Rev4188, Allow only white listed values for open_browser
This commit is contained in:
parent
c7822ed6e6
commit
155d8d4dfd
2 changed files with 7 additions and 2 deletions
|
@ -13,7 +13,7 @@ class Config(object):
|
|||
|
||||
def __init__(self, argv):
|
||||
self.version = "0.7.0"
|
||||
self.rev = 4187
|
||||
self.rev = 4188
|
||||
self.argv = argv
|
||||
self.action = None
|
||||
self.pending_changes = {}
|
||||
|
|
|
@ -1137,9 +1137,14 @@ class UiWebsocket(object):
|
|||
def actionConfigSet(self, to, key, value):
|
||||
import main
|
||||
if key not in config.keys_api_change_allowed:
|
||||
self.response(to, {"error": "Forbidden you cannot set this config key"})
|
||||
self.response(to, {"error": "Forbidden: You cannot set this config key"})
|
||||
return
|
||||
|
||||
if key == "open_browser":
|
||||
if value not in ["default_browser", "False"]:
|
||||
self.response(to, {"error": "Forbidden: Invalid value"})
|
||||
return
|
||||
|
||||
# Remove empty lines from lists
|
||||
if type(value) is list:
|
||||
value = [line for line in value if line]
|
||||
|
|
Loading…
Reference in a new issue