Changeset 160 for trunk/dns.cgi
- Timestamp:
- 11/02/11 18:12:35 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r159 r160 37 37 38 38 my @debugbits; # temp, to be spit out near the end of processing 39 my $debugenv = 1;39 my $debugenv = 0; 40 40 41 41 # Let's do these templates right... … … 86 86 87 87 # per-page startwith, filter, searchsubs 88 89 ##fixme: complain-munge-and-continue with non-"[a-z0-9-.]" filter and startwith 90 $webvar{startwith} =~ s/^(0-9|[a-z]).*/$1/ if $webvar{startwith}; 91 # not much call for chars not allowed in domain names 92 $webvar{filter} =~ s/[^a-zA-Z0-9_.:@-]//g if $webvar{filter}; 93 88 94 $session->param($webvar{page}.'startwith', $webvar{startwith}) if defined($webvar{startwith}); 89 95 $session->param($webvar{page}.'filter', $webvar{filter}) if defined($webvar{filter}); … … 98 104 my $filter = $session->param($webvar{page}.'filter'); 99 105 my $searchsubs = $session->param($webvar{page}.'searchsubs'); 106 107 # ... and assemble the args 108 my @filterargs; 109 push @filterargs, "^[$startwith]" if $startwith; 110 push @filterargs, $filter if $filter; 100 111 101 112 # nrgh, can't handle login here because we don't have a database handle to check the user/pass with yet … … 121 132 use warnings qw(uninitialized); 122 133 123 # default 124 #my $perpage = 15; 125 my $perpage = 5; 134 # pagination 135 my $perpage = 15; 126 136 my $offset = ($webvar{offset} ? $webvar{offset} : 0); 127 137 … … 133 143 # note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm 134 144 # we'll catch a bad DB connect string a little further down. 145 ##fixme: pass params to loadConfig, and use them there, to allow one codebase to support multiple sites 135 146 if (!loadConfig()) { 136 147 warn "Using default configuration; unable to load custom settings: $DNSDB::errstr"; … … 288 299 unless ($permissions{admin} || $permissions{domain_create}); 289 300 301 ##fixme: scope check on $webvar{group} 290 302 my ($code,$msg) = addDomain($dbh,$webvar{domain},$webvar{group},($webvar{makeactive} eq 'on' ? 1 : 0)); 291 303 … … 303 315 unless ($permissions{admin} || $permissions{domain_delete}); 304 316 317 ##fixme: scope check on $webvar{id} 305 318 $page->param(id => $webvar{id}); 306 319 … … 317 330 my ($code,$msg) = delDomain($dbh, $webvar{id}); 318 331 if ($code ne 'OK') { 319 # need to find failure mode320 332 logaction($webvar{id}, $session->param("username"), $pargroup, "Failed to delete domain $dom ($msg)"); 321 333 changepage(page => "domlist", errmsg => "Error deleting domain $dom: $msg"); … … 340 352 $page->param(errmsg => "You are not permitted to view or change the requested ". 341 353 ($webvar{defrec} eq 'y' ? "group's default records" : "domain's records")); 342 $page->param(perm_err => 1); 354 $page->param(perm_err => 1); # this causes the template to skip the record listing output. 355 ##fixme: we could skip down to the end of the $webvar{page} eq 'reclist' block... 343 356 } 344 357 … … 354 367 # ACLs 355 368 $page->param(record_create => ($permissions{admin} || $permissions{record_create}) ); 356 # $page->param(record_edit => ($permissions{admin} || $permissions{record_edit}) ); 369 # we don't have any general edit links on the page; they're all embedded in the TMPL_LOOP 370 # $page->param(record_edit => ($permissions{admin} || $permissions{record_edit}) ); 357 371 $page->param(record_delete => ($permissions{admin} || $permissions{record_delete}) ); 358 372 … … 415 429 } 416 430 417 418 431 if ($webvar{recact} eq 'new') { 419 432 … … 433 446 unless ($permissions{admin} || $permissions{record_create}); 434 447 448 ##fixme: this should probably go in DNSDB::addRec(), need to ponder what to do about PTR and friends 435 449 # prevent out-of-domain records from getting added by appending the domain, or DOMAIN for default records 436 450 my $pname = ($webvar{defrec} eq 'y' ? 'DOMAIN' : domainName($dbh,$webvar{parentid})); … … 505 519 $webvar{name} =~ s/\.*$/\.$pname/ if $webvar{name} !~ /$pname$/; 506 520 507 ##fixme: get current/previous record info so we can log "updated 'foo A 1.2.3.4' to 'foo A 2.3.4.5'" 521 # get current/previous record info so we can log "updated 'foo A 1.2.3.4' to 'foo A 2.3.4.5'" 522 my $oldrec = getRecLine($dbh, $webvar{defrec}, $webvar{id}); 508 523 509 524 my ($code,$msg) = updateRec($dbh,$webvar{defrec},$webvar{id}, … … 513 528 if ($code eq 'OK') { 514 529 if ($webvar{defrec} eq 'y') { 515 my $restr = "Updated default record '$webvar{name} $typemap{$webvar{type}} $webvar{address}', TTL $webvar{ttl}"; 530 my $restr = "Updated default record from '$oldrec->{host} $typemap{$oldrec->{type}} $oldrec->{val}', TTL $oldrec->{ttl}\n". 531 "to '$webvar{name} $typemap{$webvar{type}} $webvar{address}', TTL $webvar{ttl}"; 516 532 logaction(0, $session->param("username"), $webvar{parentid}, $restr); 517 533 changepage(page => "reclist", id => $webvar{parentid}, defrec => $webvar{defrec}, resultmsg => $restr); 518 534 } else { 519 my $restr = "Updated record '$webvar{name} $typemap{$webvar{type}} $webvar{address}', TTL $webvar{ttl}"; 535 my $restr = "Updated record from '$oldrec->{host} $typemap{$oldrec->{type}} $oldrec->{val}', TTL $oldrec->{ttl}\n". 536 "to '$webvar{name} $typemap{$webvar{type}} $webvar{address}', TTL $webvar{ttl}"; 520 537 logaction($webvar{parentid}, $session->param("username"), parentID($webvar{id}, 'rec', 'group'), $restr); 521 538 changepage(page => "reclist", id => $webvar{parentid}, defrec => $webvar{defrec}, resultmsg => $restr); … … 1147 1164 } 1148 1165 1149 #} elsif ($webvar{page} eq 'edituser') {1150 1151 1166 } elsif ($webvar{page} eq 'dnsq') { 1152 1167 … … 1496 1511 $page->param(ttl => $soa{ttl}); 1497 1512 1498 # $startwith = $session->param($webvar{page}.'startwith');1499 # $filter = $session->param($webvar{page}.'filter');1500 1501 1513 my $foo2 = getDomRecs($dbh,$def,$id,$perpage,$webvar{offset},$sortby,$sortorder,$filter); 1502 1514 … … 1650 1662 sub listdomains { 1651 1663 1652 # $startwith = $session->param($webvar{page}.'startwith');1653 # $filter = $session->param($webvar{page}.'filter');1654 1664 $searchsubs = $session->param($webvar{page}.'searchsubs'); 1655 1665 … … 1659 1669 $page->param(domain_delete => ($permissions{admin} || $permissions{domain_delete}) ); 1660 1670 1661 ##fixme: $logingroup or $curgroup?1662 1671 my @childgroups; 1663 1672 getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs; … … 1665 1674 1666 1675 my $sql = "SELECT count(*) FROM domains WHERE group_id IN ($curgroup".($childlist ? ",$childlist" : '').")". 1667 ($startwith ? " AND domain ~* '^[$startwith]'" : '').1668 ($filter ? " AND domain ~* '$filter'" : '');1676 ($startwith ? " AND domain ~* ?" : ''). 1677 ($filter ? " AND domain ~* ?" : ''); 1669 1678 my $sth = $dbh->prepare($sql); 1670 $sth->execute ;1679 $sth->execute(@filterargs); 1671 1680 my ($count) = $sth->fetchrow_array; 1672 1681 … … 1687 1696 fill_colheads($sortby, $sortorder, \@cols, \%colheads); 1688 1697 1689 # $page->param(sortorder => $sortorder);1690 1698 # hack! hack! pthbttt. have to rethink the status column storage, 1691 1699 # or inactive comes "before" active. *sigh* … … 1707 1715 " INNER JOIN groups ON domains.group_id=groups.group_id". 1708 1716 " WHERE domains.group_id IN ($curgroup".($childlist ? ",$childlist" : '').")". 1709 ##fixme: don't do variable subs in SQL, use placeholders and params in ->execute() 1710 ($startwith ? " AND domain ~* '^[$startwith]'" : ''). 1711 ($filter ? " AND domain ~* '$filter'" : ''). 1717 ($startwith ? " AND domain ~* ?" : ''). 1718 ($filter ? " AND domain ~* ?" : ''). 1712 1719 " ORDER BY ".($sortby eq 'group' ? 'groups.group_name' : $sortby). 1713 1720 " $sortorder ".($offset eq 'all' ? '' : " LIMIT $perpage OFFSET ".$offset*$perpage); 1714 1721 $sth = $dbh->prepare($sql); 1715 $sth->execute ;1722 $sth->execute(@filterargs); 1716 1723 my $rownum = 0; 1717 1724 while (my @data = $sth->fetchrow_array) { … … 1722 1729 $row{group} = $data[3]; 1723 1730 $row{bg} = ($rownum++)%2; 1724 # $row{mkactive} = ($data[2] eq 'inactive' ? 