mirror of
https://github.com/qbittorrent/qBittorrent
synced 2025-07-13 08:43:08 -07:00
parent
17d40855d2
commit
aa6b29fe7e
2 changed files with 31 additions and 0 deletions
|
@ -251,9 +251,11 @@ void WebApplication::doProcessRequest()
|
|||
const QString action = match.captured(u"action"_qs);
|
||||
const QString scope = match.captured(u"scope"_qs);
|
||||
|
||||
// Check public/private scope
|
||||
if (!session() && !isPublicAPI(scope, action))
|
||||
throw ForbiddenHTTPError();
|
||||
|
||||
// Find matching API
|
||||
APIController *controller = nullptr;
|
||||
if (session())
|
||||
controller = session()->getAPIController(scope);
|
||||
|
@ -265,6 +267,20 @@ void WebApplication::doProcessRequest()
|
|||
throw NotFoundHTTPError();
|
||||
}
|
||||
|
||||
// Filter HTTP methods
|
||||
const auto allowedMethodIter = m_allowedMethod.find({scope, action});
|
||||
if (allowedMethodIter == m_allowedMethod.end())
|
||||
{
|
||||
// by default allow both GET, POST methods
|
||||
if ((m_request.method != Http::METHOD_GET) && (m_request.method != Http::METHOD_POST))
|
||||
throw MethodNotAllowedHTTPError();
|
||||
}
|
||||
else
|
||||
{
|
||||
if (*allowedMethodIter != m_request.method)
|
||||
throw MethodNotAllowedHTTPError();
|
||||
}
|
||||
|
||||
DataMap data;
|
||||
for (const Http::UploadedFile &torrent : request().files)
|
||||
data[torrent.filename] = torrent.data;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue