Public/fhem-mirror
1
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-05-04 22:19:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

FHEMWEB: allowedCommands attribute from justme1968

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk/fhem@4829 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2014-02-07 07:27:47 +00:00
parent 218e3f648a
commit 773bc05c40
2 changed files with 37 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
FHEM/01_FHEMWEB.pm
View File

@ -118,6 +118,7 @@ FHEMWEB_Initialize($)
CORS:0,1 CORS:0,1
HTTPS:1,0 HTTPS:1,0
SVGcache:1,0 SVGcache:1,0
allowedCommands
allowfrom allowfrom
basicAuth basicAuth
basicAuthMsg basicAuthMsg
@ -1491,6 +1492,8 @@ FW_style($$)
my ($cmd, $msg) = @_; my ($cmd, $msg) = @_;
my @a = split(" ", $cmd); my @a = split(" ", $cmd);
return if( AttrVal($FW_wname,"allowedCommands","") !~ m/\b$a[0]\b/);
my $start = "<div id=\"content\"><table><tr><td>"; my $start = "<div id=\"content\"><table><tr><td>";
my $end = "</td></tr></table></div>"; my $end = "</td></tr></table></div>";
@ -1769,9 +1772,11 @@ FW_fC($@)
my ($cmd, $unique) = @_; my ($cmd, $unique) = @_;
my $ret; my $ret;
if($unique) { if($unique) {
$ret = AnalyzeCommand($FW_chash, $cmd); $ret = AnalyzeCommand($FW_chash, $cmd,
AttrVal($FW_wname,"allowedCommands",undef));
} else { } else {
$ret = AnalyzeCommandChain($FW_chash, $cmd); $ret = AnalyzeCommandChain($FW_chash, $cmd,
AttrVal($FW_wname,"allowedCommands",undef));
} }
return $ret; return $ret;
} }
@ -2565,6 +2570,24 @@ FW_ActivateInform()
<br> <br>
</li> </li>
<a name="allowedCommands"></a>
<li>allowedCommands<br>
A comma separated list of commands allowed from this FHEMWEB
instance.<br> If set to an empty list <code>, (i.e. comma only)</code>
then this FHEMWEB instance will be read-only.<br> If set to
<code>get,set</code>, then this FHEMWEB instance will only allow
regular usage of the frontend by clicking the icons/buttons/sliders but
not changing any configuration.<br>
This attribute intended to be used together with hiddenroom/hiddengroup
<br>
<b>Note:</b>allowedCommands should work as intended, but no guarantee
can be given that there is no way to circumvent it. If a command is
allowed it can be issued by URL manipulation also for devices that are
hidden.</li><br>
<li><a href="#allowfrom">allowfrom</a></li> <li><a href="#allowfrom">allowfrom</a></li>
</li><br> </li><br>
@ -2614,7 +2637,7 @@ FW_ActivateInform()
Comma separated list of rooms to "hide", i.e. not to show. Special Comma separated list of rooms to "hide", i.e. not to show. Special
values are input, detail and save, in which case the input areas, link values are input, detail and save, in which case the input areas, link
to the detailed views or save button is hidden (although each aspect to the detailed views or save button is hidden (although each aspect
still can be addressed through url manipulation).<br> still can be addressed through URL manipulation).<br>
The list can also contain values from the additional "Howto/Wiki/FAQ" The list can also contain values from the additional "Howto/Wiki/FAQ"
block. block.
</li> </li>

18
fhem.pl
View File

@ -40,8 +40,8 @@ use Time::HiRes qw(gettimeofday);
# Forward declarations # Forward declarations
# #
sub AddDuplicate($$); sub AddDuplicate($$);
sub AnalyzeCommand($$); sub AnalyzeCommand($$;$);
sub AnalyzeCommandChain($$); sub AnalyzeCommandChain($$;$);
sub AnalyzeInput($); sub AnalyzeInput($);
sub AnalyzePerlCommand($$); sub AnalyzePerlCommand($$);
sub AssignIoPort($;$); sub AssignIoPort($;$);
@ -728,9 +728,9 @@ CommandIOWrite($$)
##################################### #####################################
# i.e. split a line by ; (escape ;;), and execute each # i.e. split a line by ; (escape ;;), and execute each
sub sub
AnalyzeCommandChain($$) AnalyzeCommandChain($$;$)
{ {
my ($c, $cmd) = @_; my ($c, $cmd, $allowed) = @_;
my @ret; my @ret;
if($cmd =~ m/^[ \t]*(#.*)?$/) { # Save comments if($cmd =~ m/^[ \t]*(#.*)?$/) { # Save comments
@ -753,7 +753,7 @@ AnalyzeCommandChain($$)
my $subcmd; my $subcmd;
while(defined($subcmd = shift @cmdList)) { while(defined($subcmd = shift @cmdList)) {
$subcmd =~ s/SeMiCoLoN/;/g; $subcmd =~ s/SeMiCoLoN/;/g;
my $lret = AnalyzeCommand($c, $subcmd); my $lret = AnalyzeCommand($c, $subcmd, $allowed);
push(@ret, $lret) if(defined($lret)); push(@ret, $lret) if(defined($lret));
} }
@cmdList = @saveCmdList; @cmdList = @saveCmdList;
@ -803,9 +803,9 @@ AnalyzePerlCommand($$)
} }
sub sub
AnalyzeCommand($$) AnalyzeCommand($$;$)
{ {
my ($cl, $cmd) = @_; my ($cl, $cmd, $allowed) = @_;
$cmd =~ s/^(\n|[ \t])*//;# Strip space or \n at the begginning $cmd =~ s/^(\n|[ \t])*//;# Strip space or \n at the begginning
$cmd =~ s/[ \t]*$//; $cmd =~ s/[ \t]*$//;
@ -814,10 +814,12 @@ AnalyzeCommand($$)
return undef if(!$cmd); return undef if(!$cmd);
if($cmd =~ m/^{.*}$/s) { # Perl code if($cmd =~ m/^{.*}$/s) { # Perl code
return( "Forbidden command $cmd." ) if( $allowed && $allowed !~ m/\bperl\b/ );
return AnalyzePerlCommand($cl, $cmd); return AnalyzePerlCommand($cl, $cmd);
} }
if($cmd =~ m/^"(.*)"$/s) { # Shell code in bg, to be able to call us from it if($cmd =~ m/^"(.*)"$/s) { # Shell code in bg, to be able to call us from it
return( "Forbidden command $cmd." ) if( $allowed && $allowed !~ m/\bshell\b/ );
if($evalSpecials) { if($evalSpecials) {
map { $ENV{substr($_,1)} = $evalSpecials->{$_}; } keys %{$evalSpecials}; map { $ENV{substr($_,1)} = $evalSpecials->{$_}; } keys %{$evalSpecials};
} }
@ -849,6 +851,8 @@ AnalyzeCommand($$)
$fn = $cmds{$fn}{ReplacedBy} $fn = $cmds{$fn}{ReplacedBy}
if(defined($cmds{$fn}) && defined($cmds{$fn}{ReplacedBy})); if(defined($cmds{$fn}) && defined($cmds{$fn}{ReplacedBy}));
return( "Forbidden command $fn." ) if( $allowed && $allowed !~ m/\b$fn\b/ );
############# #############
# autoload commands. # autoload commands.
if(!defined($cmds{$fn}) || !defined($cmds{$fn}{Fn})) { if(!defined($cmds{$fn}) || !defined($cmds{$fn}{Fn})) {