Mercurial > hg > orthanc
diff OrthancServer/Sources/main.cpp @ 5200:f8f1c4a9a216
New configuration option 'RestApiWriteToFileSystemEnabled'
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 29 Mar 2023 11:23:37 +0200 |
parents | 0ea402b4d901 |
children | 345dac17a349 |
line wrap: on
line diff
--- a/OrthancServer/Sources/main.cpp Tue Mar 28 10:48:13 2023 +0200 +++ b/OrthancServer/Sources/main.cpp Wed Mar 29 11:23:37 2023 +0200 @@ -1172,6 +1172,18 @@ LOG(WARNING) << "Remote LUA script execution is disabled"; } + if (lock.GetConfiguration().GetBooleanParameter("RestApiWriteToFileSystemEnabled", false)) + { + context.SetRestApiWriteToFileSystemEnabled(true); + LOG(WARNING) << "====> Your Rest API can write to the FileSystem. Review your configuration option \"RestApiWriteToFileSystemEnabled\". " + << "Your setup is POSSIBLY INSECURE <===="; + } + else + { + context.SetRestApiWriteToFileSystemEnabled(false); + LOG(WARNING) << "Rest API can not write to the file system."; + } + if (lock.GetConfiguration().GetBooleanParameter("WebDavEnabled", true)) { const bool allowDelete = lock.GetConfiguration().GetBooleanParameter("WebDavDeleteAllowed", false);