yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix upload permissions. Only allow iso/tmpl upload.

Browse Source
This commit is contained in:
Dietmar Maurer
2012-02-06 10:10:55 +01:00
parent 2494896aaa
commit 1f6610f386
1 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
PVE/API2/Storage/Status.pm
View File

@ -250,13 +250,15 @@ __PACKAGE__->register_method ({
$param->{timeframe}, $param->{cf}); $param->{timeframe}, $param->{cf});
}}); }});
# makes no sense for big images and backup files (because it
# create a copy of the file).
__PACKAGE__->register_method ({ __PACKAGE__->register_method ({
name => 'upload', name => 'upload',
path => '{storage}/upload', path => '{storage}/upload',
method => 'POST', method => 'POST',
description => "Upload file.", description => "Upload templates and ISO images.",
permissions => { permissions => {
check => ['perm', '/storage/{storage}', ['Datastore.AllocateSpace']], check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
}, },
protected => 1, protected => 1,
parameters => { parameters => {
@ -321,13 +323,8 @@ __PACKAGE__->register_method ({
raise_param_exc({ filename => "missing '.tar.gz' extension" }); raise_param_exc({ filename => "missing '.tar.gz' extension" });
} }
$path = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage}); $path = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage});
} elsif ($content eq 'backup') {
if ($filename !~ m!/([^/]+\.(tar|tgz))$!) {
raise_param_exc({ filename => "missing '.(tar|tgz)' extension" });
}
$path = PVE::Storage::get_backup_dir($cfg, $param->{storage});
} else { } else {
raise_param_exc({ content => "upload content type '$content' not implemented" }); raise_param_exc({ content => "upload content type '$content' not allowed" });
} }
die "storage '$param->{storage}' does not support '$content' content\n" die "storage '$param->{storage}' does not support '$content' content\n"