From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'
---
interface/web/dns/dns_wizard.php | 31 +++++++++++++++++++++++++++----
1 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 198245b..a0fd131 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -36,10 +36,22 @@
// Loading the template
-$app->uses('tpl,validate_dns');
+$app->uses('tpl,validate_dns,tform');
$app->tpl->newTemplate("form.tpl.htm");
$app->tpl->setInclude('content_tpl', 'templates/dns_wizard.htm');
$app->load_language_file('/web/dns/lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng');
+
+// Check if dns record limit has been reached. We will check only users, not admins
+if($_SESSION["s"]["user"]["typ"] == 'user') {
+ $app->tform->formDef['db_table_idx'] = 'id';
+ $app->tform->formDef['db_table'] = 'dns_soa';
+ if(!$app->tform->checkClientLimit('limit_dns_zone')) {
+ $app->error($app->lng('limit_dns_zone_txt'));
+ }
+ if(!$app->tform->checkResellerLimit('limit_dns_zone')) {
+ $app->error('Reseller: '.$app->lng('limit_dns_zone_txt'));
+ }
+}
// import variables
$template_id = (isset($_POST['template_id']))?$app->functions->intval($_POST['template_id']):0;
@@ -197,7 +209,10 @@
}
if($_POST['create'] == 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$error = '';
if ($post_server_id)
@@ -264,7 +279,7 @@
elseif(isset($_POST['ns2']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9]{2,30}$/', $_POST['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
if(isset($_POST['email']) && $_POST['email'] == '') $error .= $app->lng('error_email_empty').'<br />';
- elseif(isset($_POST['email']) && !preg_match('/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z0-9\-]{2,30}$/i', $_POST['email'])) $error .= $app->lng('error_email_regex').'<br />';
+ elseif(isset($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) $error .= $app->lng('error_email_regex').'<br />';
// make sure that the record belongs to the client group and not the admin group when admin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($_POST['client_group_id'])) {
@@ -297,6 +312,7 @@
if($_POST['ns1'] != '') $tpl_content = str_replace('{NS1}', $_POST['ns1'], $tpl_content);
if($_POST['ns2'] != '') $tpl_content = str_replace('{NS2}', $_POST['ns2'], $tpl_content);
if($_POST['email'] != '') $tpl_content = str_replace('{EMAIL}', $_POST['email'], $tpl_content);
+ $enable_dnssec = (($_POST['dnssec'] == 'Y') ? 'Y' : 'N');
if(isset($_POST['dkim']) && preg_match('/^[\w\.\-\/]{2,255}\.[a-zA-Z0-9\-]{2,30}[\.]{0,1}$/', $_POST['domain'])) {
$sql = $app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND ".$app->tform->getAuthSQL('r'), $_POST['domain']);
$public_key = $sql['dkim_public'];
@@ -311,6 +327,7 @@
$tpl_rows = explode("\n", $tpl_content);
$section = '';
$vars = array();
+ $vars['xfer']='';
$dns_rr = array();
foreach($tpl_rows as $row) {
$row = trim($row);
@@ -391,7 +408,8 @@
"active" => 'Y',
"xfer" => $xfer,
"also_notify" => $also_notify,
- "update_acl" => $update_acl
+ "update_acl" => $update_acl,
+ "dnssec_wanted" => $enable_dnssec
);
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
@@ -430,6 +448,11 @@
$app->tpl->setVar("title", 'DNS Wizard');
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
include $lng_file;
$app->tpl->setVar($wb);
--
Gitblit v1.9.1