Changeset 7749 in josm for trunk/src/org/openstreetmap/josm/io/remotecontrol

Timestamp:

2014-11-26T13:50:31+01:00 (9 years ago)

Author:

bastiK

Message:

remotecontrol /import: only allow whitelisted download tasks to be called from remotecontrol

Turned off import of session files for now.
I think it is not really an issue at the moment but as new features are added,
this may accidentally get overlooked.
E.g. any javascript execution with rhino engine as we currently do for loading of
preference snippets is a no-go.

In order to enable remotecontrol for a plugin download-task, override the method
isSafeForRemotecontrolRequests() in AbstractDownloadTask or derive from a
class that is already whitelisted (e.g. DownloadOsmTask).

File:

• trunk/src/org/openstreetmap/josm/io/remotecontrol/handler/ImportHandler.java (modified) (1 diff)

trunk/src/org/openstreetmap/josm/io/remotecontrol/handler/ImportHandler.java

@@ -125 +125 @@
         }
         // Find download tasks for the given URL
-        suitableDownloadTasks = Main.main.menu.openLocation.findDownloadTasks(urlString);
+        suitableDownloadTasks = Main.main.menu.openLocation.findDownloadTasks(urlString, true);
         if (suitableDownloadTasks.isEmpty()) {
             // It should maybe be better to reject the request in that case ?