display version info after login

It is a security risk to display version info to unauthenticated users.

diff --git a/www/manager/Workspace.js b/www/manager/Workspace.js
index 48debedcff32cc55cefb78f4e50b1a1092d7ccad..015e52615228fbaf7c6ec9fae6afb3ffe70ba904 100644 (file)
--- a/www/manager/Workspace.js
+++ b/www/manager/Workspace.js
@@ -211,6 +211,15 @@ Ext.define('PVE.StdWorkspace', {
 
        if (loginData) {
            PVE.data.ResourceStore.startUpdate();
+
+           PVE.Utils.API2Request({
+               url: '/version',
+               method: 'GET',
+               success: function(response) {
+                   PVE.VersionInfo = response.result.data;
+                   me.updateVersionInfo();
+               }
+           });
        }
     },
 
@@ -228,6 +237,21 @@ Ext.define('PVE.StdWorkspace', {
        ui.doLayout();
     },
 
+    updateVersionInfo: function() {
+       var me = this;
+
+       var ui = me.query('#versioninfo')[0];
+
+       if (PVE.VersionInfo) {
+           var version = PVE.VersionInfo.version + '-' + PVE.VersionInfo.release + '/' +
+               PVE.VersionInfo.repoid;
+           ui.update('<span class="x-panel-header-text">Proxmox Virtual Environment<br>' + gettext('Version') + ': ' + version + "</span>");
+       } else {
+           ui.update('<span class="x-panel-header-text">Proxmox Virtual Environment</span>');
+       }
+       ui.doLayout();
+    },
+
     initComponent : function() {
        var me = this;
 
@@ -341,7 +365,8 @@ Ext.define('PVE.StdWorkspace', {
                        {
                            minWidth: 200,
                            flex: 1,
-                           html: '<span class="x-panel-header-text">Proxmox Virtual Environment<br>' + gettext('Version') + ' ' + PVE.GUIVersion + "</span>"
+                           id: 'versioninfo',
+                           html: '<span class="x-panel-header-text">Proxmox Virtual Environment</span>'
                        },
                        {
                            pack: 'end',

diff --git a/www/manager/index.pl b/www/manager/index.pl
index c8e1c81ea93830d28019c84f64890023e8d6a4c3..5ccf8ad94e637ee6d81be501aee7aa084b0d65e4 100644 (file)
--- a/www/manager/index.pl
+++ b/www/manager/index.pl
@@ -4,7 +4,6 @@ use strict;
 use mod_perl2 '1.9922';
 use Encode;
 use CGI;
-use PVE::pvecfg;
 use PVE::JSONSchema;
 use PVE::AccessControl;
 use PVE::REST;
@@ -42,7 +41,7 @@ if (my $cookie = $r->headers_in->{Cookie}) {
        $token = PVE::AccessControl::assemble_csrf_prevention_token($username);
     }
 }
-my $version = PVE::pvecfg::version_text();
+
 $username = '' if !$username;
 
 my $cgi = CGI->new($r);
@@ -53,7 +52,6 @@ my $workspace = defined($args{console}) ?
 
 my $jssrc = <<_EOJS;
 if (!PVE) PVE = {};
-PVE.GUIVersion = '$version';
 PVE.UserName = '$username';
 PVE.CSRFPreventionToken = '$token';
 _EOJS