From 9f27831c461c2571f9189c673ae686cf9f706f14 Mon Sep 17 00:00:00 2001 From: Kano Date: Mon, 2 Sep 2013 22:29:40 +1000 Subject: [PATCH] miner.php disable 'gen' by default --- API-README | 10 ++++++++++ miner.php | 16 ++++++++++++---- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/API-README b/API-README index 0701750e..2829b95d 100644 --- a/API-README +++ b/API-README @@ -1247,6 +1247,16 @@ N.B. the accuracy of the timing used to wait for the replies is --------- +Default: + $allowgen = false; + +Set $allowgen to true to allow customsummarypages to use 'gen' +false means ignore any 'gen' options +This is disabled by default due to the possible security risk +of using it, see the end of this document for an explanation + +--------- + Default: $rigipsecurity = true; diff --git a/miner.php b/miner.php index 89b6befd..fb5efbd0 100644 --- a/miner.php +++ b/miner.php @@ -3,7 +3,7 @@ session_start(); # global $doctype, $title, $miner, $port, $readonly, $notify, $rigs; global $mcast, $mcastexpect, $mcastaddr, $mcastport, $mcastcode; -global $mcastlistport, $mcasttimeout; +global $mcastlistport, $mcasttimeout, $allowgen; global $rigipsecurity, $rigtotals, $forcerigtotals; global $socksndtimeoutsec, $sockrcvtimeoutsec; global $checklastshare, $poolinputs, $hidefields; @@ -70,6 +70,10 @@ $mcastlistport = 4027; # to wait for replies to the Multicast message $mcasttimeout = 1.5; # +# Set $allowgen to true to allow customsummarypages to use 'gen' +# false means ignore any 'gen' options +$allowgen = false; +# # Set $rigipsecurity to false to show the IP/Port of the rig # in the socket error messages and also show the full socket message $rigipsecurity = true; @@ -145,7 +149,7 @@ $poolspage = array( 'POOL.Has GBT=GBT', 'STATS.Times Sent=TSent', 'STATS.Bytes Sent=BSent', 'STATS.Net Bytes Sent=NSent', 'STATS.Times Recv=TRecv', 'STATS.Bytes Recv=BRecv', - 'STATS.Net Bytes Recv=NRecv')); + 'STATS.Net Bytes Recv=NRecv', 'GEN.AvShr=AvShr')); # $poolssum = array( 'SUMMARY' => array('MHS av', 'Found Blocks', 'Accepted', @@ -162,7 +166,9 @@ $poolsext = array( 'calc' => array('POOL.Difficulty Accepted' => 'sum', 'POOL.Difficulty Rejected' => 'sum', 'STATS.Times Sent' => 'sum', 'STATS.Bytes Sent' => 'sum', 'STATS.Net Bytes Sent' => 'sum', 'STATS.Times Recv' => 'sum', - 'STATS.Bytes Recv' => 'sum', 'STATS.Net Bytes Recv' => 'sum'), + 'STATS.Bytes Recv' => 'sum', 'STATS.Net Bytes Recv' => 'sum', + 'POOL.Accepted' => 'sum'), + 'gen' => array('AvShr' => 'round(POOL.Difficulty Accepted/max(POOL.Accepted,1)*100)/100'), 'having' => array(array('STATS.Bytes Recv', '>', 0))) ); @@ -2396,6 +2402,8 @@ function dogen($ext, $section, &$res, &$fields) # function processext($ext, $section, $res, &$fields) { + global $allowgen; + $res = processcompare('where', $ext, $section, $res); if (isset($ext[$section]['group'])) @@ -2464,7 +2472,7 @@ function processext($ext, $section, $res, &$fields) } // Generated fields (functions of other fields) - if (isset($ext[$section]['gen'])) + if ($allowgen === true && isset($ext[$section]['gen'])) dogen($ext, $section, $res, $fields); return processcompare('having', $ext, $section, $res);