Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 38 additions & 18 deletions client/htdocs/delegate_zones.cgi
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@ sub main {
my $user = $nt_obj->verify_session();

if ( $user && ref $user ) {
print $q->header( -charset => "utf-8" );
print $q->header(
-charset => "utf-8",
-cookie => $nt_obj->csrf_cookie( $nt_obj->get_csrf_token() ),
%{ $nt_obj->security_headers() }
);
display( $nt_obj, $q, $user );
}
}
Expand All @@ -52,9 +56,18 @@ sub display {
if ( $q->param('cancel_delegate') ) { # do nothing
print qq[<script> window.close(); </script>];
}
elsif ( $q->param('Save') ) { do_save( $nt_obj, $q, $user ); }
elsif ( $q->param('Modify') ) { do_modify( $nt_obj, $q, $user ); }
elsif ( $q->param('Remove') ) { do_remove( $nt_obj, $q, $user ); }
elsif ( $q->param('Save') ) {
return $nt_obj->csrf_error_page() if !$nt_obj->verify_csrf();
do_save( $nt_obj, $q, $user );
}
elsif ( $q->param('Modify') ) {
return $nt_obj->csrf_error_page() if !$nt_obj->verify_csrf();
do_modify( $nt_obj, $q, $user );
}
elsif ( $q->param('Remove') ) {
return $nt_obj->csrf_error_page() if !$nt_obj->verify_csrf();
do_remove( $nt_obj, $q, $user );
}
else {
my $d = $q->param("delete") ? "delete" : '';
my $e = $q->param("edit") ? "edit" : $d;
Expand All @@ -65,11 +78,12 @@ sub display {
}

sub display_record {
my ( $title, $zone, $zr ) = @_;
my ( $nt_obj, $title, $zone, $zr ) = @_;
print qq[
<div id="delegateRecordHeadline" class="dark_bg bold">$title</div>
<div id="delegateZoneList" class="light_grey_bg"> Record(s):
<a href="zone.cgi?nt_group_id=$zone->{'nt_group_id'}&amp;nt_zone_id=$zone->{'nt_zone_id'}" target=body><img src="$NicToolClient::image_dir/zone.gif" > $zone->{'zone'}</a>
<div id="delegateZoneList" class="light_grey_bg"> Record(s):
<a href="zone.cgi?nt_group_id=$zone->{'nt_group_id'}&amp;nt_zone_id=$zone->{'nt_zone_id'}" target=body><img src="$NicToolClient::image_dir/zone.gif" > ]
. $nt_obj->esc( $zone->{'zone'} ) . qq[</a>
</div>

<table id="delegateRecordHeader" class="fat">
Expand All @@ -84,13 +98,15 @@ sub display_record {
</tr>
<tr class=light_grey_bg>
<td class="middle" style="width:25%;">
<a href="zone.cgi?nt_group_id=$zone->{'nt_group_id'}&amp;nt_zone_id=$zone->{'nt_zone_id'}&amp;nt_zone_record_id=$zr->{'nt_zone_record_id'}&amp;edit_record=1" target=body><img src="$NicToolClient::image_dir/r_record.gif" alt="record"> $zr->{'name'} </a>
<a href="zone.cgi?nt_group_id=$zone->{'nt_group_id'}&amp;nt_zone_id=$zone->{'nt_zone_id'}&amp;nt_zone_record_id=$zr->{'nt_zone_record_id'}&amp;edit_record=1" target=body><img src="$NicToolClient::image_dir/r_record.gif" alt="record"> ]
. $nt_obj->esc( $zr->{'name'} )
. qq[ </a>
</td>
<td> $zr->{'type'}</td>
<td> $zr->{'address'}</td>
<td> $zr->{'ttl'}</td>
<td> $zr->{'weight'}</td>
<td class="fat"> $zr->{'description'} </td>
<td> ] . $nt_obj->esc( $zr->{'type'} ) . qq[</td>
<td> ] . $nt_obj->esc( $zr->{'address'} ) . qq[</td>
<td> ] . $nt_obj->esc( $zr->{'ttl'} ) . qq[</td>
<td> ] . $nt_obj->esc( $zr->{'weight'} ) . qq[</td>
<td class="fat"> ] . $nt_obj->esc( $zr->{'description'} ) . qq[ </td>
</tr>
</table>
];
Expand Down Expand Up @@ -131,7 +147,9 @@ sub delegate_zones {
#TODO handle 600 error where object is already delegated
my $dzone = join(
', ',
map(qq[<a href="zone.cgi?nt_group_id=$_->{'nt_group_id'}&amp;nt_zone_id=$_->{'nt_zone_id'}" target=body> <img src="$NicToolClient::image_dir/zone.gif" alt="zone"> $_->{'zone'} </a>],
map(qq[<a href="zone.cgi?nt_group_id=$_->{'nt_group_id'}&amp;nt_zone_id=$_->{'nt_zone_id'}" target=body> <img src="$NicToolClient::image_dir/zone.gif" alt="zone"> ]
. $nt_obj->esc( $_->{'zone'} )
. qq[ </a>],
@$zones )
);

