ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent editing of system config entries through the api

pull/3494/head
Isaac Connor 2022-05-27 10:20:33 -04:00
parent 55f50d93a8
commit 74aab0a76e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/api/app/Controller/ConfigsController.php
View File

@ -86,6 +86,11 @@ class ConfigsController extends AppController {
throw new NotFoundException(__('Invalid config')); throw new NotFoundException(__('Invalid config'));
} }
if ($this->request->is(array('post', 'put'))) { if ($this->request->is(array('post', 'put'))) {
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => $id));
$config = $this->Config->find('first', $options);
if ($config['Config']['System']) {
throw new ForbiddenException(__('Cannot edit a system Config entry. Must be changed in /etc/zm/zm.conf'));
}
if ($this->Config->save($this->request->data)) { if ($this->Config->save($this->request->data)) {
return $this->flash(__('The config has been saved.'), array('action' => 'index')); return $this->flash(__('The config has been saved.'), array('action' => 'index'));
} }