From 1e2a170cf8da3a16a3fcab0742a2cf2a462b7aa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyril=20Bont=C3=A9?= Date: Thu, 3 Mar 2011 21:05:17 +0100 Subject: [PATCH] [BUG] stats: admin web interface must check the proxy state Similar to the stats socket bug, we must check that the proxy is not disabled before trying to enable/disable a server. Even if a disabled proxy is not displayed, someone can inject a faulty proxy name in the POST parameters. So, we must ensure that no disabled proxy can be used. --- src/proto_http.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 1061c35ec..649f5df6a 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -2934,7 +2934,7 @@ int http_process_req_stat_post(struct session *s, struct buffer *req) if (backend && action && get_backend_server(backend, value, &px, &sv)) { switch (action) { case 1: - if (! (sv->state & SRV_MAINTAIN)) { + if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) { /* Not already in maintenance, we can change the server state */ sv->state |= SRV_MAINTAIN; set_server_down(sv); @@ -2942,7 +2942,7 @@ int http_process_req_stat_post(struct session *s, struct buffer *req) } break; case 2: - if ((sv->state & SRV_MAINTAIN)) { + if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) { /* Already in maintenance, we can change the server state */ set_server_up(sv); sv->health = sv->rise; /* up, but will fall down at first failure */