Index: trunk/dns.cgi
===================================================================
--- trunk/dns.cgi	(revision 388)
+++ trunk/dns.cgi	(revision 389)
@@ -642,6 +642,10 @@
 	unless ($permissions{admin} || $permissions{record_create});
 
+    # location check - if user does not have record_locchg, set $webvar{location} to default location for zone
+    my $parloc = getZoneLocation($dbh, $webvar{revrec}, $webvar{parentid});
+    $webvar{location} = $parloc unless ($permissions{admin} || $permissions{record_locchg});
+
     my @recargs = ($dbh,$webvar{defrec},$webvar{revrec},$webvar{parentid},
-	\$webvar{name},\$webvar{type},\$webvar{address},$webvar{ttl});
+	\$webvar{name},\$webvar{type},\$webvar{address},$webvar{ttl},$webvar{location});
     if ($webvar{type} == $reverse_typemap{MX} or $webvar{type} == $reverse_typemap{SRV}) {
       push @recargs, $webvar{distance};
@@ -701,6 +705,10 @@
 	unless ($permissions{admin} || $permissions{record_edit});
 
+    # retain old location if user doesn't have permission to fiddle locations
+    my $oldrec = getRecLine($dbh, $webvar{defrec}, $webvar{revrec}, $webvar{id});
+    $webvar{location} = $oldrec->{location} unless ($permissions{admin} || $permissions{record_locchg});
+
     my ($code,$msg) = updateRec($dbh,$webvar{defrec},$webvar{revrec},$webvar{id},$webvar{parentid},
-	\$webvar{name},\$webvar{type},\$webvar{address},$webvar{ttl},
+	\$webvar{name},\$webvar{type},\$webvar{address},$webvar{ttl},$webvar{location},
 	$webvar{distance},$webvar{weight},$webvar{port});