首页 发现 帮助
注册 登录
Apq
/
sftpgo
镜像自地址 https://github.com/drakkan/sftpgo.git
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

command actions: restrict passing env vars

Signed-off-by: Nicola Murino <[email protected]>
Nicola Murino 9 月之前
父节点
b347ab6051
当前提交
631efc2b00
共有 3 个文件被更改,包括 3 次插入3 次删除
分列视图 显示文件统计
  1. 1 1
      internal/common/eventmanager.go
  2. 1 1
      static/locales/en/translation.json
  3. 1 1
      static/locales/it/translation.json

+ 1 - 1
internal/common/eventmanager.go
查看文件 

@@ -1519,7 +1519,7 @@ func executeCommandRuleAction(c dataprovider.EventActionCommandConfig, params *E
 
 	cmd := exec.CommandContext(ctx, c.Cmd, args...)
 
 	cmd.Env = []string{}
 
 	for _, keyVal := range c.EnvVars {
 
-		if keyVal.Value == "$" {
 
+		if keyVal.Value == "$" && !strings.HasPrefix(strings.ToUpper(keyVal.Key), "SFTPGO_") {
 
 			val := os.Getenv(keyVal.Key)
 
 			if val == "" {
 
 				eventManagerLog(logger.LevelDebug, "empty value for environment variable %q", keyVal.Key)

+ 1 - 1
static/locales/en/translation.json
查看文件 

@@ -977,7 +977,7 @@
 
         "command_help": "Absolute path of the command to execute",
 
         "command_args": "Arguments",
 
         "command_args_help": "Comma separated command arguments. Placeholders are supported",
 
-        "command_env_vars_help": "Placeholders are supported in values. Setting the name to \"$\" without quotes means retrieving the value from the environment",
 
+        "command_env_vars_help": "Placeholders are supported in values. Setting the value to \"$\" without quotes means retrieving the key from the environment excluding keys starting with SFTPGO_",
 
         "email_recipients": "To",
 
         "email_recipients_help": "Comma separated recipients. Placeholders are supported",
 
         "email_bcc": "Bcc",

+ 1 - 1
static/locales/it/translation.json
查看文件 

@@ -977,7 +977,7 @@
 
         "command_help": "Percorso assoluto del comando da eseguire",
 
         "command_args": "Argomenti",
 
         "command_args_help": "Argomenti del comando separati da virgole. I segnaposto sono supportati",
 
-        "command_env_vars_help": "I segnaposto sono supportati nei valori. Impostare il nome su \"$\" senza virgolette significa recuperare il valore dall'ambiente",
 
+        "command_env_vars_help": "I segnaposto sono supportati nei valori. Impostare il valore su \"$\" senza virgolette significa recuperare il nome dall'ambiente ad esclusione dei nomi che iniziano con SFTPGO_",
 
         "email_recipients": "A",
 
         "email_recipients_help": "Destinatari separati da virgole. I segnaposto sono supportati",
 
         "email_bcc": "Ccn",