Changeset 782 for trunk/cgi-bin/main.cgi
- Timestamp:
- 10/08/15 17:09:51 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/cgi-bin/main.cgi
r780 r782 434 434 ## end node hack 435 435 436 $page->param( privdata=> $IPDBacl{$authuser} =~ /s/);436 $page->param(nocling => $IPDBacl{$authuser} =~ /s/); 437 437 438 438 } # assignBlock … … 657 657 658 658 # Check to see if user is allowed to do anything with sensitive data 659 my $privdata = ''; 660 $page->param(privdata => $q->escapeHTML($webvar{privdata},'y')) 661 if $IPDBacl{$authuser} =~ /s/; 659 if ($IPDBacl{$authuser} =~ /s/) { 660 $page->param(nocling => 1); 661 $page->param(privdata => $q->escapeHTML($webvar{privdata},'y')); 662 663 $page->param(backupfields => $webvar{backupfields}); 664 $page->param(bkbrand => $webvar{bkbrand}); 665 $page->param(bkmodel => $webvar{bkmodel}); 666 $page->param(bktype => $webvar{bktype}); 667 $page->param(bksrc => $webvar{bksrc}); 668 $page->param(bkuser => $webvar{bkuser}); 669 # these two could use virtually any character 670 $page->param(bkvpass => $q->escapeHTML($webvar{bkvpass})); 671 $page->param(bkepass => $q->escapeHTML($webvar{bkepass})); 672 $page->param(bkport => $webvar{bkport}); 673 } 662 674 663 675 # Yay! This now has it's very own little home. … … 682 694 return if !validateInput(); 683 695 696 ##fixme: permission check 684 697 if (!defined($webvar{privdata})) { 685 698 $webvar{privdata} = ''; … … 717 730 ); 718 731 732 ##fixme: permission check 733 # fill in backup data, if present/allowed 734 if ($webvar{backupfields}) { 735 $insert_args{backup} = 1; 736 $insert_args{bkbrand} = $webvar{bkbrand}; 737 $insert_args{bkmodel} = $webvar{bkmodel}; 738 for my $bkfield (qw(type src user vpass epass port)) { 739 $insert_args{"bk$bkfield"} = ($webvar{"bk$bkfield"} ? $webvar{"bk$bkfield"} : ''); 740 } 741 } 742 719 743 my $pinfo = getBlockData($ip_dbh, $webvar{parent}); 720 744 … … 874 898 return; 875 899 } 900 } 901 } 902 903 # Backup fields. Minimal sanity checks. 904 for my $bkfield (qw(brand model)) { 905 if ($webvar{"bk$bkfield"} && $webvar{"bk$bkfield"} !~ /^[a-zA-Z0-9\s_.-]+$/) { 906 $page->param(err => "Invalid characters in backup $bkfield"); 907 return; 908 } 909 } 910 for my $bkfield (qw(type src user)) { # no spaces in these! 911 if ($webvar{"bk$bkfield"} && $webvar{"bk$bkfield"} !~ /^[a-zA-Z0-9_.-]+$/) { 912 $page->param(err => "Invalid characters in backup $bkfield"); 913 return; 914 } 915 } 916 if ($webvar{bkport}) { 917 $webvar{bkport} =~ s/^\s+//g; 918 $webvar{bkport} =~ s/\s+$//g; 919 if ($webvar{bkport} !~ /^\d+$/) { 920 $page->param(err => "Backup port must be numeric"); 921 return; 876 922 } 877 923 }
Note:
See TracChangeset
for help on using the changeset viewer.