formulaire ++, debug MX, securité concernant les entrées

2014-01-25 14:08:01 +01:00 · 2014-01-25 14:08:01 +01:00 · 529130953b
commit 529130953b
parent b556491b72
3 changed files with 141 additions and 81 deletions
--- a/app/zone/edit.pm
+++ b/app/zone/edit.pm
@ -77,6 +77,7 @@ sub update {
 sub update_raw {
    my ($self, $zonetext) = @_;
    my $zonefile;
    my $file = '/tmp/'.$self->zname;
    # write the updated zone file to disk 
@ -85,10 +86,17 @@ sub update_raw {
    print $newzone $zonetext;
    close $newzone;
-    my $zonefile = DNS::ZoneParse->new($file, $self->zname);
+    eval { $zonefile = DNS::ZoneParse->new($file, $self->zname); };
    if( $@ ) {
        unlink($file);
        0;
    }
    unlink($file);
    $self->update($zonefile);
    1;
 }
 # sera utile plus tard, pour l'interface
--- a/www/lib/DNSManager.pm
+++ b/www/lib/DNSManager.pm
@ -136,7 +136,7 @@ prefix '/domain' => sub {
            my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
                param('password') );
-            $app->update_domain_raw(session('login')
+            my $success = $app->update_domain_raw(session('login')
                , param('zoneupdated')
                , param('domain'));
@ -156,6 +156,7 @@ prefix '/domain' => sub {
            my $name  = param('name');
            my $value = param('value');
            my $ttl   = param('ttl');
            my $priority   = param('priority');
            my $app = initco();
            my ($auth_ok, $user, $isadmin) = $app->auth(param('login'),
@ -164,61 +165,72 @@ prefix '/domain' => sub {
            given( $type )
            {
-				when ('A') { my $a=$zone->a();
+                when ('A') { 
-				             push( @$a, {name  => $name,
+                    my $a = $zone->a();
-				                         class => "IN",
+                    push( @$a, {name  => $name
-				                         host  => $value,
+                            , class => "IN"
-				                         ttl   => $ttl,
+                            , host  => $value
-				                         ORIGIN => $zone->origin} );
+                            , ttl   => $ttl
                            , ORIGIN => $zone->origin} );
                }
-				when ('AAAA') { my $aaaa=$zone->aaaa;
+                when ('AAAA') { 
-				                push(@$aaaa, {name  => $name,
+                    my $aaaa = $zone->aaaa;
-				                              class => "IN",
+                    push(@$aaaa, {name  => $name
-				                              host  => $value,
+                            , class => "IN"
-				                              ttl   => $ttl,
+                            , host  => $value
-                                              ORIGIN => $zone->origin} );
+                            , ttl   => $ttl
                            , ORIGIN => $zone->origin} );
                }
-				when ('CNAME') { my $cname=$zone->cname;
+                when ('CNAME') { 
                    my $cname = $zone->cname;
                    push(@$cname,
-                                      {name  => $name,
+                        {name  => $name
-				                       class => "IN",
+                            , class => "IN"
-				                       host  => $value,
+                            , host  => $value
-				                       ttl   => $ttl,
+                            , ttl   => $ttl
-                                       ORIGIN => $zone->origin} );
+                            , ORIGIN => $zone->origin} );
                }
-				when ('MX') { my $ptr=$zone->ptr;
+                when ('MX') { 
-				              push(@$ptr, {name  => $name,
+                    my $mx = $zone->mx;
-				                           class => "IN",
+                    push(@$mx, { name  => $name
-				                           host  => $value,
+                            , class => "IN"
-				                           ttl   => $ttl,
+                            , host  => $value
-                                           ORIGIN => $zone->origin} );
+                            , priority  => $priority
                            , ttl   => $ttl
                            , ORIGIN => $zone->origin} );
                }
-				when ('PTR') { my $ptr=$zone->ptr;
+                when ('PTR') { 
-				               push(@$ptr, {name  => $name,
+                    my $ptr = $zone->ptr;
-				                           class => "IN",
+                    push(@$ptr, {name  => $name
-				                           host  => $value,
+                            , class => "IN"
-				                           ttl   => $ttl,
+                            , host  => $value
-                                           ORIGIN => $zone->origin} );
