From d1ba8c934978e24617e6ba8614a6e607192f1fe0 Mon Sep 17 00:00:00 2001 From: ftimme <ft@falkotimme.com> Date: Tue, 06 Dec 2005 09:30:59 -0500 Subject: [PATCH] --- interface/web/dns/soa_edit.php | 6 ++++++ interface/web/dns/rr_del.php | 5 ++++- interface/web/dns/soa_del.php | 5 ++++- interface/lib/classes/tform.inc.php | 4 ++-- interface/web/dns/rr_edit.php | 7 +++++++ interface/lib/classes/validate_dns.inc.php | 2 +- interface/web/dns/form/soa.tform.php | 2 +- interface/web/dns/form/rr.tform.php | 2 +- 8 files changed, 26 insertions(+), 7 deletions(-) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 91359a3..6a8d7bd 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -855,10 +855,10 @@ $result = false; if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true; if($this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true; - if(@stristr($perm,$this->formDef["auth_preset"]["perm_other"])) $result = true; + if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true; // if preset == 0, everyone can insert a record of this type - if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($perm,$this->formDef["auth_preset"]["perm_user"] OR @stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true; + if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true; return $result; diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php index c556da7..a161510 100644 --- a/interface/lib/classes/validate_dns.inc.php +++ b/interface/lib/classes/validate_dns.inc.php @@ -103,7 +103,7 @@ if(substr($field, -1) == '.'){ if($i > 2 && $empty > 1) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n"; } else { - if($empty > 0) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n"; + if($empty > 0 && $field != '') $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n"; } if(substr($field, -1) == '.' && $area == 'Name'){ diff --git a/interface/web/dns/form/rr.tform.php b/interface/web/dns/form/rr.tform.php index e9af990..21beaca 100644 --- a/interface/web/dns/form/rr.tform.php +++ b/interface/web/dns/form/rr.tform.php @@ -42,7 +42,7 @@ $form["db_history"] = "yes"; $form["tab_default"] = "rr"; $form["list_default"] = "rr_list.php"; -$form["auth"] = 'no'; // yes / no +$form["auth"] = 'yes'; // yes / no $form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user $form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user diff --git a/interface/web/dns/form/soa.tform.php b/interface/web/dns/form/soa.tform.php index ca23e19..5f3f3ba 100644 --- a/interface/web/dns/form/soa.tform.php +++ b/interface/web/dns/form/soa.tform.php @@ -42,7 +42,7 @@ $form["db_history"] = "yes"; $form["tab_default"] = "soa"; $form["list_default"] = "soa_list.php"; -$form["auth"] = 'no'; // yes / no +$form["auth"] = 'yes'; // yes / no $form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user $form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user diff --git a/interface/web/dns/rr_del.php b/interface/web/dns/rr_del.php index d90001f..e06ff84 100644 --- a/interface/web/dns/rr_del.php +++ b/interface/web/dns/rr_del.php @@ -56,7 +56,10 @@ function onDelete() { global $app, $conf; - $rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']); + $app->uses('tform'); + if(!$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed'); + + //$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']); $zone_id = $rr['zone']; // update serial diff --git a/interface/web/dns/rr_edit.php b/interface/web/dns/rr_edit.php index 3331116..00da24f 100644 --- a/interface/web/dns/rr_edit.php +++ b/interface/web/dns/rr_edit.php @@ -53,9 +53,16 @@ class page_action extends tform_actions { + function onSubmit() { global $app, $conf; + if($this->dataRecord['id'] > 0){ + if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed'); + } else { + if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed'); + } + $this->dataRecord["zone"] = $_SESSION['s']['list']['rr']['parent_id']; $app->uses('validate_dns'); diff --git a/interface/web/dns/soa_del.php b/interface/web/dns/soa_del.php index 9d84e32..06560f5 100644 --- a/interface/web/dns/soa_del.php +++ b/interface/web/dns/soa_del.php @@ -56,9 +56,12 @@ function onDelete() { global $app, $conf; + $app->uses('tform'); + if(!$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed'); + // PTR if($conf['auto_create_ptr'] == 1 && trim($conf['default_ns']) != '' && trim($conf['default_mbox']) != ''){ - $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']); + //$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']); $rrs = $app->db->queryAllRecords("SELECT * FROM rr WHERE zone = '".$_REQUEST['id']."' AND (type = 'A' OR type = 'AAAA')"); if(!empty($rrs)){ foreach($rrs as $rr){ diff --git a/interface/web/dns/soa_edit.php b/interface/web/dns/soa_edit.php index 5ad043c..7c54670 100644 --- a/interface/web/dns/soa_edit.php +++ b/interface/web/dns/soa_edit.php @@ -56,6 +56,12 @@ function onSubmit() { global $app, $conf; + if($this->dataRecord['id'] > 0){ + if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed'); + } else { + if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed'); + } + $app->uses('validate_dns'); $app->tform->errorMessage .= $app->validate_dns->validate_soa($this->dataRecord); -- Gitblit v1.9.1