From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bernhard Bitsch To: development@lists.ipfire.org Subject: Re: [PATCH] ddns.cgi: Fix sanity check logic. Date: Wed, 07 Jul 2021 21:37:50 +0200 Message-ID: In-Reply-To: <20210706160829.2548-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3205235639051152833==" List-Id: --===============3205235639051152833== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Tested-by: Bernhard Bitsch Am 06.07.2021 um 18:08 schrieb Stefan Schantl: > The input validation did not work in the proper way. It allways > reported "No password" when using a provider which supports token and > the token has been given. >=20 > This of course is wrong and leaded to unuseable providers. >=20 > Signed-off-by: Stefan Schantl > --- > html/cgi-bin/ddns.cgi | 32 ++++++++++++++++++++------------ > 1 file changed, 20 insertions(+), 12 deletions(-) >=20 > diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi > index e30aa3d4f..0e3ccbe45 100644 > --- a/html/cgi-bin/ddns.cgi > +++ b/html/cgi-bin/ddns.cgi > @@ -171,20 +171,28 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($se= ttings{'ACTION'} eq $Lang:: > $errormessage =3D $Lang::tr{'invalid domain name'}; > } > =20 > - # Check if a username has been sent. > - if ($settings{'LOGIN'} eq '') { > - $errormessage =3D $Lang::tr{'username not set'}; > - } > + # Check if the choosen provider supports token based authentication. > + if ($settings{'SERVICE'} ~~ @token_provider) { > + # Check if a token has been given. > + unless ($settings{'TOKEN'}) { > + $errormessage =3D $Lang::tr{'token not set'}; > + } > =20 > - # Check if a password has been typed in. > - # freedns.afraid.org does not require this field. > - if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.af= raid.org') && ($settings{'SERVICE'} ne 'regfish.com')) { > - $errormessage =3D $Lang::tr{'password not set'}; > - } > + # Automatically set the username to token. > + $settings{'LOGIN'} =3D "token"; > =20 > - # Check if a token has been given for provider which support tokens. > - if (($settings{'SERVICE'} ~~ @token_provider) && ($settings{'TOKEN'} eq '= ')) { > - $errormessage =3D $Lang::tr{'token not set'}; > + # A provider without token support has been choosen. > + } else { > + # Check if a username has been sent. > + if ($settings{'LOGIN'} eq '') { > + $errormessage =3D $Lang::tr{'username not set'}; > + } > + > + # Check if a password has been typed in. > + # freedns.afraid.org does not require this field. > + if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.a= fraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) { > + $errormessage =3D $Lang::tr{'password not set'}; > + } > } > =20 > # Go furter if there was no error. >=20 --===============3205235639051152833==--