WebSVN – general – Path Comparison – / – /hostadmiral/trunk/ Rev 1216 and /hostadmiral/trunk Rev 1215

Ignore whitespace Rev 1216 → Rev 1215

 /hostadmiral/trunk/backend/backend.pl
 ,8 → 6,7
 #
 # FIXME use transactions
-# FIXME secure to show wrong (m.b. hacked) strings in logs and socket answers?
-# FIXME double check validate_* functions
+# FIXME validate all information
 use strict;
 use vars;
 ,7 → 48,6
 my $code_ok               = 200;
 my $code_ok_but           = 201;
 my $code_ignored          = 202;
-my $code_some_error       = 400;
 my $code_no_body          = 400;
 my $code_protocol_header  = 401;
 my $code_no_end_lines     = 402;
 ,35 → 203,11
         set_request_code($request, $code_ignored, "Not interesting in users");
 }
-sub handle_system_user_create
-{
-        my $request = shift @_;
-        set_request_code($request, $code_ignored, "Not interesting in system users");
-}
-sub handle_system_user_modify
-{
-        my $request = shift @_;
-        set_request_code($request, $code_ignored, "Not interesting in system users");
-}
-sub handle_system_user_delete
-{
-        my $request = shift @_;
-        set_request_code($request, $code_ignored, "Not interesting in system users");
-}
 # FIXME: merge with handle_domain_modify
 sub handle_domain_create
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "name"    => \&validate_domain,
-                  "enabled" => \&validate_boolean,
-                  "comment" => \&validate_comment } );
+        my %params  = parse_command_params($request, shift @_, ("name"));
         return unless(%params);
         my $res_action = save_to_db($request, "transport",
 ,11 → 230,7
 sub handle_domain_modify
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "oldName" => \&validate_domain,
-                  "name"    => \&validate_domain,
-                  "enabled" => \&validate_boolean,
-                  "comment" => \&validate_comment } );
+        my %params  = parse_command_params($request, shift @_, ("oldName", "name"));
         return unless(%params);
         # FIXME: move maildirs, update users and aliases tables
 ,11 → 253,10
 sub handle_domain_delete
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "name" => \&validate_domain } );
+        my %params  = parse_command_params($request, shift @_, ("name"));
         return unless(%params);
-        # FIXME: delete maildirs, update users and aliases tables (or are they already deleted by frontend?)
+        # FIXME: delete maildirs, update users and aliases tables (or they are already deleted by frontend?)
         my $res_action = delete_from_db($request, "transport",
                 { domain => $params{"name"} } );
 ,6 → 270,18
         }
 }
+sub handle_system_user_create
+{
+}
+sub handle_system_user_modify
+{
+}
+sub handle_system_user_delete
+{
+}
 sub update_mailbox_mailid
 {
         my $request = shift @_;
 ,14 → 310,7
 {
         my $request = shift @_;
         my %params  = parse_command_params($request, shift @_,
-                { "login"      => \&validate_name,
-                  "domain"     => \&validate_domain,
-                  "password"   => \&validate_password,
-                  "enabled"    => \&validate_boolean,
-                  "comment"    => \&validate_comment,
-                  "systemUser" => \&validate_system_user_id,
-                  "virusCheck" => \&validate_boolean,
-                  "spamCheck"  => \&validate_boolean } );
+                ("login", "password", "domain"));
         return unless(%params);
         # insert or update main information
 ,16 → 343,7
 {
         my $request = shift @_;
         my %params  = parse_command_params($request, shift @_,
-                { "oldLogin"   => \&validate_name,
-                  "oldDomain"  => \&validate_domain,
-                  "login"      => \&validate_name,
-                  "domain"     => \&validate_domain,
-                  "password"   => \&validate_password,
-                  "enabled"    => \&validate_boolean,
-                  "comment"    => \&validate_comment,
-                  "systemUser" => \&validate_system_user_id,
-                  "virusCheck" => \&validate_boolean,
-                  "spamCheck"  => \&validate_boolean } );
+                ("oldLogin", "oldDomain", "login", "domain"));
         return unless(%params);
         # FIXME move the old maildir
 ,9 → 375,7
 sub handle_mailbox_delete
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "login"  => \&validate_name,
-                  "domain" => \&validate_domain } );
+        my %params  = parse_command_params($request, shift @_, ("login", "domain"));
         return unless(%params);
         # FIXME remove the maildir
 ,36 → 460,20
         return 1;
 }
-# FIXME merge with handle_mail_alias_modify
 sub handle_mail_alias_create
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "address" => \&validate_name,
-                  "domain"  => \&validate_domain,
-                  "enabled" => \&validate_boolean,
-                  "comment" => \&validate_comment } );
+        my %params  = parse_command_params($request, shift @_, ("address", "domain"));
         return unless(%params);
         my @rcpts = parse_command_array($request, @_);
-        # validate recipients
-        foreach (@rcpts) {
-                unless(validate_email($_)) {
-                        set_request_code($request, $code_wrong_params, "Wrong email $_");
-                        return;
-                }
-        }
-        # delete all from db
         my $del_action = delete_from_db($request, "aliases",
                 { alias => "$params{'address'}\@$params{'domain'}" } );
         return if($del_action eq "error");
-        # save new
         return unless(save_mail_alias_dest($request, $params{'address'}, $params{'domain'},
