Calling cpanel_exec_fast from CGI script under cpsessXXXX system results in errors.

KostonConsulting

Well-Known Member
Verifed Vendor
Jun 17, 2010
255
1
68
San Francisco, CA
cPanel Access Level
Root Administrator
Hello,
It seems that recently, cPanel URLs are now under a session system that adds /cpsessXXXX/ before the theme URL. Under this system, scripts no longer work that call the XML API using cpanel_exec_fast as outline in the cPanel docs: CallingAPIFunctions < AllDocumentation/AutomationIntegration < TWiki

Has anyone else experienced this issue? Any docs or knowledge on how to connect to the cpsessXXXXX system within scripts?
 

KostonConsulting

Well-Known Member
Verifed Vendor
Jun 17, 2010
255
1
68
San Francisco, CA
cPanel Access Level
Root Administrator
Re: Calling cpanel_exec_fast from CGI script under cpsessXXXX system results in error

As an update, I'm calling a script: xxx.cgi from an AJAX request through a relative URL as discussed on in this integration blog post about secuirty tokens using this code:

Code:
function call_out(){
			var postData = 'code=12345';
			var ajaxURL = '/3rdparty/issue.cgi';
			var callback = {
				success: function(o){
					alert('success');
				},
				failure: function(o){
					alert('failure');
				}
			}
			var transaction = YAHOO.util.Connect.asyncRequest('POST', ajaxURL, callback, postData);

			return false;
		}

When making the call, I get the following error:




Has anyone else seen this issue? If so, how can it be averted without forcing users to disable security tokens?
 

KostonConsulting

Well-Known Member
Verifed Vendor
Jun 17, 2010
255
1
68
San Francisco, CA
cPanel Access Level
Root Administrator
Re: Calling cpanel_exec_fast from CGI script under cpsessXXXX system results in error

Got a response back from Matt @ cPanel on this and things seem to be working fine with his changes:

1. Need to add CPANEL.security_token before the URL to print out the /cpsessXXXX:

What used to be:
Code:
var ajaxURL = '/3rdparty/script.cgi';
Should now be:
Code:
var ajaxURL = CPANEL.security_token + '/3rdparty/script.cgi';
The CPANEL.security_token variable is implemented in stdheader.html so anything in /frontend/${theme}/* will have access to the variable.


2. Need to output the security token session data in the CGI file's HTML output:

Code:
<script type="text/javascript">
	if ( !("CPANEL" in window) ) CPANEL = {};
	CPANEL.security_token = "$ENV{'cp_security_token'}";
	</script>


Hopefully this will help someone else. Thanks to Matt from cPanel for the solution.