+                            , ttl   => $ttl
                            , ORIGIN => $zone->origin} );
                }
-				when ('NS') { my $ns=$zone->ns;
+                when ('NS') { 
-				               push(@$ns, {name  => $name,
+                    my $ns = $zone->ns;
-				                           class => "IN",
+                    push(@$ns, {name  => $name
-				                           host  => $value,
+                            , class => "IN"
-				                           ttl   => $ttl,
+                            , host  => $value
-                                           ORIGIN => $zone->origin} );
+                            , ttl   => $ttl
                            , ORIGIN => $zone->origin} );
                }
            }
            $zone->new_serial();
            my $cfg = new Config::Simple(dirname(__FILE__).'/../conf/config.ini');
-			my $ed = app::zone::edit->new(zdir=>$cfg->param('zones_path'), zname => param('domain'));
+            my $ed = app::zone::edit->new(zdir=>$cfg->param('zones_path')
                , zname => param('domain'));
            $ed->update($zone);
            redirect '/domain/details/'.param('domain');
        }
    };
--- a/www/views/details.tt
+++ b/www/views/details.tt
@ -87,13 +87,24 @@
 		</table>
 		<a href='/domain/details/<% domain %>?expert=1'><button type="button" class="btn btn-primary">Visualisation en mode expert</button></a>
 		<br /><br />
-		Ajouter un enregistrement : <br />
+                <hr />
-		<form action='/domain/update/<% domain %>' method='post' >
+                <form class="form-horizontal" role="form" action='/domain/update/<% domain %>' method='post' >
-			<label for="name">Nom : </label><input type="text" name="name" />
+                    <fieldset>
-			<label for="type">Type : </label><select name="type" id="type" >
+                        <legend>Ajout d'un enregistrement</legend>
                        <div class="form-group">
                            <label for="name" class="col-sm-2 control-label">Nom</label>
                            <div class="col-sm-3">
                                <input type="text" id="name" name="name" class="form-control" placeholder="www">
                            </div>
                        </div>
                        <div class="form-group">
                            <label for="type" class="col-sm-2 control-label">Type</label>
                            <div class="col-sm-3">
                                <select class="form-control" name="type" id="type" >
                                    <option value="A">A</option>
                                    <option value="AAAA">AAAA</option>
                                    <option value="CNAME">CNAME</option>
@ -102,11 +113,40 @@
                                    <option value="PTR">PTR</option>
                                </select>
-			<label for="value">Valeur : </label><input type="text" id="value" name="value" />
+                            </div>
-			<label for="input_ttl">TTL</label><input type="number" id="input_ttl" name="ttl" min='1' value="3600"/>
+                        </div>
-                        <button type="submit" class="btn btn-sm btn-primary">Valider</button>
+
                        <div class="form-group">
                            <label for="priority" class="col-sm-2 control-label">Priorité (MX)</label>
                            <div class="col-sm-3">
                                <input type="text" id="priority" name="priority" class="form-control" value="10" >
                            </div>
                        </div>
                        <div class="form-group">
                            <label for="value" class="col-sm-2 control-label">Valeur</label>
                            <div class="col-sm-3">
                                <input type="text" id="value" name="value" class="form-control" placeholder="IP ou ndd" >
                            </div>
                        </div>
                        <div class="form-group">
                            <label for="input_ttl" class="col-sm-2 control-label">TTL</label>
                            <div class="col-sm-3">
                                <input type="number" id="input_ttl" name="ttl" class="form-control" value="3600" placeholder="3600" >
                            </div>
                        </div>
                    </fieldset>
                    <div class="form-group">
                        <div class="col-sm-offset-2 col-sm-3">
                            <button type="submit" class="btn btn-primary">Ajouter</button>
                        </div>
                    </div>
                </form>
 	<% END %>
 </div>