Mercurial > hg > orthanc

diff OrthancServer/Sources/main.cpp @ 5200:f8f1c4a9a216

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New configuration option 'RestApiWriteToFileSystemEnabled'
author Alain Mazy <am@osimis.io>
date Wed, 29 Mar 2023 11:23:37 +0200
parents 0ea402b4d901
children 345dac17a349
line wrap: on
line diff
--- a/OrthancServer/Sources/main.cpp	Tue Mar 28 10:48:13 2023 +0200
+++ b/OrthancServer/Sources/main.cpp	Wed Mar 29 11:23:37 2023 +0200
@@ -1172,6 +1172,18 @@
         LOG(WARNING) << "Remote LUA script execution is disabled";
       }
 
+      if (lock.GetConfiguration().GetBooleanParameter("RestApiWriteToFileSystemEnabled", false))
+      {
+        context.SetRestApiWriteToFileSystemEnabled(true);
+        LOG(WARNING) << "====> Your Rest API can write to the FileSystem.  Review your configuration option \"RestApiWriteToFileSystemEnabled\". "
+                     << "Your setup is POSSIBLY INSECURE <====";
+      }
+      else
+      {
+        context.SetRestApiWriteToFileSystemEnabled(false);
+        LOG(WARNING) << "Rest API can not write to the file system.";
+      }
+
       if (lock.GetConfiguration().GetBooleanParameter("WebDavEnabled", true))
       {
         const bool allowDelete = lock.GetConfiguration().GetBooleanParameter("WebDavDeleteAllowed", false);