Changeset 169

Timestamp:

11/22/11 17:26:26 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

Fix another lurking error-log mess-maker when adding a record. See #25.

File:

• trunk/dns.cgi (modified) (12 diffs)

trunk/dns.cgi

@@ -310 +310 @@
 
   # security check - does the user have permission to access this entity?
-  if (!check_scope($webvar{group}, 'group')) {
+  if (!check_scope(id => $webvar{group}, type => 'group')) {
     changepage(page => "newdomain", add_failed => 1, domain => $webvar{domain},
         errmsg => "You do not have permission to add a domain to the requested group");
@@ -331 +331 @@
 
   # security check - does the user have permission to access this entity?
-  if (!check_scope($webvar{id}, 'domain')) {
+  if (!check_scope(id => $webvar{id}, type => 'domain')) {
     changepage(page => "domlist", errmsg => "You do not have permission to delete the requested domain");
   }
@@ -363 +363 @@
 
   # security check - does the user have permission to view this entity?
-  if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
+  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     $page->param(errmsg => "You are not permitted to view or change the requested ".
         ($webvar{defrec} eq 'y' ? "group's default records" : "domain's records"));
@@ -433 +433 @@
 
   # security check - does the user have permission to access this entity?
-  if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
+  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
     $page->param(perm_err => "You are not permitted to edit the requested record");
     goto DONEREC;
   }
   # round 2, check the parent.
-  if (!check_scope($webvar{parentid}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
+  if (!check_scope(id => $webvar{parentid}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     my $msg = ($webvar{defrec} eq 'y' ?
         "You are not permitted to add or edit default records in the requested group" :
@@ -639 +639 @@
 
   # security check - does the user have permission to view this entity?
-  if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
+  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     changepage(page => 'domlist', errmsg => "You do not have permission to edit the ".
         ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
@@ -659 +659 @@
   # security check - does the user have permission to view this entity?
   # pass 1, record ID
-  if (!check_scope($webvar{recid}, ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
+  if (!check_scope(id => $webvar{recid}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
     changepage(page => 'domlist', errmsg => "You do not have permission to edit the requested SOA record");
   }
   # pass 2, parent (group or domain) ID
-  if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
+  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     changepage(page => 'domlist', errmsg => "You do not have permission to edit the ".
         ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
@@ -877 +877 @@
 
   # security check - does the user have permission to access this entity?
-  if (!check_scope($webvar{destgroup}, 'group')) {
+  if (!check_scope(id => $webvar{destgroup}, type => 'group')) {
     $page->param(errmsg => "You are not permitted to make bulk changes in the requested group");
     goto DONEBULK;
@@ -895 +895 @@
       next unless $_ =~ /^dom_\d+$/;
       # second security check - does the user have permission to meddle with this domain?
-      if (!check_scope($webvar{$_}, 'domain')) {
+      if (!check_scope(id => $webvar{$_}, type => 'domain')) {
         $row{domerr} = "You are not permitted to make changes to the requested domain";
         $row{domain} = $webvar{$_};
@@ -925 +925 @@
       next unless $_ =~ /^dom_\d+$/;
       # second security check - does the user have permission to meddle with this domain?
-      if (!check_scope($webvar{$_}, 'domain')) {
+      if (!check_scope(id => $webvar{$_}, type => 'domain')) {
         $row{domerr} = "You are not permitted to make changes to the requested domain";
         $row{domain} = $webvar{$_};
@@ -952 +952 @@
       next unless $_ =~ /^dom_\d+$/;
       # second security check - does the user have permission to meddle with this domain?
-      if (!check_scope($webvar{$_}, 'domain')) {
+      if (!check_scope(id => $webvar{$_}, type => 'domain')) {
         $row{domerr} = "You are not permitted to make changes to the requested domain";
         $row{domain} = $webvar{$_};
@@ -1304 +1304 @@
 
     # security check - does the user have permission to access this entity?
-    if (!check_scope($webvar{group}, 'group')) {
+    if (!check_scope(id => $webvar{group}, type => 'group')) {
       $page->param(errmsg => "You are not permitted to import domains into the requested group");
       goto DONEAXFR;
@@ -2090 +2090 @@
 # so simple when defined as a sub instead of inline.  O_o
 sub check_scope {
-  my $entity = shift || '';
-  my $entype = shift || '';
+  my %args = @_;
+  my $entity = $args{id} || 0;  # prevent the shooting of feet with SQL "... intcolumn = '' ..."
+  my $entype = $args{type} || '';
 
   if ($entype eq 'group') {