diff options
| author | Christian Pointner <equinox@helsinki.at> | 2015-12-17 13:12:53 (GMT) |
|---|---|---|
| committer | Christian Pointner <equinox@helsinki.at> | 2015-12-17 13:12:53 (GMT) |
| commit | df18aa673e1dd90133b4d5b2381773b017fef729 (patch) | |
| tree | bd4f4d2acbeb2cc4b796547395e968ba7889442e | |
| parent | 67e786d43bc65dad5c0ffe816af08c19e7f55c40 (diff) | |
added sanity checks for listdropboxes.cgi
| -rwxr-xr-x | rh-bin/listdropboxes.cgi | 38 | ||||
| -rwxr-xr-x | rh-bin/musicgrid.cgi | 3 |
2 files changed, 26 insertions, 15 deletions
diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi index cb608f4..39270e6 100755 --- a/rh-bin/listdropboxes.cgi +++ b/rh-bin/listdropboxes.cgi @@ -36,24 +36,32 @@ my $q = CGI->new; my $username = $q->param('LOGIN_NAME'); my $token = $q->param('PASSWORD'); -(my $ctx, $status, $errorstring) = RHRD::rddb::init(); -if(defined $ctx) { - my $result; - ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token); - if($result == 1) { - $responsecode = 200; - @dropboxes = RHRD::rddb::get_dropboxes($ctx, $username); - if(!defined $dropboxes[0] && defined $dropboxes[1]) { +if(!defined $username) { + $responsecode = 400; + $errorstring = "mandatory field LOGIN_NAME is missing" +} elsif(!defined $token) { + $responsecode = 400; + $errorstring = "mandatory field PASSWORD is missing" +} else { + (my $ctx, $status, $errorstring) = RHRD::rddb::init(); + if(defined $ctx) { + my $result; + ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token); + if($result == 1) { + $responsecode = 200; + @dropboxes = RHRD::rddb::get_dropboxes($ctx, $username); + if(!defined $dropboxes[0] && defined $dropboxes[1]) { + $responsecode = 500; + $status = $dropboxes[1]; + $errorstring = $dropboxes[2]; + } + } elsif($result == 0) { + $responsecode = 401; + } else { $responsecode = 500; - $status = $dropboxes[1]; - $errorstring = $dropboxes[2]; } - } elsif($result == 0) { - $responsecode = 401; - } else { - $responsecode = 500; + RHRD::rddb::destroy($ctx); } - RHRD::rddb::destroy($ctx); } print "Content-type: application/xml; charset=UTF-8\n"; diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi index 6e18e7e..1ec5313 100755 --- a/rh-bin/musicgrid.cgi +++ b/rh-bin/musicgrid.cgi @@ -35,6 +35,9 @@ my @clocks = (); my $q = CGI->new; my $username = $q->param('LOGIN_NAME'); my $token = $q->param('PASSWORD'); +my $command = $q->param('PASSWORD'); + +if(!defined $command (my $ctx, $status, $errorstring) = RHRD::rddb::init(); if(defined $ctx) { |