[pve-devel] [PATCH v2 10/10] HTTPServer.pm: improve baseuri matching
Dietmar Maurer
dietmar at proxmox.com
Tue Jan 10 17:06:07 CET 2017
Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
PVE/HTTPServer.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 10263e9..0697ae2 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -982,7 +982,7 @@ sub handle_request {
# we re-enable timeout in response()
$reqstate->{hdl}->timeout(0);
- if ($path =~ m!$baseuri!) {
+ if ($path =~ m/^\Q$baseuri\E/) {
$self->handle_api2_request($reqstate, $auth, $method, $path);
return;
}
@@ -1258,7 +1258,7 @@ sub unshift_read_header {
}
$self->handle_spice_proxy_request($reqstate, $connect_str, $vmid, $node, $port);
return;
- } elsif ($path =~ m!$baseuri!) {
+ } elsif ($path =~ m/^\Q$baseuri\E/) {
my $token = $r->header('CSRFPreventionToken');
my $cookie = $r->header('Cookie');
my $ticket = extract_auth_cookie($cookie, $self->{cookie_name});
--
2.1.4
More information about the pve-devel
mailing list