Changeset 169 for trunk/dns.cgi


Ignore:
Timestamp:
11/22/11 17:26:26 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

Fix another lurking error-log mess-maker when adding a record. See #25.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r168 r169  
    310310
    311311  # security check - does the user have permission to access this entity?
    312   if (!check_scope($webvar{group}, 'group')) {
     312  if (!check_scope(id => $webvar{group}, type => 'group')) {
    313313    changepage(page => "newdomain", add_failed => 1, domain => $webvar{domain},
    314314        errmsg => "You do not have permission to add a domain to the requested group");
     
    331331
    332332  # security check - does the user have permission to access this entity?
    333   if (!check_scope($webvar{id}, 'domain')) {
     333  if (!check_scope(id => $webvar{id}, type => 'domain')) {
    334334    changepage(page => "domlist", errmsg => "You do not have permission to delete the requested domain");
    335335  }
     
    363363
    364364  # security check - does the user have permission to view this entity?
    365   if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     365  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
    366366    $page->param(errmsg => "You are not permitted to view or change the requested ".
    367367        ($webvar{defrec} eq 'y' ? "group's default records" : "domain's records"));
     
    433433
    434434  # security check - does the user have permission to access this entity?
    435   if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
     435  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
    436436    $page->param(perm_err => "You are not permitted to edit the requested record");
    437437    goto DONEREC;
    438438  }
    439439  # round 2, check the parent.
    440   if (!check_scope($webvar{parentid}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     440  if (!check_scope(id => $webvar{parentid}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
    441441    my $msg = ($webvar{defrec} eq 'y' ?
    442442        "You are not permitted to add or edit default records in the requested group" :
     
    639639
    640640  # security check - does the user have permission to view this entity?
    641   if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     641  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
    642642    changepage(page => 'domlist', errmsg => "You do not have permission to edit the ".
    643643        ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
     
    659659  # security check - does the user have permission to view this entity?
    660660  # pass 1, record ID
    661   if (!check_scope($webvar{recid}, ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
     661  if (!check_scope(id => $webvar{recid}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
    662662    changepage(page => 'domlist', errmsg => "You do not have permission to edit the requested SOA record");
    663663  }
    664664  # pass 2, parent (group or domain) ID
    665   if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
     665  if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
    666666    changepage(page => 'domlist', errmsg => "You do not have permission to edit the ".
    667667        ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
     
    877877
    878878  # security check - does the user have permission to access this entity?
    879   if (!check_scope($webvar{destgroup}, 'group')) {
     879  if (!check_scope(id => $webvar{destgroup}, type => 'group')) {
    880880    $page->param(errmsg => "You are not permitted to make bulk changes in the requested group");
    881881    goto DONEBULK;
     
    895895      next unless $_ =~ /^dom_\d+$/;
    896896      # second security check - does the user have permission to meddle with this domain?
    897       if (!check_scope($webvar{$_}, 'domain')) {
     897      if (!check_scope(id => $webvar{$_}, type => 'domain')) {
    898898        $row{domerr} = "You are not permitted to make changes to the requested domain";
    899899        $row{domain} = $webvar{$_};
     
    925925      next unless $_ =~ /^dom_\d+$/;
    926926      # second security check - does the user have permission to meddle with this domain?
    927       if (!check_scope($webvar{$_}, 'domain')) {
     927      if (!check_scope(id => $webvar{$_}, type => 'domain')) {
    928928        $row{domerr} = "You are not permitted to make changes to the requested domain";
    929929        $row{domain} = $webvar{$_};
     
    952952      next unless $_ =~ /^dom_\d+$/;
    953953      # second security check - does the user have permission to meddle with this domain?
    954       if (!check_scope($webvar{$_}, 'domain')) {
     954      if (!check_scope(id => $webvar{$_}, type => 'domain')) {
    955955        $row{domerr} = "You are not permitted to make changes to the requested domain";
    956956        $row{domain} = $webvar{$_};
     
    13041304
    13051305    # security check - does the user have permission to access this entity?
    1306     if (!check_scope($webvar{group}, 'group')) {
     1306    if (!check_scope(id => $webvar{group}, type => 'group')) {
    13071307      $page->param(errmsg => "You are not permitted to import domains into the requested group");
    13081308      goto DONEAXFR;
     
    20902090# so simple when defined as a sub instead of inline.  O_o
    20912091sub check_scope {
    2092   my $entity = shift || '';
    2093   my $entype = shift || '';
     2092  my %args = @_;
     2093  my $entity = $args{id} || 0;  # prevent the shooting of feet with SQL "... intcolumn = '' ..."
     2094  my $entype = $args{type} || '';
    20942095
    20952096  if ($entype eq 'group') {
Note: See TracChangeset for help on using the changeset viewer.