[pve-devel] [PATCH manager 2/3] check auth for disk image upload url

Timo Grodzinski Mon, 15 Feb 2016 05:31:00 -0800

Signed-off-by: Timo Grodzinski <t.grodzin...@profihost.ag>
---
 PVE/REST.pm | 4 ++++
 1 file changed, 4 insertions(+)


diff --git a/PVE/REST.pm b/PVE/REST.pm
index bf7ce15..b3d546a 100644
--- a/PVE/REST.pm
+++ b/PVE/REST.pm
@@ -107,6 +107,10 @@ sub auth_handler {
            $isUpload = 1;
        }
 
+       if ($method eq 'POST' && $rel_uri =~ 
m|^/nodes/([^/]+)/qemu/([^/]+)/upload_image$|) {
+           $isUpload = 1;
+       }
+
        # we skip CSRF check for file upload, because it is
        # difficult to pass CSRF HTTP headers with native html forms,
        # and it should not be necessary at all.
-- 
2.1.4

_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH manager 2/3] check auth for disk image upload url

Reply via email to