[BUG+FIX] v03.04.01-230 - New user's share with password being created as public access

Hi all,

As it has been only a week I got this device, I’m not sure if this bug exists on previous firmwares. Pardon my ignorance, but I confirmed the dashboard bug exists running on Chrome/IE11/Dolphin. Hope WD Support can fix them in the next firmware release. For the time being, anyone who wish to do your own changes (backup and at your own warranty risk), below are the details and fixes.

Go to line 54, search for the " exact" occurrence with no white spaces and replace or remove as stated in a single line. These are obfuscate/minify javascript and I’ve ensured the ones which need changes are unique to this file. I did not upload the fixed file due to some other personal customizations.


#Bug1; On the Home/Users Tab, new user’s share with password being created as public access.

#Reason; Due to password field being cleared earlier before creating the new user’s share.

#Fix1; Introduce a global passwordSet boolean variable to check if a password is set in earlier stage.

var sharenameToCreate;$(document).ready(function(){$("#user_share_access_list").data ->REPLACE-> var sharenameToCreate;var passwordSet;$(document).ready(function(){$("#user_share_access_list").data

#Fix2; Update the global passwordSet boolean variable when a password is set in earlier stage.

if($.trim(b)!=""){$("#create_user_password_encoded").val($.base64.encode(b))} ->REPLACE-> passwordSet=false;if($.trim(b)!=""){passwordSet=true;$("#create_user_password_encoded").val($.base64.encode(b))}

#Fix3; Use the existing passwordSet boolean variable to determine public or private access.

if($.trim($("#create_user_password").val())!=""){c.public_access="false";a=true}else{c.public_access="true"} ->REPLACE-> if(passwordSet){c.public_access="false";a=true}else{c.public_access="true"}

#Bug2; On the Users Tab, displaying incorrect permission share access for the first time after creating a new user with password.

#Reason; Related to Bug1. Additionally the refresh data was displayed before the shares were created, thus displaying incorrect access.

#Fix1; Removed the earlier ajax function to assign private access to a new user’s share with password.

if(a){$.ajaxAPI({url:"share_access/"+b,type:"POST",data:{username:g,access:"RW"}})} ->REMOVE

#Fix2; Add the previous removed ajax function just before closing the form.

complete:function(l){$("#create_user_wizard").dialog("close");$("#create_user_form").restForm("processFormComplete",d,k);$("#user_"+g+" a.user").click()} ->REPLACE-> complete:function(l){var c=function(){$("#create_user_wizard").dialog("close");$("#create_user_form").restForm("processFormComplete",d,k);$("#user_"+g+" a.user").click()};if(a){$.ajaxAPI({url:"share_access/"+b,type:"POST",data:{username:g,access:"RW"},complete:function(l){c()}})}else{c()}}

Below are optional;

#Optional1; Create new user’s share with first upper character.

var b=sharenameToCreate; ->REPLACE-> var b=sharenameToCreate.substr(0,1).toUpperCase()+sharenameToCreate.substr(1).toLowerCase();

var c=sharenameToCreate; ->REPLACE-> var c=sharenameToCreate.substr(0,1).toUpperCase()+sharenameToCreate.substr(1).toLowerCase();

#Optional2; Add description for new user’s share.

var c={share_name:b,description:"",media_serving:"none",remote_access:"true"}; ->REPLACE-> var c={share_name:b,description:b,media_serving:"none",remote_access:"true"};

share_name:c,description:"",media_serving:"none",public_access:"true",remote_access:"true" ->REPLACE-> share_name:c,description:c,media_serving:"none",public_access:"true",remote_access:"true"

If you change the #Optional1 part above, it’s recommended to change the ‘/etc/passwd’ file updater function as well if you change the ‘/etc/ssh/sshd_config’ file to allow other users to have shell access. This would enable each user to have their own SSH keys area /shares/username/.ssh/ which allow password-less logins using key-pairs.


#Optional3; Update new user’s home directory with first upper character.

'home_directory' => '/shares', ->REPLACE-> 'home_directory' => '/shares/'.ucfirst($userName),

#Optional4; Update new user’s shell to bash.

'shell' => '/bin/sh'); ->REPLACE-> 'shell' => '/bin/bash');

Thank you for sharing.