Mercurial > hg > orthanc

diff OrthancServer/main.cpp @ 3535:41365091a41e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
display a security warning in the logs at startup when ExecuteLuaEnabled is true
author Alain Mazy <alain@mazy.be>
date Sun, 06 Oct 2019 09:52:57 +0200
parents cac8ffcb9cef
children 9cc09f4c0fa9
line wrap: on
line diff
--- a/OrthancServer/main.cpp	Fri Oct 04 19:16:12 2019 +0200
+++ b/OrthancServer/main.cpp	Sun Oct 06 09:52:57 2019 +0200
@@ -898,6 +898,18 @@
       {
         httpServer.SetSslEnabled(false);
       }
+
+      if (lock.GetConfiguration().GetBooleanParameter("ExecuteLuaEnabled", false))
+      {
+        context.SetExecuteLuaEnabled(true);
+        LOG(WARNING) << "====> Remote LUA script execution is enabled.  Review your configuration option \"ExecuteLuaEnabled\". "
+                     << "Your setup is POSSIBLY INSECURE <====";
+      }
+      else
+      {
+        context.SetExecuteLuaEnabled(false);
+        LOG(WARNING) << "Remote LUA script execution is disabled";
+      }
     }
 
     MyHttpExceptionFormatter exceptionFormatter(httpDescribeErrors, plugins);