fergalmoran/DnsServer
1
0
Fork 0
mirror of https://github.com/fergalmoran/DnsServer.git synced 2026-03-06 21:45:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

webapp: fixed uri and html encoding bugs.

Browse Source
This commit is contained in:
Shreyas Zare
2019-02-16 15:20:25 +05:30
parent 37017e669f
commit 850b705b53
1 changed files with 23 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
DnsServerCore/www/js/main.js
View File

@@ -378,7 +378,7 @@ function login(username, password) {
var btn = $("#btnLogin").button('loading');
HTTPRequest({
url: "/api/login?user=" + username + "&pass=" + password,
url: "/api/login?user=" + encodeURIComponent(username) + "&pass=" + encodeURIComponent(password),
success: function (responseJSON) {
token = responseJSON.token;
@@ -449,7 +449,7 @@ function changePassword() {
var btn = $("#btnChangePasswordSave").button('loading');
HTTPRequest({
url: "/api/changePassword?token=" + token + "&pass=" + newPassword,
url: "/api/changePassword?token=" + token + "&pass=" + encodeURIComponent(newPassword),
success: function (responseJSON) {
$("#modalChangePassword").modal("hide");
btn.button('reset');
@@ -682,7 +682,7 @@ function saveDnsSettings() {
proxy = "&proxyType=" + proxyType;
}
else {
proxy = "&proxyType=" + proxyType + "&proxyAddress=" + $("#txtProxyAddress").val() + "&proxyPort=" + $("#txtProxyPort").val() + "&proxyUsername=" + $("#txtProxyUsername").val() + "&proxyPassword=" + $("#txtProxyPassword").val();
proxy = "&proxyType=" + proxyType + "&proxyAddress=" + $("#txtProxyAddress").val() + "&proxyPort=" + $("#txtProxyPort").val() + "&proxyUsername=" + encodeURIComponent($("#txtProxyUsername").val()) + "&proxyPassword=" + encodeURIComponent($("#txtProxyPassword").val());
}
var forwarders = cleanTextList($("#txtForwarders").val());
@@ -696,18 +696,15 @@ function saveDnsSettings() {
var blockListUrls = cleanTextList($("#txtBlockListUrls").val());
if ((blockListUrls.length === 0) || (blockListUrls === ",")) {
if ((blockListUrls.length === 0) || (blockListUrls === ","))
blockListUrls = false;
}
else {
else
$("#txtBlockListUrls").val(blockListUrls.replace(/,/g, "\n") + "\n");
blockListUrls = window.btoa(blockListUrls);
}
var btn = $("#btnSaveDnsSettings").button('loading');
HTTPRequest({
url: "/api/setDnsSettings?token=" + token + "&serverDomain=" + serverDomain + "&webServicePort=" + webServicePort + "&dnsServerLocalAddresses=" + dnsServerLocalAddresses + "&preferIPv6=" + preferIPv6 + "&logQueries=" + logQueries + "&allowRecursion=" + allowRecursion + "&allowRecursionOnlyForPrivateNetworks=" + allowRecursionOnlyForPrivateNetworks + proxy + "&forwarders=" + forwarders + "&forwarderProtocol=" + forwarderProtocol + "&blockListUrls=" + blockListUrls,
url: "/api/setDnsSettings?token=" + token + "&serverDomain=" + serverDomain + "&webServicePort=" + webServicePort + "&dnsServerLocalAddresses=" + encodeURIComponent(dnsServerLocalAddresses) + "&preferIPv6=" + preferIPv6 + "&logQueries=" + logQueries + "&allowRecursion=" + allowRecursion + "&allowRecursionOnlyForPrivateNetworks=" + allowRecursionOnlyForPrivateNetworks + proxy + "&forwarders=" + encodeURIComponent(forwarders) + "&forwarderProtocol=" + forwarderProtocol + "&blockListUrls=" + encodeURIComponent(blockListUrls),
success: function (responseJSON) {
document.title = "Technitium DNS Server " + responseJSON.response.version + " - " + responseJSON.response.serverDomain;
$("#lblServerDomain").text(" - " + responseJSON.response.serverDomain);
@@ -1623,13 +1620,13 @@ function renderStandardResourceRecord(record, domain) {
html += "<div class=\"form-group\">";
html += "<label for=\"txtName" + id + "\">Name</label>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 120px;\" value=\"" + encodeURI(name) + "\" disabled>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 120px;\" value=\"" + htmlEncode(name) + "\" disabled>";
html += "</div>";
//value
html += "<div class=\"form-group\">";
html += "<label for=\"txtValue" + id + "\">Value</label>";
html += "<input id=\"txtValue" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"value\" style=\"width: 250px;\" value=\"" + encodeURI(record.rData.value) + "\" disabled>";
html += "<input id=\"txtValue" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"value\" style=\"width: 250px;\" value=\"" + htmlEncode(record.rData.value) + "\" disabled>";
html += "</div>";
//ttl
@@ -1640,7 +1637,7 @@ function renderStandardResourceRecord(record, domain) {
//buttons
html += "<div class=\"form-group\" style=\"display: block; margin-bottom: 0px;\">";
html += "<div id=\"data" + id + "\" data-record-name=\"" + encodeURI(record.name) + "\" data-record-value=\"" + encodeURI(record.rData.value) + "\" data-record-disabled=\"" + record.disabled + "\" style=\"display: none;\"></div>";
