Committer: afedorov
LJSUP-7336: Antispam: prono-promotionU trunk/htdocs/sup/rpc_interface.bml
Modified: trunk/htdocs/sup/rpc_interface.bml =================================================================== --- trunk/htdocs/sup/rpc_interface.bml 2010-11-13 10:51:18 UTC (rev 9704) +++ trunk/htdocs/sup/rpc_interface.bml 2010-11-13 10:56:10 UTC (rev 9705) @@ -44,6 +44,14 @@ } } + my $match = sub { + my ($action, $tc) = @_; + return 1 if $tc eq '*'; + return 1 if $action eq $tc; + return 1 if substr($tc, -3) eq '::*' && substr($tc, 0, length($tc)-1) eq substr($action, 0, length($tc)-1); + return 0; + }; + # verify access if( !$trusted_commands ){ return "unauthorized request" @@ -53,11 +61,10 @@ foreach my $tc (@$trusted_commands) { ## $trusted_command is either full command name or template like 'jabber::*' ## $action is full command name, e.g. 'jabber::get_roster_by_jid' - if ($action eq $tc || - substr($tc, -3) eq '::*' && substr($tc, 0, length($tc)-1) eq substr($action, 0, length($tc)-1) - ){ + if ( $match->($action, $tc) ) { $is_allowed = 1; - last; + } elsif ( $tc =~ /^-(.*)$/ && $match->($action, $1) ) { + $is_allowed = 0; } } return "command_not_allowed" unless $is_allowed;