Changeset 839


Ignore:
Timestamp:
04/21/22 17:55:49 (3 years ago)
Author:
Kris Deugau
Message:

/trunk

Update dns.cgi include path finder - see #80
Allow more characters through from the web layer to the back end for the

record search and record list filter, building on r838

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/dns.cgi

    r797 r839  
    3535#  return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
    3636#}
    37 #use Cwd 'abs_path';
    38 #use File::Basename;
    39 #use lib dirname( abs_path $0 );
    40 #die "argh!  tainted!" if is_tainted($0);
    41 #die "argh! \@INC got tainted!" if is_tainted(@INC);
    42 
    43 # push "the directory the script is in" into @INC
    44 use FindBin;
    45 use lib "$FindBin::RealBin/";
     37
     38# Taint-safe (ish) voodoo to push "the directory the script is in" into @INC.
     39# See https://secure.deepnet.cx/trac/dnsadmin/ticket/80 for more gory details on how we got here.
     40use File::Spec ();
     41use File::Basename ();
     42my $path;
     43BEGIN {
     44    $path = File::Basename::dirname(File::Spec->rel2abs($0));
     45    if ($path =~ /(.*)/) {
     46        $path = $1;
     47    }
     48}
     49use lib $path;
    4650
    4751use DNSDB;
     
    121125$webvar{startwith} =~ s/^(0-9|[a-z]).*/$1/ if $webvar{startwith};
    122126# not much call for chars not allowed in domain names
    123 $webvar{filter} =~ s/[^a-zA-Z0-9_.:\@%-]//g if $webvar{filter};
     127# allow <>= so searches can use the Postgres CIDR operators
     128# allow , for things like DMARC records
     129$webvar{filter} =~ s{[^a-zA-Z0-9_.,:\@%<>=/-]}{}g if $webvar{filter};
    124130## only set 'y' if box is checked, no other values legal
    125131## however, see https://secure.deepnet.cx/trac/dnsadmin/ticket/31
     
    18981904  # need to search on characters outside this set until we get into IDNs
    18991905  # note this is a little larger due to template records
    1900   $webvar{searchfor} =~ s/[^a-zA-Z0-9_.:\@%-]//g if $webvar{searchfor};
     1906  # allow <>= so searches can use the Postgres CIDR operators
     1907  # allow , for things like DMARC records
     1908  $webvar{searchfor} =~ s{[^a-zA-Z0-9_.,:\@%<>=/-]}{}g if $webvar{searchfor};
    19011909
    19021910  # save the search in the session, same as the "filter" in various other lists...
Note: See TracChangeset for help on using the changeset viewer.