cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item13794 (23 Nov 2015, GeorgeClark)Edit Attach

Item13794: Backport fix to REST not to try to strike-one-validate when called from CLI.

pencil
Priority: Enhancement
Current State: Closed
Released In: 1.1.10
Target Release: patch
Applies To: Engine
Component: FoswikiUIRest
Branches: Release01x01
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
diff --git a/lib/Foswiki/UI/Rest.pm b/lib/Foswiki/UI/Rest.pm
index f24e7bf..5c2b777 100644
--- a/lib/Foswiki/UI/Rest.pm
+++ b/lib/Foswiki/UI/Rest.pm
@@ -190,6 +190,7 @@ sub rest {

     # Check the method is allowed
     if ( $record->{http_allow} && defined $req->method() ) {
+      unless ( $session->inContext('command_line') ) {
         my %allowed = map { $_ => 1 } split( /[,\s]+/, $record->{http_allow} );
         unless ( $allowed{ uc( $req->method() ) } ) {
             $res->header( -type => 'text/html', -status => '405' );
@@ -198,12 +199,14 @@ sub rest {
             $res->print($err);
             throw Foswiki::EngineException( 404, $err, $res );
         }
+      }
     }

     # Check someone is logged in
     if ( $record->{authenticate} ) {
         unless ( $session->inContext('authenticated')
-            || $Foswiki::cfg{LoginManager} eq 'none' )
+            || $Foswiki::cfg{LoginManager} eq 'none' 
+            || $session->inContext('command_line') )
         {
             $res->header( -type => 'text/html', -status => '401' );
             $err = "ERROR: (401) $pathInfo requires you to be logged in";
@@ -213,7 +216,11 @@ sub rest {
     }

     # Validate the request
-    if ( $record->{validate} ) {
+    if (   $record->{validate}
+        && $Foswiki::cfg{Validation}{Method} ne 'none'
+        && !$session->inContext('command_line') )
+    {
+
         my $nonce = $req->param('validation_key');
         if (
             !defined($nonce)

-- MichaelDaum - 05 Oct 2015

 

ItemTemplate edit

Summary Backport fix to REST not to try to strike-one-validate when called from CLI.
ReportedBy MichaelDaum
Codebase 1.1.9
SVN Range
AppliesTo Engine
Component FoswikiUIRest
Priority Enhancement
CurrentState Closed
WaitingFor
Checkins distro:27438d50f5b7
TargetRelease patch
ReleasedIn 1.1.10
CheckinsOnBranches Release01x01
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins distro:27438d50f5b7
Topic revision: r4 - 23 Nov 2015, GeorgeClark - This page was cached on 04 May 2018 - 00:12.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License