From 5d1673ed91c4fd5bba49c11bc7eddad93b1be4ed Mon Sep 17 00:00:00 2001
From: Jesse Norell <jesse@kci.net>
Date: Fri, 17 May 2019 17:44:17 +0200
Subject: [PATCH] Update rest.php to check if remote api is allowed.

---
 interface/web/remote/rest.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/interface/web/remote/rest.php b/interface/web/remote/rest.php
index d579150045..4f202c6eee 100644
--- a/interface/web/remote/rest.php
+++ b/interface/web/remote/rest.php
@@ -6,7 +6,11 @@ require_once '../../lib/config.inc.php';
 $conf['start_session'] = false;
 require_once '../../lib/app.inc.php';
 
-$app->load('rest_handler');
+$app->load('rest_handler,getconf');
+
+$security_config = $app->getconf->get_security_config('permissions');
+if($security_config['remote_api_allowed'] != 'yes') die('Remote API is disabled in security settings.');
+
 $rest_handler = new ISPConfigRESTHandler();
 $rest_handler->run();
 
-- 
GitLab