web: add security check on old XMLRPC API
This commit is contained in:
parent
0a3887c2bd
commit
6f160e7176
2 changed files with 35 additions and 33 deletions
|
@ -156,7 +156,7 @@ function logger_menu() {
|
||||||
* Callback functions registered in the logger_menu section
|
* Callback functions registered in the logger_menu section
|
||||||
*/
|
*/
|
||||||
function _logger_dashboard($type, $function, $interval) {
|
function _logger_dashboard($type, $function, $interval) {
|
||||||
watchdog('dashboard', 'arguments: %type, %function, %interval', array('%type' => $type, '%function' => $function, '%interval' => $interval), WATCHDOG_DEBUG);
|
// watchdog('dashboard', 'arguments: %type, %function, %interval', array('%type' => $type, '%function' => $function, '%interval' => $interval), WATCHDOG_DEBUG);
|
||||||
|
|
||||||
if (user_access('logger')) {
|
if (user_access('logger')) {
|
||||||
drupal_set_title(t('your dashboard'));
|
drupal_set_title(t('your dashboard'));
|
||||||
|
@ -240,7 +240,7 @@ function _logger_dashboard($type, $function, $interval) {
|
||||||
$command .= $string->def;
|
$command .= $string->def;
|
||||||
$command .= $string->line;
|
$command .= $string->line;
|
||||||
exec($command, $output, $return_var);
|
exec($command, $output, $return_var);
|
||||||
watchdog('dashboard', 'arguments: %command ++ %output ++ %return_var', array('%command' => $command, '%output' => serialize($output), '%return_var' => $return_var), WATCHDOG_DEBUG);
|
// watchdog('dashboard', 'arguments: %command ++ %output ++ %return_var', array('%command' => $command, '%output' => serialize($output), '%return_var' => $return_var), WATCHDOG_DEBUG);
|
||||||
return theme('chart', $graph_path . $pngid .'.png');
|
return theme('chart', $graph_path . $pngid .'.png');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,8 @@ function _logger_measurement_add($logs) {
|
||||||
$path->night = $path->root .'/data/night/';
|
$path->night = $path->root .'/data/night/';
|
||||||
foreach ($logs as $meter => $measurements) {
|
foreach ($logs as $meter => $measurements) {
|
||||||
//load the normalisation factor, relative to 1pulse = 1Wh
|
//load the normalisation factor, relative to 1pulse = 1Wh
|
||||||
$meterdata = db_fetch_object(db_query("SELECT night, factor FROM {logger_meters} WHERE meter = '%s'", $meter));
|
$meterdata = db_fetch_object(db_query("SELECT uid, night, factor FROM {logger_meters} WHERE meter = '%s'", $meter));
|
||||||
|
if ($meterdata->uid < 5) { // only alpha users are allowed to call this API
|
||||||
$command = $path->root .'/rrdtool update '. $path->base . $meter .'.rrd ';
|
$command = $path->root .'/rrdtool update '. $path->base . $meter .'.rrd ';
|
||||||
ksort($measurements); // sort the key-value pairs in the associative array by key, i.e. the timestamp
|
ksort($measurements); // sort the key-value pairs in the associative array by key, i.e. the timestamp
|
||||||
foreach ($measurements as $timestamp => $value) {
|
foreach ($measurements as $timestamp => $value) {
|
||||||
|
@ -100,5 +101,6 @@ function _logger_measurement_add($logs) {
|
||||||
watchdog_xmlrpc('logger.measurementAdd', 'shell command execution failed: %return %command', array('%command' => $command, '%return' => $return), WATCHDOG_ERROR);
|
watchdog_xmlrpc('logger.measurementAdd', 'shell command execution failed: %return %command', array('%command' => $command, '%return' => $return), WATCHDOG_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return $command; //using $command for testing purposes, replace by $info afterwards
|
return $command; //using $command for testing purposes, replace by $info afterwards
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue