Changeset 159


Ignore:
Timestamp:
10/28/11 17:42:47 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

Prevent out-of-domain records from being added by appending the domain

if it's not already there. Append DOMAIN for group default records.

Remove some stale ##fixme/todo comments
Remove a stray bare "return" causing record updates to not get logged

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/dns.cgi

    r158 r159  
    433433        unless ($permissions{admin} || $permissions{record_create});
    434434
     435    # prevent out-of-domain records from getting added by appending the domain, or DOMAIN for default records
     436    my $pname = ($webvar{defrec} eq 'y' ? 'DOMAIN' : domainName($dbh,$webvar{parentid}));
     437    $webvar{name} =~ s/\.*$/\.$pname/ if $webvar{name} !~ /$pname$/;
     438
    435439    my @recargs = ($dbh,$webvar{defrec},$webvar{parentid},$webvar{name},$webvar{type},$webvar{address},$webvar{ttl});
    436440    if ($webvar{type} == $reverse_typemap{MX} or $webvar{type} == $reverse_typemap{SRV}) {
     
    478482        unless ($permissions{admin} || $permissions{record_edit});
    479483
    480 # check perms to see if the record is "out of scope" for the user
    481484    $page->param(todo           => "Update record");
    482485    $page->param(recact         => "update");
     
    498501        unless ($permissions{admin} || $permissions{record_edit});
    499502
     503    # prevent out-of-domain records from getting added by appending the domain, or DOMAIN for default records
     504    my $pname = ($webvar{defrec} eq 'y' ? 'DOMAIN' : domainName($dbh,$webvar{parentid}));
     505    $webvar{name} =~ s/\.*$/\.$pname/ if $webvar{name} !~ /$pname$/;
     506
     507##fixme:  get current/previous record info so we can log "updated 'foo A 1.2.3.4' to 'foo A 2.3.4.5'"
     508
    500509    my ($code,$msg) = updateRec($dbh,$webvar{defrec},$webvar{id},
    501510        $webvar{name},$webvar{type},$webvar{address},$webvar{ttl},
     
    503512
    504513    if ($code eq 'OK') {
    505 ##fixme:  need more magic to get proper group - if domain was fiddled
    506 # from search-subgroups listing, may not be "current" group
    507 
    508 # SELECT d.group_id FROM domains d INNER JOIN records r ON d.domain_id=r.domain_id WHERE r.record_id=?
    509 # $sth->execute($webvar{id});
    510 ##log
    511514      if ($webvar{defrec} eq 'y') {
    512515        my $restr = "Updated default record '$webvar{name} $typemap{$webvar{type}} $webvar{address}', TTL $webvar{ttl}";
     
    20062009      $sql = "SELECT group_id FROM default_records WHERE record_id=?";
    20072010    } else {
    2008       return
    20092011      $sql = "SELECT d.group_id FROM domains d".
    20102012        " INNER JOIN records r ON d.domain_id=r.domain_id".
Note: See TracChangeset for help on using the changeset viewer.