Merge pull request #35 from livrasand/32-fix-code-scanning-alert-incl…

…usion-of-functionality-from-an-untrusted-source Actualización de seguridad
livrasand · Jul 12, 2024 · 4deec67 · 4deec67
2 parents 93d3d78 + 0363574
commit 4deec67
Show file tree

Hide file tree

Showing 8 changed files with 869 additions and 314 deletions.
diff --git a/app.py b/app.py
diff --git a/cavea.db b/cavea.db
diff --git a/templates/confirm.html b/templates/confirm.html
@@ -17,243 +17,7 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
-    <style type="text/css">
-       /* import fonts  */
-@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap');
-
-
-/* color variables  */
-
-:root {
-    --primary-green: #2DA44E;
-    --primary-dark: #24292F;
-    --primary-light: #ffffff;
-    --fade-light: #F6F8FA;
-    --border-color: rgb(141, 141, 141);
-}
-
-/* default properties  */
-a {
-    text-decoration: none;
-}
-
-* {
-    margin: 0px;
-    padding: 0px;
-    box-sizing: border-box;
-    font-family: 'Poppins', sans-serif;
-}
-
-body {
-    width: 100%;
-    min-height: 100vh;
-    background-color: #ffffff;
-    display: flex;
-    justify-content: center;
-    align-items: center;
-    margin: 0;
-}
-
-.container {
-    display: flex;
-    justify-content: center;
-    flex-direction: column;
-    width: 450px;
-    align-items: center;
-    padding: 25px;
-}
-
-.github-logo {
-    /* border: 1px solid black; */
-    margin-bottom: 20px;
-    display: flex;
-}
-
-.github-logo i {
-    font-size: 50px;
-}
-
-.github-head {
-    font-size: 14px;
-    margin-left: 15px;
-    margin-top: 12px;
-}
-
-.login-wrapper {
-    width: 100%;
-    border: 1px solid var(--border-color);
-    padding: 25px 15px;
-    border-radius: 5px;
-    background-color: var(--fade-light);
-    margin-top: 15px;
-}
-
-.input-box {
-    width: 100%;
-    display: flex;
-    justify-content: center;
-    align-items: flex-start;
-    flex-direction: column;
-    margin-bottom: 20px;
-}
-
-.input-label {
-    display: flex;
-    justify-content: space-between;
-    width: 100%;
-    font-size: 15px;
-}
-
-input {
-    width: 100%;
-    outline: none;
-    margin-top: 5px;
-    font-size: 16px;
-    padding: 4px 6px;
-    border-radius: 5px;
-    border: 1px solid var(--primary-dark);
-}
-
-input:focus {
-    border: 1px solid blue;
-}
-
-.submit-btn {
-    width: 100%;
-    padding: 5px 0px;
-    font-size: 18px;
-    background-color: var(--primary-green);
-    border: none;
-    border-radius: 5px;
-    color: var(--primary-light);
-    cursor: pointer;
-    transition: all 0.2s linear;
-    margin-top: 20px;
-}
-
-.submit-btn:hover {
-    transform: translateY(-1px);
-}
-
-.info {
-    font-size: 15px;
-    margin-top: 25px;
-    border: 1px solid var(--border-color);
-    padding: 20px 15px;
-    width: 100%;
-    border-radius: 5px;
-    text-align: center;
-    background-color: var(--fade-light);
-}
-
-.golden-edition {
-    margin-top: 25px;
-    border: 1px solid #e5e7eb;
-    padding-top: .5rem;
-    padding-bottom: .5rem;
-    padding-left: 1rem;
-    padding-right: 1rem;
-    width: 100%;
-    border-radius: .5rem;
-    text-align: left;
-}
-
-.title-container {
-    display: flex;
-    align-items: center;
-    font-size: .875rem;
-    line-height: 1.25rem;
-    margin-top: 10px;
-}
-
-.text-yellow-600 {
-    --tw-text-opacity: 1;
-    color: rgb(202 138 4/var(--tw-text-opacity));
-}
-
-.payment-info {
-    text-align: center;
-}
-
-
-
-.dev-info{
-    position: absolute;
-    bottom: 10px;
-    left: 50%;
-    transform: translate(-50%,0%);
-}
-
-
-@media screen and (max-width:360px) {
-    body {
-        padding: 0px 10px;
-    }
-
-    .info {
-        font-size: 14px;
-        padding: 17px 10px;
-    }
-
-    .input-label {
-        font-size: 14px;
-    }
-}
-
-.text-yellow-900 {
-  --tw-text-opacity: 1;
-  color: rgb(113 63 18/var(--tw-text-opacity));
-}
-.text-xs {
-  font-size: .75rem;
-  line-height: 1rem;
-}
-.py-1 {
-  padding-top: .25rem;
-  padding-bottom: .25rem;
-}
-.px-2 {
-  padding-left: .5rem;
-  padding-right: .5rem;
-}
-.bg-yellow-100 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(254 249 195/var(--tw-bg-opacity));
-}
-.border-yellow-500 {
-  --tw-border-opacity: 1;
-  border-color: rgb(234 179 8/var(--tw-border-opacity));
-}
-.border {
-  border-width: 1px;
-}
-.rounded-md {
-  border-radius: .375rem;
-}
-.inline-flex {
-  display: inline-flex;
-}
-.mt-2 {
-  margin-top: .5rem;
-}
-.ml-2 {
-  margin-left: .5rem;
-}
-.flex-shrink-0 {
-  flex-shrink: 0;
-}
-.w-5 {
-  width: 1.25rem;
-}
-.h-4 {
-  height: 1rem;
-}
-
-.error-message {
-            color: red;
-            display: none;
-        }
-    </style>
+     <link href="{{ url_for('static', filename='style.css') }}" rel="stylesheet" />
 
