Apache-DnsZone
view release on metacpan or search on metacpan
lib/Apache/DnsZone.pm view on Meta::CPAN
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# check dom_id
my $dom_id = apr()->param('dom_id');
($dom_id) = ($dom_id =~ /(\d+)/)[0];
if ($dom_id !~ /^\d+$/) {
$r->log_reason("User didn't supply a domain id for this request or tried to fake it");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# is uid owner of dom_id
my ($domain, $domain_owner_id) = $dbh->domain_stat($dom_id);
unless (defined($domain_owner_id) && $uid == $domain_owner_id) {
$r->log_reason("User trying to hijack another domain");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# check for record_id & type
unless (apr()->param('type')) {
$r->log_reason("No type specified for edit");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
my $type = uc apr()->param('type');
($type) = ($type =~ /(\w+)/)[0];
if ($type !~ /^\w+$/ || $type =~ /^SOA$/i) {
$r->log_reason("User tried to supply bogus type data");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
my $record_id = apr()->param('record_id') if apr()->param('record_id');
($record_id) = ($record_id =~ /(\d+)/)[0];
if ($record_id !~ /^\d+$/) {
$r->log_reason("User didn't supply a record id for this request or tried to fake it");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# check for rec_lock
# and at the same time if UID = owner of record
my $rec_lock = 0;
for ($type) {
if (/^A$/) { ($rec_lock) = $dbh->get_lock_A($dom_id, $record_id); }
elsif (/^AAAA$/) { ($rec_lock) = $dbh->get_lock_AAAA($dom_id, $record_id); }
elsif (/^CNAME$/) { ($rec_lock) = $dbh->get_lock_CNAME($dom_id, $record_id); }
elsif (/^MX$/) { ($rec_lock) = $dbh->get_lock_MX($dom_id, $record_id); }
elsif (/^NS$/) { ($rec_lock) = $dbh->get_lock_NS($dom_id, $record_id); }
elsif (/^PTR$/) { ($rec_lock) = $dbh->get_lock_PTR($dom_id, $record_id); }
elsif (/^TXT$/) { ($rec_lock) = $dbh->get_lock_TXT($dom_id, $record_id); }
else { $rec_lock = 1; }
}
if ($rec_lock) {
$r->log_reason("User tried to delete a locked record");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
if (apr()->param('button') && lc(apr()->param('button')) eq lc($lang{'SUBMIT'})) {
Debug(5, qq{This is a submit of delete_record request});
for ($type) {
if (/^A$/) {
if (dns_del_A($dom_id, $record_id)) {
Debug(5, qq{dns_delete_A succeded\n});
} else {
Debug(5, qq{dns_delete_A failed\n});
}
}
elsif (/^AAAA$/) {
if (dns_del_AAAA($dom_id, $record_id)) {
Debug(5, qq{dns_delete_AAAA succeded\n});
} else {
Debug(5, qq{dns_delete_AAAA failed\n});
}
}
elsif (/^CNAME$/) {
if (dns_del_CNAME($dom_id, $record_id)) {
Debug(5, qq{dns_delete_CNAME succeded\n});
} else {
Debug(5, qq{dns_delete_CNAME failed\n});
}
}
elsif (/^MX$/) {
if (dns_del_MX($dom_id, $record_id)) {
Debug(5, qq{dns_delete_MX succeded\n});
} else {
Debug(5, qq{dns_delete_MX failed\n});
}
}
elsif (/^NS$/) {
if (dns_del_NS($dom_id, $record_id)) {
Debug(5, qq{dns_delete_NS succeded\n});
} else {
Debug(5, qq{dns_delete_NS failed\n});
}
}
if (/^PTR$/) {
if (dns_del_PTR($dom_id, $record_id)) {
Debug(5, qq{dns_delete_PTR succeded\n});
} else {
Debug(5, qq{dns_delete_PTR failed\n});
}
}
elsif (/^TXT$/) {
if (dns_del_TXT($dom_id, $record_id)) {
Debug(5, qq{dns_delete_TXT succeded\n});
} else {
Debug(5, qq{dns_delete_TXT failed\n});
}
}
}
output_redirect($r, 1, qq{/admin?action=view&dom_id=$dom_id});
lib/Apache/DnsZone.pm view on Meta::CPAN
}
# check dom_id
my $dom_id = apr()->param('dom_id');
($dom_id) = ($dom_id =~ /(\d+)/)[0];
if ($dom_id !~ /^\d+$/) {
$r->log_reason("User didn't supply a domain id for this request or tried to fake it");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# is uid owner of dom_id
my ($domain, $domain_owner_id) = $dbh->domain_stat($dom_id);
