PaperCut NG/MF version 22.1.1 introduced changes for how to enable and control print scripting, device scripting, and swipe card number conversions. The changes reduced the impact of vulnerabilities that might occur from executing potentially unsafe code.
These features are enabled and configured via security config keys in the security.properties file.
Each script you write can be enabled per printer or device. You can also easily copy scripts to other printers and devices.
Security properties keys - default values
| Security.properties key | Default value |
security.print-and-device.script.enabled= | N |
security.print-script.allow-unsafe-code= | N |
security.device-script.allow-unsafe-code= | N |
Location of the keys
The keys are stored in the security.properties file, which is in [app-server]/server for all operating systems.
Enabling Print Scripting and Device Scripting
-
In any operating system, open the
[app-path]/server/security.propertiesfile.Windows
a. In the Start menu, right-click Notepad and select Run as administrator.
b. From the File menu select Open.
c. Browse to and open the
security.propertiesfile.macOS/Linux
We recommend using
sudoorsuto open the file in your favorite editor as root. -
Find the
security.print-and-device.script.enabled=Nconfig key and set it toY. -
Save the
security.propertiesfile. -
Restart the PaperCut Application Server .
The Advanced Scripting page is enabled for both print scripts and device scripts. In the admin interface, you’ll find the pages at:
- Printers > [printer name] > Scripting
- Devices > [device name] > Scripting
-
If your scripts contain extended Java classes, perform these additional steps .
Disabling Print Scripting and Device Scripting
To disable print and device scripts:
-
In any operating system, open the
[app-path]/server/security.propertiesfile.Windows
a. In the Start menu, right-click Notepad and select Run as administrator.
b. From the File menu select Open.
c. Browse to and open the
security.propertiesfile.macOS/Linux
We recommend using
sudoorsuto open the file in your favorite editor as root. -
Set security.print-and-device.script.enabled= to N.
-
Set
security.print-and-device.script.enabled=toN.
Enabling card converter scripts
Card converter scripts are JavaScript code that administrators can enable to perform advanced manipulations of the card number read from a user’s card. PaperCut NG/MF supports multiple built-in methods to convert card numbers to change the format of the card. You can use JavaScript alongside other built-in methods to manipulate card numbers.
To enable JavaScript card conversions:
-
Create a text file in a folder on the server of your choice, for example,
[install-path]/server/custom/card.js. -
Edit this file to define a single JavaScript function called convert. It should accept and return a single string. Here’s an example:
function convert(cardNumber) {return cardNumber.substring(3,10).toLowerCase();} -
Save the file.
-
Open the
[app-path]/server/security.propertiesfile, which is in[app-server]\serverfor all operating systems.Windows
a. In the Start menu, right-click Notepad and select Run as administrator.
b. From the File menu select Open.
c. Browse to and open the
security.propertiesfile.macOS/Linux
We recommend using
sudoorsuto open the file in your favorite editor as root. -
Find the
security.card-no-converter-script.path-allow-listconfig key. -
At the end of the key, type the full path, or multiple full paths separated by semicolons, to the folder(s) that the JavaScript file(s) you created earlier are saved in.
- Do not use relative paths.
- Do not include the name of the executable.
For Windows paths using backslashes, enter each backslash as a double backslash (\\). Spaces are OK. Always add slashes to the end of the path.
Examples:
- Linux:
/custom/;/custom/subfolder/; - Windows:
C:\\folder\\;c:\\apps\\;C:\\\Program Files\My Scripts\\
-
Save the
security.propertiesfile. -
In the admin interface, go to Options > Config Editor.
-
Search for
ext-device.card-no-converter. -
Type the word
javascript:followed by the full path to the JavaScript file you created earlier into the form, for example,javascript:custom/card.js. -
If your JavaScript contains extended Java classes, follow the steps in Using extended Java classes in scripts .
Disabling card converter scripts
-
Open the
[app-path]/server/security.propertiesfile, which is in[app-server]\serverfor all operating systems.Windows
a. In the Start menu, right-click Notepad and select Run as administrator.
b. From the File menu select Open.
c. Browse to and open the
security.propertiesfile.macOS/Linux
We recommend using
sudoorsuto open the file in your favorite editor as root. -
Find the
security.card-no-converter-script.path-allow-listconfig key. -
Delete any paths entered in the config key.
-
Save the
security.propertiesfile. -
Go to Options > Config Editor.
-
Search for
ext-device.card-no-converter. -
Delete any paths preceded by
JavaScript:.
FAQs
What exactly is ‘unsafe code’?
What happens if I disable scripting by mistake and I have a script enabled on a printer?
If you have a script enabled on a printer, and then you set `security.print-and-device.script.enabled` to N, the Application Server will process the job as though the script doesn’t exist.
Depending on the contents of the script, it could fail in different ways. For example, if a print script triggers a popup with a warning to the user, the popup will no longer appear and the job will be processed as though the script doesn’t exist.
I’m using javascript for card number conversions - will this stop working if I switch off print and device scripting?
ext-device.card-no-converter to call a script to convert card numbers, this will continue to work successfully, even if you have set security.print-script.allow-unsafe-code to N. See Enabling card converter scripts above.
Comments