     <!-- link icons  -->
     <script src="https://kit.fontawesome.com/59784df54a.js" crossorigin="anonymous"></script>
@@ -262,23 +26,22 @@
 </head>
 
 <body>
-    <div class="container">
-        <div class="github-logo">
-        <span class="github-head" style="font-size:16px;">
-            Por favor establece una contraseña segura.<br><br>Una vez que hayas configurado tu contraseña, podrás acceder a tu cuenta y explorar todo lo que Kingdom Hall Attendant tiene para ofrecer.
+    <div class="container" style="max-width: 450px;">
+        <a class="styles_module_wtLink__f24f44fb styles_module_wtLink_Utility__f24f44fb styles_module_wtLink_Default__f24f44fb styles_module_wtLink_Light__f24f44fb styles_module_wtBodyMedium__f24f44fb styles_module_logoLink__8a4eaeaf styles_module_dark__8a4eaeaf Nav_navTopLogo__LpSb7" href="https://www.getkha.org/" >
+        <img src="{{ url_for('static', filename='images/313010479-cfab1393-8ae1-4b3f-9895-7022272f1262.jpeg') }}" style="width:50px;border-radius: 25%;"></a>
+
+      <nav id="wt-top-navigation-n_XG1HoVuvytluhKz8jtu" class="styles_module_container__05ad3f7f Nav_globalNavContainer__BzVy1"><div class="styles_module_menuGroup__a75ea064"><div class="styles_module_menuBar__a75ea064"><div class="styles_module_fullMenu__a75ea064" aria-hidden="false"><a class="styles_module_wtLink__f24f44fb styles_module_wtLink_Navigational__f24f44fb styles_module_wtLink_Neutral__f24f44fb styles_module_wtLink_Light__f24f44fb styles_module_wtLabelMediumSemi__f24f44fb styles_module_navLink__0a0665ea" href="https://github.com/livrasand/kingdom_hall_attendant_binaries/releases/latest">Descargar</a><a class="styles_module_wtLink__f24f44fb styles_module_wtLink_Navigational__f24f44fb styles_module_wtLink_Neutral__f24f44fb styles_module_wtLink_Light__f24f44fb styles_module_wtLabelMediumSemi__f24f44fb styles_module_navLink__0a0665ea" href="/faq">FAQ</a><a class="styles_module_wtLink__f24f44fb styles_module_wtLink_Navigational__f24f44fb styles_module_wtLink_Neutral__f24f44fb styles_module_wtLink_Light__f24f44fb styles_module_wtLabelMediumSemi__f24f44fb styles_module_navLink__0a0665ea" href="https://github.com/livrasand/Kingdom-Hall-Attendant">Source code</a></div></div><div class="styles_module_menuBar__a75ea064 styles_module_buttonsSection__33aa50d8"><a class="styles_module_wtLink__f24f44fb styles_module_wtLink_Navigational__f24f44fb styles_module_wtLink_Neutral__f24f44fb styles_module_wtLink_Light__f24f44fb styles_module_wtLabelMediumSemi__f24f44fb styles_module_navLink__0a0665ea" href="/login" data-prevent-routing="true" data-testid="Iniciar sesión">Iniciar sesión</a><a class="styles_module_wtButton__38691ab2 styles_module_wtButton_XSmall__38691ab2 styles_module_wtButtonPrimaryNeutral_Light__38691ab2" href="/signup" data-testid="Registrarse">Registrarse</a></div></div></nav>
+        <div class="github-logo" style="text-align: left;">
+        <span class="" style="font-size:16px;text-align: left;">Por favor establece una contraseña segura.<br><br>Una vez que hayas configurado tu contraseña, podrás acceder a tu cuenta y explorar todo lo que Kingdom Hall Attendant tiene para ofrecer.
         </span>
         </div>
-        <h1 class="github-head" style="font-size:24px;">
-            <i class="fa-solid fa-terminal"></i> Opensource Edition
-        </h1>
         <form method="post" action="{{ url_for('confirm_email', token=token) }}" style="width:100%;">
         <div class="login-wrapper">
             <div class="input-box">
                 <div for="password" class="input-label">Contraseña</div>
                 <input type="password" id="password" name="password" required>
             </div>
 