1 : 0);1725 1731 $row{mkactive} = !$data[2]; 1726 1732 $row{sid} = $sid; … … 1729 1735 $row{domain_edit} = ($permissions{admin} || $permissions{domain_edit}); 1730 1736 $row{domain_delete} = ($permissions{admin} || $permissions{domain_delete}); 1731 ##fixme: need to clean up status indicator/usage/inversion1732 1737 push @domlist, \%row; 1733 1738 } … … 1744 1749 $page->param(errmsg => "You are not permitted to view the requested group"); 1745 1750 $curgroup = $logingroup; 1746 # changepage(page => grpman, errmsg => "You are not permitted to view the requested group"); 1747 # return; 1748 } 1749 # if ( grep { eq $curgroup }, @childlist ) { 1750 # errmsg => "You are not permitted to view this group" 1751 # return; 1752 # } 1751 } 1753 1752 1754 1753 my @childgroups; … … 1757 1756 1758 1757 my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').")". 1759 ($startwith ? " AND group_name ~* '^[$startwith]'" : '').1760 ($filter ? " AND group_name ~* '$filter'" : '');1758 ($startwith ? " AND group_name ~* ?" : ''). 1759 ($filter ? " AND group_name ~* ?" : ''); 1761 1760 my $sth = $dbh->prepare($sql); 1762 1763 $sth->execute; 1761 $sth->execute(@filterargs); 1764 1762 my ($count) = ($sth->fetchrow_array); 1763 1765 1764 # fill page count and first-previous-next-last-all bits 1766 ##fixme - hardcoded group bit1767 1765 fill_pgcount($count,"groups",''); 1768 1766 fill_fpnla($count); … … 1794 1792 1795 1793 my @grouplist; 1796 $s th = $dbh->prepare("SELECT g.group_id, g.group_name, g2.group_name, ".1794 $sql = "SELECT g.group_id, g.group_name, g2.group_name, ". 1797 1795 "count(distinct(u.username)) AS nusers, count(distinct(d.domain)) AS ndomains ". 1798 1796 "FROM groups g ". … … 1801 1799 "LEFT OUTER JOIN domains d ON d.group_id=g.group_id ". 1802 1800 "WHERE g.parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').") ". 1803 ##fixme: don't do variable subs in SQL, use placeholders and params in ->execute() 1804 ($startwith ? " AND g.group_name ~* '^[$startwith]'" : ''). 1805 ($filter ? " AND g.group_name ~* '$filter'" : ''). 1801 ($startwith ? " AND g.group_name ~* ?" : ''). 1802 ($filter ? " AND g.group_name ~* ?" : ''). 1806 1803 " GROUP BY g.group_id, g.group_name, g2.group_name ". 1807 1804 " ORDER BY $sortby $sortorder ". 1808 ($offset eq 'all' ? '' : " LIMIT $perpage OFFSET ".$offset*$perpage)); 1809 $sth->execute; 1805 ($offset eq 'all' ? '' : " LIMIT $perpage OFFSET ".$offset*$perpage); 1806 $sth = $dbh->prepare($sql); 1807 $sth->execute(@filterargs); 1810 1808 1811 1809 my $rownum = 0; … … 1866 1864 1867 1865 my $sql = "SELECT count(*) FROM users WHERE group_id IN ($curgroup".($childlist ? ",$childlist" : '').")". 1868 ($startwith ? " AND username ~* '^[$startwith]'" : '').1869 ($filter ? " AND username ~* '$filter'" : '');1866 ($startwith ? " AND username ~* ?" : ''). 1867 ($filter ? " AND username ~* ?" : ''); 1870 1868 my $sth = $dbh->prepare($sql); 1871 $sth->execute ;1869 $sth->execute(@filterargs); 1872 1870 my ($count) = ($sth->fetchrow_array); 1873 1871 … … 1907 1905 "INNER JOIN groups g ON u.group_id=g.group_id ". 1908 1906 "WHERE u.group_id IN ($curgroup".($childlist ? ",$childlist" : '').")". 1909 ##fixme: don't do variable subs in SQL, use placeholders and params in ->execute() 1910 ($startwith ? " AND u.username ~* '^[$startwith]'" : ''). 1911 ($filter ? " AND u.username ~* '$filter'" : ''). 1907 ($startwith ? " AND u.username ~* ?" : ''). 1908 ($filter ? " AND u.username ~* ?" : ''). 1912 1909 " ORDER BY $sortby $sortorder ". 1913 1910 ($offset eq 'all' ? '' : " LIMIT $perpage OFFSET ".$offset*$perpage); 1914 1911 1915 1912 $sth = $dbh->prepare($sql); 1916 $sth->execute ;1913 $sth->execute(@filterargs); 1917 1914 1918 1915 my $rownum = 0;
Note:
See TracChangeset
for help on using the changeset viewer.