Module: check_mk Branch: master Commit: e5d3f7ead2918668a8dd75cc99223ee861f3c6a0 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e5d3f7ead29186… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Sep 17 11:26:19 2018 +0200 Addition to #4682: Prevent use of given command in wato_ajax_diag_host.py Change-Id: I5a7e51999c12d69b2a13271ddc5757e7dd5c35a8 --- cmk/gui/wato/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmk/gui/wato/__init__.py b/cmk/gui/wato/__init__.py index 4413e06..97a05ad 100644 --- a/cmk/gui/wato/__init__.py +++ b/cmk/gui/wato/__init__.py @@ -3186,9 +3186,12 @@ class ModeAjaxDiagHost(WatoWebApiMode): 'snmp_timeout', 'snmp_retries', 'tcp_connect_timeout', - 'datasource_program' ]): + ]): args[idx] = request.get(what, "") + if config.user.may('wato.add_or_modify_executables'): + args[6] = request.get("datasource_program", "") + if request.get("snmpv3_use"): snmpv3_use = { "0": "noAuthNoPriv", "1": "authNoPriv",