[pve-devel] r5545 - pve-manager/pve2/lib/PVE
svn-commits at proxmox.com
svn-commits at proxmox.com
Wed Feb 16 08:15:58 CET 2011
Author: dietmar
Date: 2011-02-16 08:15:58 +0100 (Wed, 16 Feb 2011)
New Revision: 5545
Modified:
pve-manager/pve2/lib/PVE/REST.pm
Log:
carefully test arguments
Modified: pve-manager/pve2/lib/PVE/REST.pm
===================================================================
--- pve-manager/pve2/lib/PVE/REST.pm 2011-02-16 06:54:00 UTC (rev 5544)
+++ pve-manager/pve2/lib/PVE/REST.pm 2011-02-16 07:15:58 UTC (rev 5545)
@@ -300,9 +300,9 @@
if (defined($params->{path}) || defined($params->{permissions})) {
my @privs = PVE::Tools::split_list($params->{permissions});
- if (!($params->{path} && $params->{permissions} &&
- $rpcenv->check($user, $params->{path}, \@privs))) {
+ $path = PVE::AccessControl::normalize_path($params->{path});
+ if (!($path && scalar(@privs) && $rpcenv->check($user, $path, \@privs))) {
return {
status => HTTP_FORBIDDEN,
message => "permission check failed ($params->{path}, $params->{permissions})",
More information about the pve-devel
mailing list