summaryrefslogtreecommitdiffstats
path: root/admin/WebConsole/rest/remotepc.php
diff options
context:
space:
mode:
authorramon <ramongomez@us.es>2017-09-26 12:12:00 +0000
committerramon <ramongomez@us.es>2017-09-26 12:12:00 +0000
commita237bd17a993f5d5e8efdc4f32fde7be990f633d (patch)
tree9b0c33bd42fcf3b85742e6f5f4e393f9a305a473 /admin/WebConsole/rest/remotepc.php
parent45cf7e5c36f2c63ccb8c5d5a9e2a7ed76c86126d (diff)
#708: Comprobar tipo de agente permitido para acceder a rutas REST de RemotePC.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@5435 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'admin/WebConsole/rest/remotepc.php')
-rw-r--r--admin/WebConsole/rest/remotepc.php12
1 files changed, 12 insertions, 0 deletions
diff --git a/admin/WebConsole/rest/remotepc.php b/admin/WebConsole/rest/remotepc.php
index 823608e7..650f0c69 100644
--- a/admin/WebConsole/rest/remotepc.php
+++ b/admin/WebConsole/rest/remotepc.php
@@ -55,6 +55,10 @@ $app->post('/ous/:ouid/images/:imageid/reserve(/)', 'validateApiKey',
if (!filter_var($maxtime, FILTER_VALIDATE_INT, $opts)) {
throw new Exception("Time must be positive integer (in hours)");
}
+ // Check for a valid remote agent.
+ if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT']))) {
+ throw new Exception("Bad agent: sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']);
+ }
} catch (Exception $e) {
// Communication error.
$response["message"] = $e->getMessage();
@@ -237,6 +241,10 @@ $app->post('/ous/:ouid/labs/:labid/clients/:clntid/events', 'validateApiKey',
if (!filter_var($urlLogout, FILTER_VALIDATE_URL)) {
throw new Exception("Must be a valid URL for logout notification");
}
+ // Check for a valid remote agent.
+ if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT']))) {
+ throw new Exception("Bad agent: sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']);
+ }
} catch (Exception $e) {
// Error message.
$response["message"] = $e->getMessage();
@@ -312,6 +320,10 @@ $app->delete('/ous/:ouid/labs/:labid/clients/:clntid/unreserve', 'validateApiKey
if (!checkIds($ouid, $labid, $clntid)) {
throw new Exception("Ids. must be positive integers");
}
+ // Check for a valid remote agent.
+ if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT']))) {
+ throw new Exception("Bad agent: sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']);
+ }
} catch (Exception $e) {
// Error message.
$response["message"] = $e->getMessage();