diff options
author | ramon <ramongomez@us.es> | 2017-09-26 12:12:00 +0000 |
---|---|---|
committer | ramon <ramongomez@us.es> | 2017-09-26 12:12:00 +0000 |
commit | a237bd17a993f5d5e8efdc4f32fde7be990f633d (patch) | |
tree | 9b0c33bd42fcf3b85742e6f5f4e393f9a305a473 /admin/WebConsole/rest/remotepc.php | |
parent | 45cf7e5c36f2c63ccb8c5d5a9e2a7ed76c86126d (diff) |
#708: Comprobar tipo de agente permitido para acceder a rutas REST de RemotePC.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@5435 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'admin/WebConsole/rest/remotepc.php')
-rw-r--r-- | admin/WebConsole/rest/remotepc.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/admin/WebConsole/rest/remotepc.php b/admin/WebConsole/rest/remotepc.php index 823608e7..650f0c69 100644 --- a/admin/WebConsole/rest/remotepc.php +++ b/admin/WebConsole/rest/remotepc.php @@ -55,6 +55,10 @@ $app->post('/ous/:ouid/images/:imageid/reserve(/)', 'validateApiKey', if (!filter_var($maxtime, FILTER_VALIDATE_INT, $opts)) { throw new Exception("Time must be positive integer (in hours)"); } + // Check for a valid remote agent. + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT']))) { + throw new Exception("Bad agent: sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); + } } catch (Exception $e) { // Communication error. $response["message"] = $e->getMessage(); @@ -237,6 +241,10 @@ $app->post('/ous/:ouid/labs/:labid/clients/:clntid/events', 'validateApiKey', if (!filter_var($urlLogout, FILTER_VALIDATE_URL)) { throw new Exception("Must be a valid URL for logout notification"); } + // Check for a valid remote agent. + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT']))) { + throw new Exception("Bad agent: sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); + } } catch (Exception $e) { // Error message. $response["message"] = $e->getMessage(); @@ -312,6 +320,10 @@ $app->delete('/ous/:ouid/labs/:labid/clients/:clntid/unreserve', 'validateApiKey if (!checkIds($ouid, $labid, $clntid)) { throw new Exception("Ids. must be positive integers"); } + // Check for a valid remote agent. + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT']))) { + throw new Exception("Bad agent: sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); + } } catch (Exception $e) { // Error message. $response["message"] = $e->getMessage(); |