diff --git a/fhem/FHEM/98_telnet.pm b/fhem/FHEM/98_telnet.pm
index d7a6bb1ae..19db579a3 100644
--- a/fhem/FHEM/98_telnet.pm
+++ b/fhem/FHEM/98_telnet.pm
@@ -21,7 +21,7 @@ telnet_Initialize($)
$hash->{UndefFn} = "telnet_Undef";
$hash->{AttrFn} = "telnet_Attr";
$hash->{NotifyFn}= "telnet_SecurityCheck";
- $hash->{AttrList} = "globalpassword password prompt ".
+ $hash->{AttrList} = "globalpassword password prompt allowedCommands ".
"allowfrom SSL connectTimeout connectInterval ".
"encoding:utf8,latin1 sslVersion";
$hash->{ActivateInformFn} = "telnet_ActivateInform";
@@ -269,7 +269,8 @@ telnet_Read($)
undef($hash->{prevlines});
}
$cmd = latin1ToUtf8($cmd) if( $hash->{encoding} eq "latin1" );
- $ret = AnalyzeCommandChain($hash, $cmd);
+ $ret = AnalyzeCommandChain($hash, $cmd,
+ AttrVal($sname,"allowedCommands",undef));
push @ret, $ret if(defined($ret));
}
} else {
@@ -420,6 +421,8 @@ telnet_ActivateInform($;$)
Attributes:
+ allowedCommands
+
- password
Specify a password, which has to be entered as the very first string
@@ -570,6 +573,8 @@ telnet_ActivateInform($;$)
Attribute
+ allowedCommands
+
- password
Bezeichnet ein Passwort, welches als allererster String eingegeben
diff --git a/fhem/fhem.pl b/fhem/fhem.pl
index 913c29e37..b8b4ec335 100755
--- a/fhem/fhem.pl
+++ b/fhem/fhem.pl
@@ -101,7 +101,7 @@ sub concatc($$$);
sub configDBUsed();
sub createNtfyHash();
sub createUniqueId();
-sub devspec2array($);
+sub devspec2array($;$);
sub doGlobalDef($);
sub escapeLogLine($);
sub evalStateFormat($);
@@ -940,6 +940,8 @@ AnalyzePerlCommand($$;$)
{
my ($cl, $cmd, $calledFromChain) = @_;
+ return "Forbidden command $cmd."
+ if($cl && $cl->{".allowed"} && $cl->{".allowed"} !~ m/\bperl\b/);
$cmd =~ s/\\ *\n/ /g; # Multi-line. Probably not needed anymore
# Make life easier for oneliners:
@@ -986,6 +988,7 @@ AnalyzeCommand($$;$)
{
my ($cl, $cmd, $allowed) = @_;
+ $cl->{".allowed"} = $allowed if($cl); Forum #38276
$cmd = "" if(!defined($cmd)); # Forum #29963
$cmd =~ s/^(\n|[ \t])*//;# Strip space or \n at the begginning
$cmd =~ s/[ \t]*$//;
@@ -994,7 +997,6 @@ AnalyzeCommand($$;$)
return undef if(!$cmd);
if($cmd =~ m/^{.*}$/s) { # Perl code
- return "Forbidden command $cmd." if($allowed && $allowed !~ m/\bperl\b/);
return AnalyzePerlCommand($cl, $cmd, 1);
}
@@ -1061,9 +1063,9 @@ AnalyzeCommand($$;$)
}
sub
-devspec2array($)
+devspec2array($;$)
{
- my ($name) = @_;
+ my ($name, $cl) = @_;
return "" if(!defined($name));
if(defined($defs{$name})) {
@@ -1096,7 +1098,7 @@ devspec2array($)
if($op eq "eval") {
my $exec = EvalSpecials($n, %{{"%DEVICE"=>$d}});
- push @res, $d if(AnalyzePerlCommand(undef, $exec));
+ push @res, $d if(AnalyzePerlCommand($cl, $exec));
next;
}
@@ -1570,7 +1572,7 @@ CommandSet($$)
return "Usage: set \n$namedef" if(int(@a)<1);
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0], $cl)) {
$a[0] = $sdev;
$defs{$sdev}->{CL} = $cl;
@@ -1594,7 +1596,7 @@ CommandGet($$)
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0], $cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;
@@ -1845,7 +1847,7 @@ CommandDelete($$)
return "Usage: delete $namedef\n" if(!$def);
my @rets;
- foreach my $sdev (devspec2array($def)) {
+ foreach my $sdev (devspec2array($def, $cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;
@@ -1894,7 +1896,7 @@ CommandDeleteAttr($$)
return "Usage: deleteattr []\n$namedef" if(@a < 1);
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0], $cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
@@ -1940,7 +1942,7 @@ CommandDisplayAttr($$)
return "Usage: displayattr []\n$namedef" if(@a < 1);
my @rets;
- my @devspec = devspec2array($a[0]);
+ my @devspec = devspec2array($a[0],$cl);
foreach my $sdev (@devspec) {
@@ -1980,7 +1982,7 @@ CommandDeleteReading($$)
%ntfyHash = ();
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
@@ -2011,7 +2013,7 @@ CommandSetReading($$)
my $err;
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
@@ -2095,7 +2097,7 @@ CommandList($$)
} else { # devspecArray
my @arg = split(" ", $param);
- my @list = devspec2array($arg[0]);
+ my @list = devspec2array($arg[0],$cl);
if($arg[1]) {
foreach my $sdev (@list) { # Show a Hash-Entry or Reading for each device
@@ -2381,7 +2383,7 @@ CommandAttr($$)
if(@a && @a < 2);
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0],$cl)) {
my $hash = $defs{$sdev};
my $attrName = $a[1];
@@ -2525,7 +2527,7 @@ CommandSetstate($$)
return "Usage: setstate \n$namedef" if(@a != 2);
my @rets;
- foreach my $sdev (devspec2array($a[0])) {
+ foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;
@@ -2585,7 +2587,7 @@ CommandTrigger($$)
$state = "" if(!defined($state));
my @rets;
- foreach my $sdev (devspec2array($dev)) {
+ foreach my $sdev (devspec2array($dev,$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;