diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2016-01-26 21:31:33 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2016-01-26 21:31:33 +0000 |
commit | f07c0121840ce6b42ae7f77144e5da1321c21c35 (patch) | |
tree | 6b2f54574bbde9d1dde46a127e673befe2345dbd /scheduler/client.c | |
parent | f76916f6e3d14cc46c09e9f38eadfe0100b9a7f1 (diff) | |
download | cups-f07c0121840ce6b42ae7f77144e5da1321c21c35.tar.gz |
Fix access to resource files when the web interface was disabled (STR #4755)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@13060 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'scheduler/client.c')
-rw-r--r-- | scheduler/client.c | 58 |
1 files changed, 21 insertions, 37 deletions
diff --git a/scheduler/client.c b/scheduler/client.c index ae998e27f..ec5d78044 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1156,29 +1156,28 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ break; } } - else if (!WebInterface) - { - /* - * Web interface is disabled. Show an appropriate message... - */ - - if (!cupsdSendError(con, HTTP_STATUS_CUPS_WEBIF_DISABLED, CUPSD_AUTH_NONE)) - { - cupsdCloseClient(con); - return; - } - - break; - } - if ((!strncmp(con->uri, "/admin", 6) && - strncmp(con->uri, "/admin/conf/", 12) && - strncmp(con->uri, "/admin/log/", 11)) || + if ((!strncmp(con->uri, "/admin", 6) && strcmp(con->uri, "/admin/conf/cupsd.conf") && strncmp(con->uri, "/admin/log/", 11)) || !strncmp(con->uri, "/printers", 9) || !strncmp(con->uri, "/classes", 8) || !strncmp(con->uri, "/help", 5) || !strncmp(con->uri, "/jobs", 5)) { + if (!WebInterface) + { + /* + * Web interface is disabled. Show an appropriate message... + */ + + if (!cupsdSendError(con, HTTP_STATUS_CUPS_WEBIF_DISABLED, CUPSD_AUTH_NONE)) + { + cupsdCloseClient(con); + return; + } + + break; + } + /* * Send CGI output... */ @@ -1245,20 +1244,14 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ if (httpGetVersion(con->http) <= HTTP_VERSION_1_0) httpSetKeepAlive(con->http, HTTP_KEEPALIVE_OFF); } - else if ((!strncmp(con->uri, "/admin/conf/", 12) && - (strchr(con->uri + 12, '/') || - strlen(con->uri) == 12)) || - (!strncmp(con->uri, "/admin/log/", 11) && - (strchr(con->uri + 11, '/') || - strlen(con->uri) == 11))) + else if (!strncmp(con->uri, "/admin/log/", 11) && (strchr(con->uri + 11, '/') || strlen(con->uri) == 11)) { /* * GET can only be done to configuration files directly under * /admin/conf... */ - cupsdLogClient(con, CUPSD_LOG_ERROR, - "Request for subdirectory \"%s\"!", con->uri); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Request for subdirectory \"%s\".", con->uri); if (!cupsdSendError(con, HTTP_STATUS_FORBIDDEN, CUPSD_AUTH_NONE)) { @@ -1396,9 +1389,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ break; } - else if ((!strncmp(con->uri, "/admin", 6) && - strncmp(con->uri, "/admin/conf/", 12) && - strncmp(con->uri, "/admin/log/", 11)) || + else if ((!strncmp(con->uri, "/admin", 6) && strncmp(con->uri, "/admin/log/", 11)) || !strncmp(con->uri, "/printers", 9) || !strncmp(con->uri, "/classes", 8) || !strncmp(con->uri, "/help", 5) || @@ -1648,9 +1639,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ break; } - if ((!strncmp(con->uri, "/admin", 6) && - strncmp(con->uri, "/admin/conf/", 12) && - strncmp(con->uri, "/admin/log/", 11)) || + if ((!strncmp(con->uri, "/admin", 6) && strcmp(con->uri, "/admin/conf/cupsd.conf") && strncmp(con->uri, "/admin/log/", 11)) || !strncmp(con->uri, "/printers", 9) || !strncmp(con->uri, "/classes", 8) || !strncmp(con->uri, "/help", 5) || @@ -1670,12 +1659,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ cupsdLogRequest(con, HTTP_STATUS_OK); } - else if ((!strncmp(con->uri, "/admin/conf/", 12) && - (strchr(con->uri + 12, '/') || - strlen(con->uri) == 12)) || - (!strncmp(con->uri, "/admin/log/", 11) && - (strchr(con->uri + 11, '/') || - strlen(con->uri) == 11))) + else if (!strncmp(con->uri, "/admin/log/", 11) && (strchr(con->uri + 11, '/') || strlen(con->uri) == 11)) { /* * HEAD can only be done to configuration files under |