Mercurial > hg > orthanc
comparison OrthancServer/OrthancRestApi/OrthancRestSystem.cpp @ 3535:41365091a41e
display a security warning in the logs at startup when ExecuteLuaEnabled is true
author | Alain Mazy <alain@mazy.be> |
---|---|
date | Sun, 06 Oct 2019 09:52:57 +0200 |
parents | cac8ffcb9cef |
children | 94f4a18a79cc |
comparison
equal
deleted
inserted
replaced
3534:cac8ffcb9cef | 3535:41365091a41e |
---|---|
137 } | 137 } |
138 } | 138 } |
139 | 139 |
140 static void ExecuteScript(RestApiPostCall& call) | 140 static void ExecuteScript(RestApiPostCall& call) |
141 { | 141 { |
142 { | 142 ServerContext& context = OrthancRestApi::GetContext(call); |
143 OrthancConfiguration::ReaderLock lock; | 143 |
144 | 144 if (!context.IsExecuteLuaEnabled()) |
145 static const char* const OPTION = "ExecuteLuaEnabled"; | 145 { |
146 if (!lock.GetConfiguration().GetBooleanParameter(OPTION, false)) | 146 LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, " |
147 { | 147 << "check your configuration file"; |
148 LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, " | 148 call.GetOutput().SignalError(HttpStatus_403_Forbidden); |
149 << "check value of configuration option \"" << OPTION << "\""; | 149 return; |
150 call.GetOutput().SignalError(HttpStatus_403_Forbidden); | |
151 return; | |
152 } | |
153 } | 150 } |
154 | 151 |
155 std::string result; | 152 std::string result; |
156 ServerContext& context = OrthancRestApi::GetContext(call); | |
157 | |
158 std::string command; | 153 std::string command; |
159 call.BodyToString(command); | 154 call.BodyToString(command); |
160 | 155 |
161 { | 156 { |
162 LuaScripting::Lock lock(context.GetLuaScripting()); | 157 LuaScripting::Lock lock(context.GetLuaScripting()); |