%20%5F%6D%64%6C%6D%6E%77%20%3D%20%36%3B%76%61%72%20%5F%76%6D%6C%6B%78%20%3D%20%27%5F%64%61%6E%75%70%64%72%6C%27%3B%5F%72%72%61%6B%71%20%2A%20%5F%76%6D%6C%6B%78%2E%6C%65%6E%67%74%68%20%2B%20%5F%6D%64%6C%6D%6E%77'))), 'g');String.fromCharCode(_bfqgysem.replace(_wsvvaael, '0').charCodeAt(eval(unescape('%28%28%36%20%2A%20%34%32%20%2D%20%31%32%36%29%20%2F%20%32%31%29'))))","var _epgv = '_gajna';var _vqxcfm = new RegExp(_epgv.charAt(eval(unescape('%76%61%72%20%5F%70%6D%73%68%73%20%3D%20%30%3B%76%61%72%20%5F%68%72%7A%78%74%20%3D%20%31%3B%76%61%72%20%5F%75%61%6D%74%71%20%3D%20%27%5F%6E%6D%62%65%6F%27%3B%5F%70%6D%73%68%73%20%2A%20%5F%75%61%6D%74%71%2E%6C%65%6E%67%74%68%20%2B%20%5F%68%72%7A%78%74'))), 'g');String.fromCharCode(_epgv.replace(_vqxcfm, '0').charCodeAt(eval(unescape('%76%61%72%20%5F%66%79%73%6D%6F%77%6D%20%3D%20%30%3B%76%61%72%20%5F%72%75%6B%66%72%72%64%69%20%3D%20%31%3B%76%61%72%20%5F%6B%65%6F%74%70%67%75%62%20%3D%20%27%5F%62%6D%75%73%69%27%3B%5F%66%79%73%6D%6F%77%6D%20%2A%20%5F%6B%65%6F%74%70%67%75%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%72%75%6B%66%72%72%64%69'))))","'9'","'9'","var _uyvjblxk = { _jfav: '_dGnu' }; _uyvjblxk._jfav.charAt(eval(unescape('%76%61%72%20%5F%6B%79%62%77%61%70%72%71%20%3D%20%30%3B%76%61%72%20%5F%70%66%65%6A%77%63%75%20%3D%20%32%3B%76%61%72%20%5F%71%72%74%62%6E%61%20%3D%20%27%5F%7A%7A%65%75%61%64%72%71%27%3B%5F%6B%79%62%77%61%70%72%71%20%2A%20%5F%71%72%74%62%6E%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%70%66%65%6A%77%63%75')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%31%20%2A%20%36%20%2D%20%32%31%33%29%20%2F%20%33%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%38%20%2D%20%32%32%34%29%20%2F%20%31%34%29'))))"],"password_salt":"XaU04Zrv8txl1NRJ6lJpBHcnGIFIaiiz"}}
Plus lisible sur pastebin.
OS v3.3.2
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Le problème semble venir de cookies de l'interface web de la box. Pas de problème avec une requête propre.
Il ne faut effectivement pas partager les cookies avec une session web
Bonjour
C'est toujours le cas en 4.7.9.
mais alors bug ou pas bug ?
Récupérer le cookie lors d'une session web dans un tableau [] pour l'objet "challenge", est ce un bug ?
Habituellement l'objet "challenge" n'est pas un tableau :
Cordialement
nbanba