comparison OrthancServer/OrthancRestApi/OrthancRestSystem.cpp @ 3535:41365091a41e

display a security warning in the logs at startup when ExecuteLuaEnabled is true
author Alain Mazy <alain@mazy.be>
date Sun, 06 Oct 2019 09:52:57 +0200
parents cac8ffcb9cef
children 94f4a18a79cc
comparison
equal deleted inserted replaced
3534:cac8ffcb9cef 3535:41365091a41e
137 } 137 }
138 } 138 }
139 139
140 static void ExecuteScript(RestApiPostCall& call) 140 static void ExecuteScript(RestApiPostCall& call)
141 { 141 {
142 { 142 ServerContext& context = OrthancRestApi::GetContext(call);
143 OrthancConfiguration::ReaderLock lock; 143
144 144 if (!context.IsExecuteLuaEnabled())
145 static const char* const OPTION = "ExecuteLuaEnabled"; 145 {
146 if (!lock.GetConfiguration().GetBooleanParameter(OPTION, false)) 146 LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, "
147 { 147 << "check your configuration file";
148 LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, " 148 call.GetOutput().SignalError(HttpStatus_403_Forbidden);
149 << "check value of configuration option \"" << OPTION << "\""; 149 return;
150 call.GetOutput().SignalError(HttpStatus_403_Forbidden);
151 return;
152 }
153 } 150 }
154 151
155 std::string result; 152 std::string result;
156 ServerContext& context = OrthancRestApi::GetContext(call);
157
158 std::string command; 153 std::string command;
159 call.BodyToString(command); 154 call.BodyToString(command);
160 155
161 { 156 {
162 LuaScripting::Lock lock(context.GetLuaScripting()); 157 LuaScripting::Lock lock(context.GetLuaScripting());