[pve-devel] [PATCH manager 2/3] check auth for disk image upload url

Timo Grodzinski t.grodzinski at profihost.ag
Mon Feb 15 14:29:53 CET 2016


Signed-off-by: Timo Grodzinski <t.grodzinski at profihost.ag>
---
 PVE/REST.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/PVE/REST.pm b/PVE/REST.pm
index bf7ce15..b3d546a 100644
--- a/PVE/REST.pm
+++ b/PVE/REST.pm
@@ -107,6 +107,10 @@ sub auth_handler {
 	    $isUpload = 1;
 	}
 
+	if ($method eq 'POST' && $rel_uri =~ m|^/nodes/([^/]+)/qemu/([^/]+)/upload_image$|) {
+	    $isUpload = 1;
+	}
+
 	# we skip CSRF check for file upload, because it is
 	# difficult to pass CSRF HTTP headers with native html forms,
 	# and it should not be necessary at all.
-- 
2.1.4




More information about the pve-devel mailing list