gharris999;474200 Wrote: > Yes, I've been thinking of this issue too. I think you'd have to have a > way of limiting the allowable cli command requests to a whitelisted > "safe" subset.
I have a hard time imagining what commands would be safe. Perhaps the handler could look at the URL for the current playlist and default to only accepting cli:// URLs from playlists with file:// URLs referring to the local host (no http addresses, no UNC paths, etc.)? I think it's possible to determine the playlist that's being used. I pushed an updated KidsPlay to my testing area, directory http://www.tux.org/~peterw/slim/slim7/TESTING/KidsPlay/ and repo URL http://www.tux.org/~peterw/slim/slim7/repodata-test.xml that - supports "\" as an escape char (for escaping " and ; -- use \\ to include \ itself - allows a player to be specified by plain MAC (*00:04:20:11:22:33 power 1*) or with the colon that KidsPlay used to insist on (*00:04:20:11:22:33: power 1*) -- and also supports name + ":", "ALL:", and "OTHERS:" - has some routines you can grab for getting arrays of arrays -- look for the "macro-parsing routines" comments before and after -- for getCommands(), makePlayerList(), parseFields(), splitLines(), and getClientByName(). They're not optimized, but they work. Comments before getCommands() explain what the array of arrays looks like. You should be able to pass undef for $client if you don't know the client -- you'll end up with undef for the calling client, and undef for the context client for any command that doesn't specify something with MAC, name, ALL, or OTHERS. Please let me know how that works for you. You'll have to look elsewhere in the code to see how I use the task scheduler API -- look for processCommandFromQueue(), addToQueue(), etc. -- peterw http://www.tux.org/~peterw/ free plugins: http://www.tux.org/~peterw/#slim AllQuiet BlankSaver ContextMenu FuzzyTime KidsPlay KitchenTimer PlayLog PowerCenter/BottleRocket SaverSwitcher SettingsManager SleepFade StatusFirst SyncOptions VolumeLock ------------------------------------------------------------------------ peterw's Profile: http://forums.slimdevices.com/member.php?userid=2107 View this thread: http://forums.slimdevices.com/showthread.php?t=48521 _______________________________________________ plugins mailing list plugins@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/plugins
