- Timestamp:
- 12/01/11 14:58:18 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r174 r176 83 83 $session->param('reclistsortby','host'); 84 84 $session->param('reclistorder','ASC'); 85 # $session->param('filter','login');86 # $session->param('startwith','login');87 # $session->param('searchsubs','login');88 85 } 89 86 … … 103 100 my $curgroup = ($session->param('curgroup') ? $session->param('curgroup') : $logingroup); 104 101 102 # decide which page to spit out... 103 # also set $webvar{page} before we try to use it. 104 $webvar{page} = 'login' if !$webvar{page}; 105 105 106 # per-page startwith, filter, searchsubs 106 107 … … 109 110 # not much call for chars not allowed in domain names 110 111 $webvar{filter} =~ s/[^a-zA-Z0-9_.:@-]//g if $webvar{filter}; 112 ## only set 'y' if box is checked, no other values legal 113 ## however, see https://secure.deepnet.cx/trac/dnsadmin/ticket/31 114 # first, drop obvious fakes 115 delete $webvar{searchsubs} if $webvar{searchsubs} && $webvar{searchsubs} !~ /^[ny]/; 116 # strip the known "turn me off!" bit. 117 $webvar{searchsubs} =~ s/^n\s?// if $webvar{searchsubs}; 118 # strip non-y/n - note this legitimately allows {searchsubs} to go empty 119 $webvar{searchsubs} =~ s/[^yn]//g if $webvar{searchsubs}; 111 120 112 121 $session->param($webvar{page}.'startwith', $webvar{startwith}) if defined($webvar{startwith}); 113 122 $session->param($webvar{page}.'filter', $webvar{filter}) if defined($webvar{filter}); 114 $webvar{searchsubs} =~ s/^n ?// if $webvar{searchsubs};115 123 $session->param($webvar{page}.'searchsubs', $webvar{searchsubs}) if defined($webvar{searchsubs}); 116 117 # decide which page to spit out...118 # also set $webvar{page} before we try to use it.119 $webvar{page} = 'login' if !$webvar{page};120 124 121 125 my $startwith = $session->param($webvar{page}.'startwith'); … … 1741 1745 1742 1746 sub listdomains { 1743 1744 $searchsubs = $session->param($webvar{page}.'searchsubs');1745 1747 1746 1748 # ACLs
Note:
See TracChangeset
for help on using the changeset viewer.