Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

prevent usage of db._useDatabase() in HTTP requests

This commit is contained in:
Jan Steemann 2013-09-12 11:13:47 +02:00
parent 4a2626525c
commit 6bbfb65f7c
7 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
arangod/RestServer/ArangoServer.cpp
View File

@ -788,7 +788,7 @@ int ArangoServer::executeConsole (OperationMode::server_operation_mode_e mode) {
_applicationV8->start();
// enter V8 context
ApplicationV8::V8Context* context = _applicationV8->enterContext(vocbase, true);
ApplicationV8::V8Context* context = _applicationV8->enterContext(vocbase, true, true);
// .............................................................................
// execute everything with a global scope

4
arangod/V8Server/ApplicationV8.cpp
View File

@ -263,7 +263,8 @@ void ApplicationV8::skipUpgrade () {
////////////////////////////////////////////////////////////////////////////////
ApplicationV8::V8Context* ApplicationV8::enterContext (TRI_vocbase_s* vocbase,
bool initialise) {
bool initialise,
bool allowUseDatabase) {
CONDITION_LOCKER(guard, _contextCondition);
while (_freeContexts.empty() && ! _stopping) {
@ -307,6 +308,7 @@ ApplicationV8::V8Context* ApplicationV8::enterContext (TRI_vocbase_s* vocbase,
v8::HandleScope scope;
TRI_v8_global_t* v8g = (TRI_v8_global_t*) v8::Isolate::GetCurrent()->GetData();
v8g->_vocbase = vocbase;
v8g->_allowUseDatabase = allowUseDatabase;
return context;
}

7
arangod/V8Server/ApplicationV8.h
View File

@ -223,8 +223,9 @@ namespace triagens {
/// @brief enters an context
////////////////////////////////////////////////////////////////////////////////
V8Context* enterContext (TRI_vocbase_s* vocbase,
bool initialise);
V8Context* enterContext (TRI_vocbase_s*,
bool,
bool);
////////////////////////////////////////////////////////////////////////////////
/// @brief exists an context
@ -236,7 +237,7 @@ namespace triagens {
/// @brief adds a global context functions to be executed asap
////////////////////////////////////////////////////////////////////////////////
void addGlobalContextMethod (string const& method);
void addGlobalContextMethod (string const&);
////////////////////////////////////////////////////////////////////////////////
/// @brief runs the garbage collection

2
arangod/V8Server/v8-actions.cpp
View File

@ -126,7 +126,7 @@ class v8_action_t : public TRI_action_t {
////////////////////////////////////////////////////////////////////////////////
HttpResponse* execute (TRI_vocbase_t* vocbase, HttpRequest* request) {
ApplicationV8::V8Context* context = GlobalV8Dealer->enterContext(vocbase, false);
ApplicationV8::V8Context* context = GlobalV8Dealer->enterContext(vocbase, false, false);
// note: the context might be 0 in case of shut-down
if (context == 0) {

7
arangod/V8Server/v8-vocbase.cpp
View File

@ -7701,8 +7701,13 @@ static v8::Handle<v8::Value> JS_UseDatabase (v8::Arguments const& argv) {
TRI_V8_EXCEPTION_USAGE(scope, "db._useDatabase(<name>)");
}
const string name = TRI_ObjectToString(argv[0]);
TRI_v8_global_t* v8g = (TRI_v8_global_t*) v8::Isolate::GetCurrent()->GetData();
if (! v8g->_allowUseDatabase) {
TRI_V8_EXCEPTION(scope, TRI_ERROR_FORBIDDEN);
}
const string name = TRI_ObjectToString(argv[0]);
TRI_vocbase_t* vocbase = TRI_UseDatabaseServer((TRI_server_t*) v8g->_server, name.c_str());

3
lib/V8/v8-globals.cpp
View File

@ -111,7 +111,8 @@ TRI_v8_global_s::TRI_v8_global_s (v8::Isolate* isolate)
_currentTransaction(0),
_server(0),
_vocbase(0),
_loader(0)
_loader(0),
_allowUseDatabase(true)
{
v8::HandleScope scope;

6
lib/V8/v8-globals.h
View File

@ -638,6 +638,12 @@ typedef struct TRI_v8_global_s {
////////////////////////////////////////////////////////////////////////////////
void* _loader;
////////////////////////////////////////////////////////////////////////////////
/// @brief whether or not useDatabase() is allowed
////////////////////////////////////////////////////////////////////////////////
bool _allowUseDatabase;
}
TRI_v8_global_t;