Expand All @@ -150,7 +168,7 @@ sub delegate_zones {

$nt_obj->display_nice_error( $message, "Delegate Zone Records" )
if $message;
display_record( $title, $zone, $zr );
display_record( $nt_obj, $title, $zone, $zr );
}

if ( !$edit ) {
Expand Down Expand Up @@ -182,7 +200,7 @@ sub delegate_zones {
-method => 'POST',
-name => $edit
),
"\n",
$nt_obj->csrf_hidden_field(), "\n",
$q->hidden(
-name => 'obj_list',
-value => join( ',', $q->multi_param('obj_list') ),
Expand Down Expand Up @@ -214,10 +232,12 @@ sub delegate_zones {
<tr class="light_grey_bg"><td>Group</td><td>Delegated By</td></tr>
<tr class="light_grey_bg">
<td class="nowrap middle">
<a href="group.cgi?nt_group_id=$del->{'nt_group_id'}"><img src="$NicToolClient::image_dir/group.gif">$del->{'group_name'}</a>
<a href="group.cgi?nt_group_id=$del->{'nt_group_id'}"><img src="$NicToolClient::image_dir/group.gif">]
. $nt_obj->esc( $del->{'group_name'} ) . qq[</a>
</td>
<td class="nowrap middle">
<a href="user.cgi?nt_user_id=$del->{'delegated_by_id'}"><img src="$NicToolClient::image_dir/user.gif"> $del->{'delegated_by_name'}</a>
<a href="user.cgi?nt_user_id=$del->{'delegated_by_id'}"><img src="$NicToolClient::image_dir/user.gif"> ]
. $nt_obj->esc( $del->{'delegated_by_name'} ) . qq[</a>
</td>
</tr>
</table>
Expand Down
35 changes: 23 additions & 12 deletions client/htdocs/group.cgi
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ sub main {

return if !$user || !ref $user;

print $q->header( -charset => "utf-8" );
print $q->header(
-charset => "utf-8",
-cookie => $nt_obj->csrf_cookie( $nt_obj->get_csrf_token() ),
%{ $nt_obj->security_headers() }
);
display( $nt_obj, $q, $user );
}

Expand All @@ -54,9 +58,11 @@ sub display {

my $error;
if ( $q->param('new') && $q->param('Create') ) {
return $nt_obj->csrf_error_page() if !$nt_obj->verify_csrf();
$error = _display_new_group( $nt_obj, $q, \@fields );
}
elsif ( $q->param('edit') && $q->param('Save') ) {
return $nt_obj->csrf_error_page() if !$nt_obj->verify_csrf();
$error = _display_edit_group( $nt_obj, $q, \@fields );
}

Expand Down Expand Up @@ -97,7 +103,7 @@ sub display {
}
}

if ( $q->param('delete') ) {
if ( $q->param('delete') && $nt_obj->verify_csrf() ) {
my $rv = $nt_obj->delete_group( nt_group_id => scalar( $q->param('delete') ) );
$nt_obj->display_nice_error( $rv, "Delete Group" )
if $rv->{'error_code'} != 200;
Expand Down Expand Up @@ -150,9 +156,8 @@ sub display_zone_search {
print qq[
<table class="fat">
<tr class=dark_grey_bg><td><table class="no_pad fat">
<tr> ],
$q->start_form( -action => 'group.cgi', -method => 'POST' ),
$q->hidden( -name => 'nt_group_id' ),
<tr> ], $q->start_form( -action => 'group.cgi', -method => 'POST' ),
$nt_obj->csrf_hidden_field(), $q->hidden( -name => 'nt_group_id' ),
qq[ <td> ], $q->textfield( -name => 'search_value', -size => 30, -override => 1 ),
$q->hidden(
-name => 'quick_search',
Expand Down Expand Up @@ -213,7 +218,7 @@ sub display_group_list {
if $rv->{'error_code'} != 200;

my $groups = $rv->{'groups'};
my $map = $rv->{'group_map'};
my $map = ref $rv->{'group_map'} eq 'HASH' ? $rv->{'group_map'} : {};

$nt_obj->display_search_rows( $q, $rv, \%params, $cgi, ['nt_group_id'], $include_subgroups );

