From d1ba8c934978e24617e6ba8614a6e607192f1fe0 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 06 Dec 2005 09:30:59 -0500
Subject: [PATCH] 

---
 interface/web/dns/soa_edit.php             |    6 ++++++
 interface/web/dns/rr_del.php               |    5 ++++-
 interface/web/dns/soa_del.php              |    5 ++++-
 interface/lib/classes/tform.inc.php        |    4 ++--
 interface/web/dns/rr_edit.php              |    7 +++++++
 interface/lib/classes/validate_dns.inc.php |    2 +-
 interface/web/dns/form/soa.tform.php       |    2 +-
 interface/web/dns/form/rr.tform.php        |    2 +-
 8 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 91359a3..6a8d7bd 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -855,10 +855,10 @@
                         $result = false;
                         if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true;
                         if($this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;
-                        if(@stristr($perm,$this->formDef["auth_preset"]["perm_other"])) $result = true;
+                        if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true;
 
                         // if preset == 0, everyone can insert a record of this type
-                        if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($perm,$this->formDef["auth_preset"]["perm_user"] OR @stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;
+                        if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true;
 
                         return $result;
 
diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php
index c556da7..a161510 100644
--- a/interface/lib/classes/validate_dns.inc.php
+++ b/interface/lib/classes/validate_dns.inc.php
@@ -103,7 +103,7 @@
   if(substr($field, -1) == '.'){
     if($i > 2 && $empty > 1) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
   } else {
-    if($empty > 0) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
+    if($empty > 0 && $field != '') $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
   }
 
   if(substr($field, -1) == '.' && $area == 'Name'){
diff --git a/interface/web/dns/form/rr.tform.php b/interface/web/dns/form/rr.tform.php
index e9af990..21beaca 100644
--- a/interface/web/dns/form/rr.tform.php
+++ b/interface/web/dns/form/rr.tform.php
@@ -42,7 +42,7 @@
 $form["db_history"]                = "yes";
 $form["tab_default"]        = "rr";
 $form["list_default"]        = "rr_list.php";
-$form["auth"]                        = 'no';  // yes / no
+$form["auth"]                        = 'yes';  // yes / no
 
 $form["auth_preset"]["userid"]  = 0; // 0 = id of the user, > 0 id must match with id of current user
 $form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
diff --git a/interface/web/dns/form/soa.tform.php b/interface/web/dns/form/soa.tform.php
index ca23e19..5f3f3ba 100644
--- a/interface/web/dns/form/soa.tform.php
+++ b/interface/web/dns/form/soa.tform.php
@@ -42,7 +42,7 @@
 $form["db_history"]                = "yes";
 $form["tab_default"]        = "soa";
 $form["list_default"]        = "soa_list.php";
-$form["auth"]                        = 'no'; // yes / no
+$form["auth"]                        = 'yes'; // yes / no
 
 $form["auth_preset"]["userid"]  = 0; // 0 = id of the user, > 0 id must match with id of current user
 $form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
diff --git a/interface/web/dns/rr_del.php b/interface/web/dns/rr_del.php
index d90001f..e06ff84 100644
--- a/interface/web/dns/rr_del.php
+++ b/interface/web/dns/rr_del.php
@@ -56,7 +56,10 @@
         function onDelete() {
                 global $app, $conf;
 
-                $rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
+                $app->uses('tform');
+                if(!$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
+
+                //$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
                 $zone_id = $rr['zone'];
 
                 // update serial
diff --git a/interface/web/dns/rr_edit.php b/interface/web/dns/rr_edit.php
index 3331116..00da24f 100644
--- a/interface/web/dns/rr_edit.php
+++ b/interface/web/dns/rr_edit.php
@@ -53,9 +53,16 @@
 
 class page_action extends tform_actions {
 
+
         function onSubmit() {
                 global $app, $conf;
 
+                if($this->dataRecord['id'] > 0){
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed');
+                } else {
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed');
+                }
+
                 $this->dataRecord["zone"] = $_SESSION['s']['list']['rr']['parent_id'];
 
                 $app->uses('validate_dns');
diff --git a/interface/web/dns/soa_del.php b/interface/web/dns/soa_del.php
index 9d84e32..06560f5 100644
--- a/interface/web/dns/soa_del.php
+++ b/interface/web/dns/soa_del.php
@@ -56,9 +56,12 @@
         function onDelete() {
                 global $app, $conf;
 
+                $app->uses('tform');
+                if(!$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
+
                 // PTR
                 if($conf['auto_create_ptr'] == 1 && trim($conf['default_ns']) != '' && trim($conf['default_mbox']) != ''){
-                  $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']);
+                  //$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']);
                   $rrs = $app->db->queryAllRecords("SELECT * FROM rr WHERE zone = '".$_REQUEST['id']."' AND (type = 'A' OR type = 'AAAA')");
                   if(!empty($rrs)){
                     foreach($rrs as $rr){
diff --git a/interface/web/dns/soa_edit.php b/interface/web/dns/soa_edit.php
index 5ad043c..7c54670 100644
--- a/interface/web/dns/soa_edit.php
+++ b/interface/web/dns/soa_edit.php
@@ -56,6 +56,12 @@
         function onSubmit() {
                 global $app, $conf;
 
+                if($this->dataRecord['id'] > 0){
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed');
+                } else {
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed');
+                }
+
                 $app->uses('validate_dns');
                 $app->tform->errorMessage .= $app->validate_dns->validate_soa($this->dataRecord);
 

--
Gitblit v1.9.1