Mercurial > hg > orthanc
comparison OrthancServer/OrthancRestApi/OrthancRestSystem.cpp @ 3535:41365091a41e
display a security warning in the logs at startup when ExecuteLuaEnabled is true
| author | Alain Mazy <alain@mazy.be> |
|---|---|
| date | Sun, 06 Oct 2019 09:52:57 +0200 |
| parents | cac8ffcb9cef |
| children | 94f4a18a79cc |
comparison
equal
deleted
inserted
replaced
| 3534:cac8ffcb9cef | 3535:41365091a41e |
|---|---|
| 137 } | 137 } |
| 138 } | 138 } |
| 139 | 139 |
| 140 static void ExecuteScript(RestApiPostCall& call) | 140 static void ExecuteScript(RestApiPostCall& call) |
| 141 { | 141 { |
| 142 { | 142 ServerContext& context = OrthancRestApi::GetContext(call); |
| 143 OrthancConfiguration::ReaderLock lock; | 143 |
| 144 | 144 if (!context.IsExecuteLuaEnabled()) |
| 145 static const char* const OPTION = "ExecuteLuaEnabled"; | 145 { |
| 146 if (!lock.GetConfiguration().GetBooleanParameter(OPTION, false)) | 146 LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, " |
| 147 { | 147 << "check your configuration file"; |
| 148 LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, " | 148 call.GetOutput().SignalError(HttpStatus_403_Forbidden); |
| 149 << "check value of configuration option \"" << OPTION << "\""; | 149 return; |
| 150 call.GetOutput().SignalError(HttpStatus_403_Forbidden); | |
| 151 return; | |
| 152 } | |
| 153 } | 150 } |
| 154 | 151 |
| 155 std::string result; | 152 std::string result; |
| 156 ServerContext& context = OrthancRestApi::GetContext(call); | |
| 157 | |
| 158 std::string command; | 153 std::string command; |
| 159 call.BodyToString(command); | 154 call.BodyToString(command); |
| 160 | 155 |
| 161 { | 156 { |
| 162 LuaScripting::Lock lock(context.GetLuaScripting()); | 157 LuaScripting::Lock lock(context.GetLuaScripting()); |