[pve-devel] r5545 - pve-manager/pve2/lib/PVE

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Feb 16 08:15:58 CET 2011


Author: dietmar
Date: 2011-02-16 08:15:58 +0100 (Wed, 16 Feb 2011)
New Revision: 5545

Modified:
   pve-manager/pve2/lib/PVE/REST.pm
Log:
carefully test arguments


Modified: pve-manager/pve2/lib/PVE/REST.pm
===================================================================
--- pve-manager/pve2/lib/PVE/REST.pm	2011-02-16 06:54:00 UTC (rev 5544)
+++ pve-manager/pve2/lib/PVE/REST.pm	2011-02-16 07:15:58 UTC (rev 5545)
@@ -300,9 +300,9 @@
 	 
 	if (defined($params->{path}) || defined($params->{permissions})) {
 	    my @privs = PVE::Tools::split_list($params->{permissions});
-	    if (!($params->{path} && $params->{permissions} &&
-		  $rpcenv->check($user, $params->{path}, \@privs))) {
+	    $path = PVE::AccessControl::normalize_path($params->{path});
 
+	    if (!($path && scalar(@privs) && $rpcenv->check($user, $path, \@privs))) {
 		return { 
 		    status => HTTP_FORBIDDEN,
 		    message => "permission check failed ($params->{path}, $params->{permissions})",



More information about the pve-devel mailing list