hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2825: Fix basic user privileges

Browse Source 
All POST, PUT, DELETE and PATCH commands should be prevented regardless of
whether they define a request body.
This commit is contained in:
Markus Mäkelä 2020-01-07 10:13:28 +02:00
parent edb49d6f35
commit 36b0196c3e
No known key found for this signature in database
GPG Key ID: 72D48FCE664F7B19
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/core/admin.cc
View File

@ -73,9 +73,8 @@ static inline size_t request_data_length(MHD_Connection* connection)
static bool modifies_data(MHD_Connection* connection, string method)
{
return (method == MHD_HTTP_METHOD_POST || method == MHD_HTTP_METHOD_PUT
|| method == MHD_HTTP_METHOD_DELETE || method == MHD_HTTP_METHOD_PATCH)
&& request_data_length(connection);
return method == MHD_HTTP_METHOD_POST || method == MHD_HTTP_METHOD_PUT
|| method == MHD_HTTP_METHOD_DELETE || method == MHD_HTTP_METHOD_PATCH;
}
static void send_auth_error(MHD_Connection* connection)