https://src.bluestatic.org / armadillo.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3ddc812)
Make sure all service routines are accessed via POST
authorRobert Sesek <rsesek@bluestatic.org>
Sat, 13 Oct 2012 22:48:13 +0000 (18:48 -0400)
committerRobert Sesek <rsesek@bluestatic.org>
Sat, 13 Oct 2012 22:48:13 +0000 (18:48 -0400)
server/server.go patch | blob | history

diff --git a/server/server.go b/server/server.go
index af5c2360b67acfe81258ddd72450dca704d4b008..1cc52ab25852950d9bb87aab21994ee6a335dcc8 100644 (file)
--- a/server/server.go
+++ b/server/server.go
@@ -48,6 +48,10 @@ func indexHandler(rw http.ResponseWriter, request *http.Request) {
 }
 
 func listService(rw http.ResponseWriter, req *http.Request) {
+       if !requestIsPOST(rw, req) {
+               return
+       }
+
        files, err := ListPath(req.FormValue("path"))
        if err != nil {
                httpError(rw, err.Error(), http.StatusNotFound)
@@ -57,6 +61,10 @@ func listService(rw http.ResponseWriter, req *http.Request) {
 }
 
 func removeService(rw http.ResponseWriter, req *http.Request) {
+       if !requestIsPOST(rw, req) {
+               return
+       }
+
        err := RemovePath(req.FormValue("path"))
        if err != nil {
                httpError(rw, err.Error(), http.StatusNotFound)
@@ -69,6 +77,10 @@ func removeService(rw http.ResponseWriter, req *http.Request) {
 }
 
 func moveService(rw http.ResponseWriter, req *http.Request) {
+       if !requestIsPOST(rw, req) {
+               return
+       }
+
        source := req.FormValue("source")
        target := req.FormValue("target")
        err := MovePath(source, target)
@@ -84,6 +96,10 @@ func moveService(rw http.ResponseWriter, req *http.Request) {
 }
 
 func mkdirService(rw http.ResponseWriter, req *http.Request) {
+       if !requestIsPOST(rw, req) {
+               return
+       }
+
        path := req.FormValue("path")
        err := MakeDir(path)
        if err != nil {
@@ -98,6 +114,10 @@ func mkdirService(rw http.ResponseWriter, req *http.Request) {
 }
 
 func tvRenameService(rw http.ResponseWriter, req *http.Request) {
+       if !requestIsPOST(rw, req) {
+               return
+       }
+
        newPath, err := RenameTVEpisode(req.FormValue("path"))
        if err != nil {
                httpError(rw, err.Error(), http.StatusBadRequest)
@@ -141,6 +161,14 @@ func okResponse(rw http.ResponseWriter, data interface{}) {
        }
 }
 
+func requestIsPOST(rw http.ResponseWriter, req *http.Request) bool {
+       if req.Method != "POST" {
+               httpError(rw, "Service requests must be sent via POST", http.StatusMethodNotAllowed)
+               return false
+       }
+       return true
+}
+
 func RunBackEnd(c *config.Configuration) {
        gConfig = c
 
A web-based file manager that allows you to manage a file system from your browser.