From 6b099c7de614bebe3e61a0cbb91af459cc67f1c3 Mon Sep 17 00:00:00 2001 From: Matt Stancliff Date: Wed, 6 Aug 2014 16:56:23 -0400 Subject: [PATCH] Deny CLIENT command in scripts We don't want scripts doing CLIENT SETNAME or CLIENT KILL or CLIENT LIST or CLIENT PAUSE. Originally reported by Chris Wj then proper action inspired by Itamar Haber. Reference: https://groups.google.com/forum/#!topic/redis-db/09B2EYwyVgk --- src/redis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/redis.c b/src/redis.c index eb8bfbc6..e58ceb04 100644 --- a/src/redis.c +++ b/src/redis.c @@ -266,7 +266,7 @@ struct redisCommand redisCommandTable[] = { {"readwrite",readwriteCommand,1,"rF",0,NULL,0,0,0,0,0}, {"dump",dumpCommand,2,"ar",0,NULL,1,1,1,0,0}, {"object",objectCommand,3,"r",0,NULL,2,2,2,0,0}, - {"client",clientCommand,-2,"ar",0,NULL,0,0,0,0,0}, + {"client",clientCommand,-2,"ars",0,NULL,0,0,0,0,0}, {"eval",evalCommand,-3,"s",0,evalGetKeys,0,0,0,0,0}, {"evalsha",evalShaCommand,-3,"s",0,evalGetKeys,0,0,0,0,0}, {"slowlog",slowlogCommand,-2,"r",0,NULL,0,0,0,0,0},