unless (defined($domain_owner_id) && $uid == $domain_owner_id) {
$r->log_reason("User trying to hijack another domain");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# check for record_id & type
unless (apr()->param('type')) {
$r->log_reason("No type specified for edit");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
my $type = uc apr()->param('type');
($type) = ($type =~ /(\w+)/)[0];
if ($type !~ /^\w+$/) {
$r->log_reason("User tried to supply bogus type data");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# now only if it's a SOA it's okay not to have a record_id - record_id is equal to dom_id
my $record_id = apr()->param('record_id') if apr()->param('record_id');
$record_id = $dom_id if $type eq 'SOA';
($record_id) = ($record_id =~ /(\d+)/)[0];
if ($record_id !~ /^\d+$/) {
$r->log_reason("User didn't supply a record id for this request or tried to fake it");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
# check for rec_lock
# and at the same time if UID = owner of record
my $rec_lock = 0;
for ($type) {
if (/^SOA$/) { ($rec_lock) = $dbh->get_lock_SOA($dom_id); }
elsif (/^A$/) { ($rec_lock) = $dbh->get_lock_A($dom_id, $record_id); }
elsif (/^AAAA$/) { ($rec_lock) = $dbh->get_lock_AAAA($dom_id, $record_id); }
elsif (/^CNAME$/) { ($rec_lock) = $dbh->get_lock_CNAME($dom_id, $record_id); }
elsif (/^MX$/) { ($rec_lock) = $dbh->get_lock_MX($dom_id, $record_id); }
elsif (/^NS$/) { ($rec_lock) = $dbh->get_lock_NS($dom_id, $record_id); }
elsif (/^PTR$/) { ($rec_lock) = $dbh->get_lock_PTR($dom_id, $record_id); }
elsif (/^TXT$/) { ($rec_lock) = $dbh->get_lock_TXT($dom_id, $record_id); }
else { $rec_lock = 1; }
}
if ($rec_lock) {
$r->log_reason("User tried to change a locked record");
output_redirect($r, 1, '/admin');
$dbh->close();
return REDIRECT;
}
if (apr()->param('button') && lc(apr()->param('button')) eq lc($lang{'SUBMIT'})) {
Debug(5, qq{This is a submit of edit_record request});
for ($type) {
if (/^SOA$/) {
my $soa_email = apr()->param('soa_email');
my $refresh = apr()->param('refresh');
my $retry = apr()->param('retry');
my $expire = apr()->param('expire');
my $default_ttl = apr()->param('default_ttl');
my $all_set = 1;
if (!(check_ttl($refresh) && check_ttl($retry) && check_ttl($expire) && check_ttl($default_ttl))) {
$all_set = 0;
}
if (!($soa_email = check_email($soa_email))) {
$all_set = 0;
}
if ($soa_email =~ /\..*?\@/) {
# is there a dot before the @ => invalid for a soa email
$all_set = 0;
}
if ($all_set) {
my $serial = get_serial_from_zone($dom_id);
$serial++;
$soa_email =~ s/\@/\./;
if (is_updated_SOA($dom_id, $soa_email, $refresh, $retry, $expire, $default_ttl)) {
if (dns_update_SOA($dom_id, $serial, $soa_email, $refresh, $retry, $expire, $default_ttl)) {
Debug(2, qq{dns_update_SOA succeded\n});
} else {
Debug(2, qq{dns_update_SOA failed\n});
}
} else {
Debug(2, qq{Dns record not changed so not updated\n});
}
} else {
my $tpl = new CGI::FastTemplate($cfg->{'cfg'}->{DnsZoneTemplateDir});
$tpl->define(layout => 'layout.tpl', menu => 'menu.tpl');
$tpl->assign(%lang);
$tpl->assign(DEBUG => '');
if ($dbh->get_domain_count($uid) == 1) {
$tpl->assign(ADDITIONAL_MENU => '');
} else {
$tpl->assign(ADDITIONAL_MENU => qq{<a href="/admin?action=default">$lang{LIST_DOMAIN}</a> | });
}
my $page_title = $lang{PAGE_EDIT};
$page_title =~ s/\$record/$type/;
$page_title =~ s/\$domain/$domain/;
$tpl->assign(TITLE => $page_title);
$tpl->define(record => 'soa/edit.tpl');
$tpl->assign(ADMIN_EMAIL_VALUE => encode_entities(apr()->param('soa_email')));
$tpl->assign(REFRESH_VALUE => encode_entities(apr()->param('refresh')));
$tpl->assign(RETRY_VALUE => encode_entities(apr()->param('retry')));
( run in 0.503 second using v1.01-cache-2.11-cpan-5735350b133 )