Improve config description of webserver.api.app_sudo

Signed-off-by: DL6ER <dl6er@dl6er.de>
pi-hole · Jun 15, 2024 · 4f60134 · 4f60134
1 parent d394808
commit 4f60134
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/src/config/config.c b/src/config/config.c
@@ -1019,7 +1019,7 @@ void initConfig(struct config *conf)
 	conf->webserver.api.app_pwhash.c = validate_stub; // Only type-based checking
 
 	conf->webserver.api.app_sudo.k = "webserver.api.app_sudo";
-	conf->webserver.api.app_sudo.h = "Should the application password be allowed to modify Pi-hole config settings?\n Note that this setting is only relevant if the application password is set. Setting this to true allows third-party applications to modify advanced settings, e.g., the DNS server, DHCP server, or change passwords.\n Be aware that this setting is a security risk and should only be enabled if you trust the application and its developer.";
+	conf->webserver.api.app_sudo.h = "Should application password API sessions be allowed to modify config settings?\n Setting this to true allows third-party applications using the application password to modify advanced settings, e.g., the upstream DNS servers, DHCP server settings, or changing passwords. This setting should only be enabled if really needed and only if you trust the applications using the application password.";
 	conf->webserver.api.app_sudo.t = CONF_BOOL;
 	conf->webserver.api.app_sudo.d.b = false;
 	conf->webserver.api.app_sudo.c = validate_stub; // Only type-based checking

diff --git a/test/pihole.toml b/test/pihole.toml
@@ -1,7 +1,7 @@
-# Pi-hole configuration file (v5.25.2-1891-g7ff016f2-dirty)
+# Pi-hole configuration file (v5.25.2-1921-gd3948088-dirty)
 # Encoding: UTF-8
 # This file is managed by pihole-FTL
-# Last updated on 2024-05-30 11:37:59
+# Last updated on 2024-06-15 09:10:13 UTC
 
 [dns]
   # Array of upstream DNS servers used by Pi-hole
@@ -702,12 +702,11 @@
     #     <valid Pi-hole password hash>
     app_pwhash = ""
 
-    # Should the application password be allowed to modify Pi-hole config settings?
-    # Note that this setting is only relevant if the application password is set. Setting
-    # this to true allows third-party applications to modify advanced settings, e.g., the
-    # DNS server, DHCP server, or change passwords.
-    # Be aware that this setting is a security risk and should only be enabled if you
-    # trust the application and its developer.
+    # Should application password API sessions be allowed to modify config settings?
+    # Setting this to true allows third-party applications using the application password
+    # to modify advanced settings, e.g., the upstream DNS servers, DHCP server settings,
+    # or changing passwords. This setting should only be enabled if really needed and only
+    # if you trust the applications using the application password.
     app_sudo = false
 
     # Array of clients to be excluded from certain API responses (regex):