stv0g/tvheadend
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

HTTP API: add missing access verification for all API calls

Browse source
This commit is contained in:
Jaroslav Kysela 2014-09-12 16:55:36 +02:00
parent 2c7cc8c453
commit 33a516b14b
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/api.c
View file

@ -84,6 +84,9 @@ api_exec ( access_t *perm, const char *subsystem,
return ENOSYS; // TODO: is this really the right error code?
}
if (access_verify2(perm, ah->hook->ah_access))
return EPERM;
/* Extract method */
op = htsmsg_get_str(args, "method");
if (!op)