Expand All @@ -239,8 +244,10 @@ sub display_group_list {
my $gname = $group->{'name'} . "'s";
my $dname = join(
' / ',
map( qq[<a href="group.cgi?nt_group_id=$_->{'nt_group_id'}">$_->{'name'}</a>],
( @{ $map->{$ggid} },
map( qq[<a href="group.cgi?nt_group_id=$_->{'nt_group_id'}">]
. $nt_obj->esc( $_->{'name'} )
. qq[</a>],
( @{ $map->{$ggid} || [] },
{ nt_group_id => $ggid,
name => $group->{'name'}
}
Expand All @@ -259,15 +266,16 @@ sub display_group_list {
my $hname = join(
' / ',
map( $_->{'name'},
( @{ $map->{ $group->{'nt_group_id'} } },
( @{ $map->{ $group->{'nt_group_id'} } || [] },
{ nt_group_id => $group->{'nt_group_id'},
name => $group->{'name'}
}
) )
);
my $js_hname = $nt_obj->esc( $nt_obj->js_escape($hname) );
print qq[
<li class="center first">
<a href="group.cgi?nt_group_id=$gid&amp;delete=$ggid" onClick="return confirm('Delete $hname and all associated data?');"><img src="$NicToolClient::image_dir/trash.gif" alt="trash"></a></li>];
<a href="group.cgi?nt_group_id=$gid&amp;delete=$ggid&amp;csrf_token=] . $nt_obj->get_csrf_token() . qq[" onClick="return confirm('Delete $js_hname and all associated data?');"><img src="$NicToolClient::image_dir/trash.gif" alt="trash"></a></li>];
}
else {
print qq[
Expand Down Expand Up @@ -346,6 +354,7 @@ sub display_edit {
-method => 'POST',
-name => 'perms_form'
),
$nt_obj->csrf_hidden_field(),
$q->hidden( -name => $edit );
if ( $edit eq 'new' ) {
$q->hidden( -name => 'parent_group_id' );
Expand All @@ -358,7 +367,7 @@ sub display_edit {
}

my $action = 'View';
my $name = qq[<b>$data->{'name'}</b>];
my $name = qq[<b>] . $nt_obj->esc( $data->{'name'} ) . qq[</b>];

if ($modifyperm) {
$action = ucfirst($edit);
Expand Down Expand Up @@ -407,7 +416,9 @@ sub display_edit {

foreach ( keys %nsmap ) {
my $ns = $nt_obj->get_nameserver( nt_nameserver_id => $_ );
print "<li>$ns->{'description'} ($ns->{'name'})<BR>";
print "<li>"
. $nt_obj->esc( $ns->{'description'} ) . " ("
. $nt_obj->esc( $ns->{'name'} ) . ")<BR>";
}

print qq[
Expand Down
20 changes: 14 additions & 6 deletions client/htdocs/group_log.cgi
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,11 @@ sub main {
if ( $q->param('redirect') ) {
$message = $nt_obj->redirect_from_log($q);
}
print $q->header( -charset => "utf-8" );
print $q->header(
-charset => "utf-8",
-cookie => $nt_obj->csrf_cookie( $nt_obj->get_csrf_token() ),
%{ $nt_obj->security_headers() }
);
display( $nt_obj, $q, $user, $message );
}
}
Expand Down Expand Up @@ -185,8 +189,10 @@ sub display_log {
<td>],
join(
' / ',
map( qq[<a href="group.cgi?nt_group_id=$_->{'nt_group_id'}">$_->{'name'}</a>],
( @{ $map->{ $row->{'nt_group_id'} } },
map( qq[<a href="group.cgi?nt_group_id=$_->{'nt_group_id'}">]
. $nt_obj->esc( $_->{'name'} )
. qq[</a>],
( @{ $map->{ $row->{'nt_group_id'} } || [] },
{ nt_group_id => $row->{'nt_group_id'},
name => $row->{'group_name'}
}
Expand All @@ -203,7 +209,9 @@ sub display_log {
<table class="no_pad">
<tr>
<td><img src="$NicToolClient::image_dir/user.gif"></td>
<td><a href="user.cgi?nt_group_id=$row->{'nt_group_id'}&amp;nt_user_id=$row->{'nt_user_id'}">$row->{'user'}</a></td>
<td><a href="user.cgi?nt_group_id=$row->{'nt_group_id'}&amp;nt_user_id=$row->{'nt_user_id'}">]
. $nt_obj->esc( $row->{'user'} )
. qq[</a></td>
</tr>
</table>
</td>];
Expand All @@ -221,13 +229,13 @@ sub display_log {
<table class="no_pad">
<tr>
<td><a href="$url"><img src="$NicToolClient::image_dir/$map->{ $row->{'object'} }->{'image'}" alt=""></a></td>
<td><a href="$url">$row->{'title'}</a></td>
<td><a href="$url">] . $nt_obj->esc( $row->{'title'} ) . qq[</a></td>
</tr>
</table>
</td>];
}
else {
print "\n <td>$row->{$_}</td>";
print "\n <td>" . $nt_obj->esc( $row->{$_} ) . "</td>";
}
}
print "\n </tr>";
Expand Down
Loading