Mercurial > hg > orthanc

diff OrthancServer/OrthancRestApi/OrthancRestSystem.cpp @ 3535:41365091a41e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
display a security warning in the logs at startup when ExecuteLuaEnabled is true
author Alain Mazy <alain@mazy.be>
date Sun, 06 Oct 2019 09:52:57 +0200
parents cac8ffcb9cef
children 94f4a18a79cc
line wrap: on
line diff
--- a/OrthancServer/OrthancRestApi/OrthancRestSystem.cpp	Fri Oct 04 19:16:12 2019 +0200
+++ b/OrthancServer/OrthancRestApi/OrthancRestSystem.cpp	Sun Oct 06 09:52:57 2019 +0200
@@ -139,22 +139,17 @@
 
   static void ExecuteScript(RestApiPostCall& call)
   {
-    {
-      OrthancConfiguration::ReaderLock lock;
+    ServerContext& context = OrthancRestApi::GetContext(call);
 
-      static const char* const OPTION = "ExecuteLuaEnabled";
-      if (!lock.GetConfiguration().GetBooleanParameter(OPTION, false))
-      {
-        LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, "
-                   << "check value of configuration option \"" << OPTION << "\"";
-        call.GetOutput().SignalError(HttpStatus_403_Forbidden);
-        return;
-      }
+    if (!context.IsExecuteLuaEnabled())
+    {
+      LOG(ERROR) << "The URI /tools/execute-script is disallowed for security, "
+                 << "check your configuration file";
+      call.GetOutput().SignalError(HttpStatus_403_Forbidden);
+      return;
     }
 
     std::string result;
-    ServerContext& context = OrthancRestApi::GetContext(call);
-
     std::string command;
     call.BodyToString(command);