hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2825: Fix basic user privileges

Browse Source 
All POST, PUT, DELETE and PATCH commands should be prevented regardless of
whether they define a request body.
This commit is contained in:
Markus Mäkelä
2020-01-07 10:13:28 +02:00
parent edb49d6f35
commit 36b0196c3e
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/core/admin.cc
View File

@ -73,9 +73,8 @@ static inline size_t request_data_length(MHD_Connection* connection)
static bool modifies_data(MHD_Connection* connection, string method) static bool modifies_data(MHD_Connection* connection, string method)
{ {
return (method == MHD_HTTP_METHOD_POST || method == MHD_HTTP_METHOD_PUT return method == MHD_HTTP_METHOD_POST || method == MHD_HTTP_METHOD_PUT
|| method == MHD_HTTP_METHOD_DELETE || method == MHD_HTTP_METHOD_PATCH) || method == MHD_HTTP_METHOD_DELETE || method == MHD_HTTP_METHOD_PATCH;
&& request_data_length(connection);
} }
static void send_auth_error(MHD_Connection* connection) static void send_auth_error(MHD_Connection* connection)