From 36852ff83e4f4eca89488b677ddd6b92efad047c Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Thu, 25 Jan 2024 13:54:22 +0100 Subject: [PATCH] auth API: reject priority element in record, closes #12657 --- docs/upgrading.rst | 7 +++++++ pdns/ws-auth.cc | 3 +++ 2 files changed, 10 insertions(+) diff --git a/docs/upgrading.rst b/docs/upgrading.rst index fb35e7a49e..1fce623997 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -49,6 +49,13 @@ Various custom queries have been renamed. Also, ``get-all-domains-query`` got an extra column for a zone's catalog assignment. +API changes +~~~~~~~~~~~ + +A long time ago (in version 3.4.2), the ``priority`` field was removed from record content in the HTTP API. +Starting with 4.9, API calls containing a ``priority`` field are actively rejected. +This makes it easier for users to detect they are attempting to use a very old API client. + any version to 4.8.x -------------------- diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 7cfaea4619..9c82d7dafa 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -591,6 +591,9 @@ static void gatherRecords(const Json& container, const DNSName& qname, const QTy const auto& items = container["records"].array_items(); for (const auto& record : items) { string content = stringFromJson(record, "content"); + if (record.object_items().count("priority") > 0) { + throw std::runtime_error("`priority` element is not allowed in record"); + } resourceRecord.disabled = false; if (!record["disabled"].is_null()) { resourceRecord.disabled = boolFromJson(record, "disabled"); -- 2.47.2