-             <div id="errorMessage" class="error-message" style="margin-bottom: 10px;">Los correos electrónicos no coinciden.</div>
 
             <button type="submit" class="submit-btn">
                 Confirmar

diff --git a/templates/detalle-vida-ministerio.html b/templates/detalle-vida-ministerio.html
@@ -24,7 +24,7 @@
    <div id="loading-screen">
     <div id="loading-spinner"></div>
     &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-    <h3>Extrayendo datos de WOL (Watchtower Online Library)</h3>
+    <h3>Sincronizando datos de la reunión</h3>
 </div>
 
 <div id="saving-screen">
@@ -36,7 +36,7 @@ <h3>Guardando...</h3>
       <div class="Header color-bg-inset">
          <!-- Image item  -->
          <div class="Header-item width-full">
-            <a onclick="history.back()" style="cursor: pointer;" class="mr-2 ml-n2">
+            <a href="vida-ministerio.html" style="cursor: pointer;" class="mr-2 ml-n2">
                <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="24" height="24">
                   <path d="M15.28 5.22a.75.75 0 0 1 0 1.06L9.56 12l5.72 5.72a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215l-6.25-6.25a.75.75 0 0 1 0-1.06l6.25-6.25a.75.75 0 0 1 1.06 0Z"></path>
                </svg>

diff --git a/templates/index.html b/templates/index.html
@@ -491,6 +491,7 @@ <h5 class="color-fg-default" style="margin-left: 25%;">Grupo de Visita a Pacient
 window.onresize = cambiarClases;
 
  </script>
+
    </body>
 </html>
 

diff --git a/templates/mostrar-vida-ministerio.html b/templates/mostrar-vida-ministerio.html
@@ -16,7 +16,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <link href="{{ url_for('static', filename='primer.css') }}" rel="stylesheet" />
     <link href="{{ url_for('static', filename='jw-icons.css') }}" rel="stylesheet" />
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/html2canvas/dist/html2canvas.min.js" integrity="sha256-musR5fkfI19Xctp8iILUeldb/JF3eQ9F/WYiELjw+Cg=" crossorigin="anonymous"></script>
     <link href="{{ url_for('static', filename='print-styles.css') }}" rel="stylesheet" />
     <link rel="icon" href="{{ url_for('static', filename='favicon.ico') }}" type="image/x-icon">
 </head>

diff --git a/templates/signup.html b/templates/signup.html
@@ -35,34 +35,47 @@
             Regístrate para comenzar la aventura...
         </span>
         <form method="post" action="{{ url_for('register') }}">
-        <div class="login-wrapper">
-            <div class="input-box">
-                <div for="email" class="input-label">Correo electrónico</div>
-                <input type="email" id="email" name="email" required autocomplete="off">
+    <div class="login-wrapper">
+        <div class="input-box">
+            <div class="input-label" for="email">
+                <span>Correo electrónico</span>
+                <a id="resend-link" style="color: rgb(0, 87, 188);cursor: pointer;">Reenviar enlace</a>
             </div>
+            <input type="email" id="email" name="email" required autocomplete="off">
+        </div>
 
-            <div class="input-label" style="font-size:12px;">Después de continuar con el registro, le enviaremos un enlace mágico a su correo electrónico. Por favor, revise su bandeja de entrada o su carpeta de SPAM para encontrar el enlace y completar su registro.</div>
-<br>
-            <button type="submit" class="submit-btn">
-                Continuar
-            </button>
+        <div class="input-label" style="font-size:12px;">Después de continuar con el registro, le enviaremos un enlace mágico a su correo electrónico. Por favor, revise su bandeja de entrada o su carpeta de SPAM para encontrar el enlace y completar su registro.</div>
+        <br>
+        <button type="submit" class="submit-btn">
+            Continuar
+        </button>
 
-            {% with messages = get_flashed_messages() %}
-        {% if messages %}
-            <ul>
-            {% for message in messages %}
-                <div class="input-label" style="font-size:12px;margin-top: 10px;color:var(--primary-green);">{{ message }}</div>
-            {% endfor %}
-            </ul>
-        {% endif %}
-    {% endwith %}
-        </div>
-    </form>
+        {% with messages = get_flashed_messages() %}
+            {% if messages %}
+                <ul>
+                    {% for message in messages %}
+                        <div class="input-label" style="font-size:12px;margin-top: 10px;color:var(--primary-green);">{{ message }}</div>
+                    {% endfor %}
+                </ul>
+            {% endif %}
+        {% endwith %}
+    </div>
+</form>
 
         <div class="info">
             <span>¿Ya tienes cuenta? <a href="/login" style="color: rgb(0, 87, 188);cursor: pointer;">Inicia sesión</a>.</span>
         </div>
     </div>
+    <script>
+    document.getElementById('resend-link').addEventListener('click', function() {
+        var email = document.getElementById('email').value;
+        if (email) {
+            window.location.href = "{{ url_for('resend_token', email='') }}" + email;
+        } else {
+            alert('Por favor, ingrese su correo electrónico primero.');
+        }
+    });
+</script>
 </body>
 
 </html>