                 $params{'comment'}, \@rcpts));
-        # result
         if($del_action eq 'delete') {
                 set_request_code($request, $code_ok_but, "Mail alias exists, modified");
         }
 ,34 → 485,17
 sub handle_mail_alias_modify
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "oldAddress" => \&validate_name,
-                  "oldDomain"  => \&validate_domain,
-                  "address"    => \&validate_name,
-                  "domain"     => \&validate_domain,
-                  "enabled"    => \&validate_boolean,
-                  "comment"    => \&validate_comment } );
+        my %params  = parse_command_params($request, shift @_, ("address", "domain"));
         return unless(%params);
         my @rcpts = parse_command_array($request, @_);
-        # validate recipients
-        foreach (@rcpts) {
-                unless(validate_email($_)) {
-                        set_request_code($request, $code_wrong_params, "Wrong email $_");
-                        return;
-                }
-        }
-        # delete all from db
         my $del_action = delete_from_db($request, "aliases",
-                { alias => "$params{'oldAddress'}\@$params{'oldDomain'}" } );
+                { alias => "$params{'address'}\@$params{'domain'}" } );
         return if($del_action eq "error");
-        # save new
         return unless(save_mail_alias_dest($request, $params{'address'}, $params{'domain'},
                 $params{'comment'}, \@rcpts));
-        # result
         if($del_action eq 'delete') {
                 set_request_code($request, $code_ok, "Mail alias modified");
         }
 ,9 → 507,7
 sub handle_mail_alias_delete
 {
         my $request = shift @_;
-        my %params  = parse_command_params($request, shift @_,
-                { "address" => \&validate_name,
-                  "domain"  => \&validate_domain } );
+        my %params  = parse_command_params($request, shift @_, ("address", "domain"));
         return unless(%params);
         my $res_action = delete_from_db($request, "aliases",
 ,24 → 521,6
         }
 }
-sub validate_boolean
-{
-        $_ = shift @_;
-        return /^(true|false)$/ ? 1 : 0;
-}
-sub validate_comment
-{
-        $_ = shift @_;
-        return /^.*$/ ? 1 : 0; # FIXME allow part of control chars only
-}
-sub validate_password
-{
-        $_ = shift @_;
-        return /^.*$/ ? 1 : 0; # FIXME
-}
 sub validate_domain
 {
         $_ = shift @_;
 ,30 → 530,8
 sub validate_name
 {
-        $_ = shift @_;
-        return /^[a-zA-Z]([a-zA-Z0-9._-]*[a-zA-Z0-9])?$/ ? 1 : 0;
 }
-sub validate_email
-{
-        $_ = shift @_;
-        return /^[a-zA-Z0-9._-]+\@(([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)\.)*([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)$/ ? 1 : 0; # FIXME too restrict for user name?
-}
-sub validate_param_name
-{
-        $_ = shift @_;
-        return /^[a-zA-Z_][a-zA-Z0-9._-]*$/ ? 1 : 0;
-}
-sub validate_system_user_id
-{
-        $_ = shift @_;
-        return 0 unless /^[0-9]*$/;
-        return ($_ >= 1000) ? 1 : 0; # additional security check
-}
 sub decode_param
 {
         my $value = shift @_;
 ,36 → 563,19
 {
         my $request  = shift @_;
         my @params   = split /\t/, shift @_, -1;
-        my %expected = %{shift @_};
+        my %required = map { $_ => 1 } @_; # convert array to hash
         my %values   = ();
         @params = @params[2..$#params]; # remove handler and action
         map {
                 my ($key, $value) = split /=/, $_;
-                unless(validate_param_name($key)) {
-                        set_request_code($request, $code_wrong_params, "Wrong param name $key");
-                        return ();
-                }
-                unless($expected{$key}) {
-                        set_request_code($request, $code_wrong_params, "Param $key not expected");
-                        return ();
-                }
-                my $param_value = decode_param($value);
-                unless(&{$expected{$key}}($param_value)) {
-                        set_request_code($request, $code_wrong_params, "Wrong value of param $key");
-                        return ();
-                }
-                $values{$key} = $param_value;
-                delete($expected{$key});
+                $values{$key} = decode_param($value);
+                delete($required{$key});
         } @params;
-        if(%expected) {
+        if(%required) {
                 set_request_code($request, $code_wrong_params,
-                        "Params " . join(', ', keys %expected) . " expected but not found");
+                        "Params " . join(', ', keys %required) . " expected but not found");
                 return ();
         }

/hostadmiral/trunk/webapp/mail/box/edit.jsp
96,7 → 96,6
</tr>
</table>

<p>FIXME: show system user id without comma</p>
<p>FIXME: checkbox to create a mail alias if new mailbox is created</p>
<p>FIXME: special case: by editing a mailbox which login is the same
as its user and/or mail alias allow to change all them at once. Do the for

 /hostadmiral/trunk/webapp/mail/alias/edit.jsp
 ,8 → 163,6
 </html:form>
 <script>loadForm();</script>
-<p>FIXME: show mailbox@domain for destinations, not just mailbox</p>
 <p>
         <bean:message key="ak.hostadmiral.page.general.version" />:
         <bean:write name="projectVersion" />

 /hostadmiral/trunk/webapp/mail/alias/editdests.jsp
 ,8 → 160,6
 </html:form>
 <script>loadForm();</script>
-<p>FIXME: show mailbox@domain for destinations, not just mailbox</p>
 <p>
         <bean:message key="ak.hostadmiral.page.general.version" />:
         <bean:write name="projectVersion" />

Subversion Repositories general

Compare Revisions

Ignore whitespace Rev 1216 → Rev 1215