Commit d1ba8c93 authored by Falko Timme's avatar Falko Timme
Browse files

No commit message

No commit message
parent 2d368b79
......@@ -855,10 +855,10 @@ class tform {
$result = false;
if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true;
if($this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;
if(@stristr($perm,$this->formDef["auth_preset"]["perm_other"])) $result = true;
if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true;
// if preset == 0, everyone can insert a record of this type
if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($perm,$this->formDef["auth_preset"]["perm_user"] OR @stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;
if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true;
return $result;
......
......@@ -103,7 +103,7 @@ function validate_field($field, $area, $zoneid, $wildcard_allowed = 1){
if(substr($field, -1) == '.'){
if($i > 2 && $empty > 1) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
} else {
if($empty > 0) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
if($empty > 0 && $field != '') $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
}
if(substr($field, -1) == '.' && $area == 'Name'){
......
......@@ -42,7 +42,7 @@ $form["db_table_idx"] = "id";
$form["db_history"] = "yes";
$form["tab_default"] = "rr";
$form["list_default"] = "rr_list.php";
$form["auth"] = 'no'; // yes / no
$form["auth"] = 'yes'; // yes / no
$form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user
$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
......
......@@ -42,7 +42,7 @@ $form["db_table_idx"] = "id";
$form["db_history"] = "yes";
$form["tab_default"] = "soa";
$form["list_default"] = "soa_list.php";
$form["auth"] = 'no'; // yes / no
$form["auth"] = 'yes'; // yes / no
$form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user
$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
......
......@@ -56,7 +56,10 @@ class page_action extends tform_actions {
function onDelete() {
global $app, $conf;
$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
$app->uses('tform');
if(!$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
//$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
$zone_id = $rr['zone'];
// update serial
......
......@@ -53,9 +53,16 @@ $app->load('tform_actions');
class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
if($this->dataRecord['id'] > 0){
if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed');
} else {
if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed');
}
$this->dataRecord["zone"] = $_SESSION['s']['list']['rr']['parent_id'];
$app->uses('validate_dns');
......
......@@ -56,9 +56,12 @@ class page_action extends tform_actions {
function onDelete() {
global $app, $conf;
$app->uses('tform');
if(!$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
// PTR
if($conf['auto_create_ptr'] == 1 && trim($conf['default_ns']) != '' && trim($conf['default_mbox']) != ''){
$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']);
//$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']);
$rrs = $app->db->queryAllRecords("SELECT * FROM rr WHERE zone = '".$_REQUEST['id']."' AND (type = 'A' OR type = 'AAAA')");
if(!empty($rrs)){
foreach($rrs as $rr){
......
......@@ -56,6 +56,12 @@ class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
if($this->dataRecord['id'] > 0){
if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed');
} else {
if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed');
}
$app->uses('validate_dns');
$app->tform->errorMessage .= $app->validate_dns->validate_soa($this->dataRecord);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment