Commit c598d9e1 authored by Dietmar Maurer's avatar Dietmar Maurer

fix file upload permission checks

parent 598cccb5
......@@ -321,10 +321,9 @@ sub rest_handler {
if ($method eq 'POST' && $rel_uri =~ m|^/nodes/([^/]+)/storage/([^/]+)/upload$|) {
my ($node, $storeid) = ($1, $2);
my $perm = {
path => "/storage/$storeid",
privs => [ 'Datastore.AllocateSpace' ],
};
# we disable CSRF checks if $isUpload is set,
# to improve security we check user upload permission here
my $perm = { check => ['perm', "/storage/$storeid", ['Datastore.AllocateTemplate']] };
$rpcenv->check_api2_permissions($perm, $username, {});
$isUpload = 1;
}
......
pve-manager (2.0-33) unstable; urgency=low
* fix file upload permission checks
-- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 09:14:05 +0100
pve-manager (2.0-32) unstable; urgency=low
* added French translation
......
......@@ -2,7 +2,7 @@ RELEASE=2.0
VERSION=2.0
PACKAGE=pve-manager
PACKAGERELEASE=32
PACKAGERELEASE=33
BINDIR=${DESTDIR}/usr/bin
PERLLIBDIR=${DESTDIR}/usr/share/perl5
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment