Commit bfededff authored by Leigh Stoller's avatar Leigh Stoller

Do not allow geni users to supply an rspec that was derived from a

parameterized profile. Note that we don't use this path much, but
we might in the future.
parent c10cf1fa
......@@ -136,8 +136,9 @@ function Do_Instantiate()
$args["username"] = $this_user->uid();
$args["email"] = $this_user->email();
$args["profile"] = $profile->uuid();
# Guest users not allowed to provide rspec
if (isset($this_user) && array_key_exists("rspec", $ajax_args)) {
# Guest/Geni users not allowed to provide rspec
if (isset($this_user) && !$this_user->IsNonLocal() &&
array_key_exists("rspec", $ajax_args)) {
$args["rspec"] = $ajax_args["rspec"];
}
$opts = "";
......
......@@ -213,6 +213,8 @@ function SPITFORM($formfields, $newuser, $errors)
$amlist = array();
$showabout = ($ISCLOUD || !$this_user ? 1 : 0);
$registered = (isset($this_user) ? "true" : "false");
$nopprspec = (!isset($this_user) || $this_user->IsNonLocal() ?
"true" : "false");
# XSS prevention.
while (list ($key, $val) = each ($formfields)) {
......@@ -576,6 +578,7 @@ function SPITFORM($formfields, $newuser, $errors)
echo " window.PROFILE = '" . $formfields["profile"] . "';\n";
echo " window.AJAXURL = 'server-ajax.php';\n";
echo " window.SHOWABOUT = $showabout;\n";
echo " window.NOPPRSPEC = $nopprspec;\n";
echo " window.REGISTERED = $registered;\n";
if ($newuser) {
echo "window.APT_OPTIONS.isNewUser = true;\n";
......
......@@ -281,6 +281,12 @@ function (_, Constraints, sup, ppstart, aboutaptString, aboutcloudString, waitwa
}
// Enable the create button.
$('#instantiate_submit').attr('disabled', false);
if (window.NOPPRSPEC) {
alert("Geni users may configure parameterized profiles " +
"for demonstration purposes only. The parameterized " +
"configuration will not be used if you Create this " +
"experiment.");
}
}
var constraints;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment