Overview

File check-access-token-when-calling-modify_setting-api-e.patch of Package cobbler

From 9be7835c74346f36fde9e7c1b847cc2e6c209eec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
 <psuarezhernandez@suse.com>
Date: Fri, 10 Aug 2018 10:57:58 +0100
Subject: [PATCH] Check access token when calling 'modify_setting' API
 endpoint

---
 cobbler/remote.py | 2 ++
 1 file changed, 2 insertions(+)

Index: cobbler-2.6.6/cobbler/remote.py
===================================================================
--- cobbler-2.6.6.orig/cobbler/remote.py
+++ cobbler-2.6.6/cobbler/remote.py
@@ -863,6 +863,8 @@ class CobblerXMLRPCInterface:
     def modify_file(self,object_id,attribute,arg,token):
         return self.modify_item("file",object_id,attribute,arg,token)
     def modify_setting(self,setting_name,value,token):
+        self._log("modify_setting(%s)" % setting_name, token=token)
+        self.check_access(token, "modify_setting")
         try:
             self.api.settings().set(setting_name, value)
             return 0
openSUSE Build Service is sponsored by
Places