pingu_98/MrDraw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More hardening against invalid requests

Browse source 
See #2189
This commit is contained in:
Gina Häußge 2017-11-02 09:36:53 +01:00
parent 532ac0264d
commit 772ee76e76
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/octoprint/server/util/flask.py
View file

@ -1116,7 +1116,7 @@ def restricted_access(func):
def firstrun_only_access(func):
"""
If you decorate a view with this, it will ensure that first setup has _not_ been
done for OctoPrint's Access Control. Otherwise it
done for OctoPrint's Access Control. Otherwise it
will cause a HTTP 403 status code to be returned by the decorated resource.
"""
@functools.wraps(func)
@ -1211,6 +1211,9 @@ def get_json_command_from_request(request, valid_commands):
return None, None, make_response("Expected content-type JSON", 400)
data = request.json
if data is None:
return None, None, make_response("Expected content-type JSON", 400)
if not "command" in data.keys() or not data["command"] in valid_commands.keys():
return None, None, make_response("Expected valid command", 400)