i'm wondering whether a certain feature would be accepted. Namely, selecting a download location in the Web UI, by introducing an additional JSON-RPC endpoint (? i don't know the terminology of JSON-RPC) that scans for directories on the filesystem. Like so:
The AUTH_LEVEL for the endpoint (or RPC method) is DEFAULT so NORMAL. Is this enough protection?
The endpoint spawns piped processes and returns the output:
Code: Select all
tree -dfJL 1 --noreport | jq <rename "name" key to "id" key; del .type; del .target; .text = file's basename>
Are there any security issues with this solution that i should be aware of?
Also, i could not get TreeLoader.directFn to work, is it bugged on Extjs 3.4?
Thanks for your time.