ELOG/elog
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disabled attachment file retrieval to prevent poxy mis-use

Browse Source
This commit is contained in:
ritt
2024-05-03 15:50:17 +02:00
parent 3020557a2b
commit 8f942d1d18
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/elogd.cxx
+9 -2
View File
@@ -28587,6 +28587,10 @@ void decode_post(char *logbook, LOGBOOK *lbs, char *string, const char *boundary
/* check for URL */
if (stristr(file_name, "http://") || stristr(file_name, "https://")) {
return;
/*---- disabled for security reasons ----
// check for logbook access
if (getcfg(lbs->name, "Password file", str, sizeof(str))) {
if (!check_login(lbs, getparam("sid"))) {
@@ -28602,7 +28606,7 @@ void decode_post(char *logbook, LOGBOOK *lbs, char *string, const char *boundary
return;
}
/* check for HTTP header */
// check for HTTP header
pbody = strstr(buffer, "\r\n\r\n");
if (!pbody) {
show_error(loc("Invalid HTTP header"));
@@ -28612,7 +28616,7 @@ void decode_post(char *logbook, LOGBOOK *lbs, char *string, const char *boundary
pbody += 4;
header_size = pbody - buffer;
/* check for file found */
// check for file found
if (strchr(buffer, ' ')) {
status = atoi(strchr(buffer, ' ') + 1);
if (status != 200) {
@@ -28635,6 +28639,9 @@ void decode_post(char *logbook, LOGBOOK *lbs, char *string, const char *boundary
xfree(buffer);
sprintf(str, "attachment%d", n_att++);
setparam(str, full_name);
---- */
} else {
strencode2(str2, file_name, sizeof(str2));
sprintf(str, loc("Attachment file <b>\"%s\"</b> empty or not found"), str2);