From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 11 Aug 2015 14:58:32 +0000 (+0100)
Subject: Allow getting of password from query string.
X-Git-Tag: 1.0.0~207
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5cbc5af2699a17d2a6cf254ab79244d8061cd26;p=thirdparty%2Frspamd.git

Allow getting of password from query string.
---

diff --git a/src/controller.c b/src/controller.c
index 140b0b46b4..c2dda4863e 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -294,6 +294,8 @@ static gboolean rspamd_controller_check_password(
 {
 	const gchar *check;
 	const GString *password;
+	GString lookup;
+	GHashTable *query_args = NULL;
 	struct rspamd_controller_worker_ctx *ctx = session->ctx;
 	gboolean check_normal = TRUE, check_enable = TRUE, ret = TRUE;
 	const struct rspamd_controller_pbkdf *pbkdf = NULL;
@@ -315,6 +317,21 @@ static gboolean rspamd_controller_check_password(
 	password = rspamd_http_message_find_header (msg, "Password");
 
 	if (password == NULL) {
+		/* Try to get password from query args */
+		query_args = rspamd_http_message_parse_query (msg);
+
+		lookup.str = (gchar *)"password";
+		lookup.len = sizeof ("password") - 1;
+
+		password = g_hash_table_lookup (query_args, &lookup);
+	}
+
+	if (password == NULL) {
+
+		if (query_args != NULL) {
+			g_hash_table_unref (query_args);
+		}
+
 		if (ctx->secure_map == NULL) {
 			if (ctx->password == NULL && !is_enable) {
 				return TRUE;
@@ -392,6 +409,10 @@ static gboolean rspamd_controller_check_password(
 		}
 	}
 
+	if (query_args != NULL) {
+		g_hash_table_unref (query_args);
+	}
+
 	if (check_normal == FALSE && check_enable == FALSE) {
 		msg_info("absent or incorrect password has been specified");
 		ret = FALSE;