html += "<div id=\"data" + id + "\" data-record-name=\"" + htmlEncode(record.name) + "\" data-record-value=\"" + htmlEncode(record.rData.value) + "\" data-record-disabled=\"" + record.disabled + "\" style=\"display: none;\"></div>";
html += "<button id=\"btnEdit" + id + "\" type=\"button\" class=\"btn btn-primary\" data-id=\"" + id + "\" onclick=\"return editResourceRecord(this);\" style=\"margin-right: 10px;\">Edit</button>";
html += "<button id=\"btnUpdate" + id + "\" type=\"submit\" class=\"btn btn-primary\" data-loading-text=\"Updating...\" data-id=\"" + id + "\" onclick=\"return updateResourceRecord(this);\" style=\"margin-right: 10px; display: none;\">Update</button>";
html += "<button id=\"btnCancelEdit" + id + "\" type=\"button\" class=\"btn btn-default\" data-id=\"" + id + "\" onclick=\"return cancelEditResourceRecord(this);\" style=\"margin-right: 10px; display: none;\">Cancel</button>";
@@ -1681,13 +1678,13 @@ function renderMXResourceRecord(record, domain) {
html += "<div class=\"form-group\">";
html += "<label for=\"txtName" + id + "\">Name</label>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 136px;\" value=\"" + encodeURI(name) + "\" disabled>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 136px;\" value=\"" + htmlEncode(name) + "\" disabled>";
html += "</div>";
//exchange
html += "<div class=\"form-group\">";
html += "<label for=\"txtExchange" + id + "\">Exchange</label>";
html += "<input id=\"txtExchange" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"mx1.example.com\" style=\"width: 250px;\" value=\"" + encodeURI(record.rData.value) + "\" disabled>";
html += "<input id=\"txtExchange" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"mx1.example.com\" style=\"width: 250px;\" value=\"" + htmlEncode(record.rData.value) + "\" disabled>";
html += "</div>";
//preference
@@ -1704,7 +1701,7 @@ function renderMXResourceRecord(record, domain) {
//buttons
html += "<div class=\"form-group\" style=\"display: block; margin-bottom: 0px;\">";
html += "<div id=\"data" + id + "\" data-record-name=\"" + encodeURI(record.name) + "\" data-record-value=\"" + encodeURI(record.rData.value) + "\" data-record-disabled=\"" + record.disabled + "\" style=\"display: none;\"></div>";
html += "<div id=\"data" + id + "\" data-record-name=\"" + htmlEncode(record.name) + "\" data-record-value=\"" + htmlEncode(record.rData.value) + "\" data-record-disabled=\"" + record.disabled + "\" style=\"display: none;\"></div>";
html += "<button id=\"btnEdit" + id + "\" type=\"button\" class=\"btn btn-primary\" data-id=\"" + id + "\" onclick=\"return editResourceRecord(this);\" style=\"margin-right: 10px;\">Edit</button>";
html += "<button id=\"btnUpdate" + id + "\" type=\"submit\" class=\"btn btn-primary\" data-loading-text=\"Updating...\" data-id=\"" + id + "\" onclick=\"return updateResourceRecord(this);\" style=\"margin-right: 10px; display: none;\">Update</button>";
html += "<button id=\"btnCancelEdit" + id + "\" type=\"button\" class=\"btn btn-default\" data-id=\"" + id + "\" onclick=\"return cancelEditResourceRecord(this);\" style=\"margin-right: 10px; display: none;\">Cancel</button>";
@@ -1744,19 +1741,19 @@ function renderSOAResourceRecord(record, domain) {
html += "<div class=\"form-group\">";
html += "<label for=\"txtName" + id + "\">Name</label>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 70px;\" value=\"" + encodeURI(name) + "\" disabled>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 70px;\" value=\"" + htmlEncode(name) + "\" disabled>";
html += "</div>";
//master name server
html += "<div class=\"form-group\">";
html += "<label for=\"txtMasterNameServer" + id + "\">Master Name Server</label>";
html += "<input id=\"txtMasterNameServer" + id + "\"type=\"text\" class=\"form-control\" placeholder=\"value\" style=\"width: 300px;\" value=\"" + encodeURI(record.rData.masterNameServer) + "\" disabled>";
html += "<input id=\"txtMasterNameServer" + id + "\"type=\"text\" class=\"form-control\" placeholder=\"value\" style=\"width: 300px;\" value=\"" + htmlEncode(record.rData.masterNameServer) + "\" disabled>";
html += "</div>";
//responsible person
html += "<div class=\"form-group\">";
html += "<label for=\"txtResponsiblePerson" + id + "\">Responsible Person</label>";
html += "<input id=\"txtResponsiblePerson" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"value\" style=\"width: 220px;\" value=\"" + encodeURI(record.rData.responsiblePerson) + "\" disabled>";
html += "<input id=\"txtResponsiblePerson" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"value\" style=\"width: 220px;\" value=\"" + htmlEncode(record.rData.responsiblePerson) + "\" disabled>";
html += "</div>";
//serial
@@ -1850,19 +1847,19 @@ function renderSRVResourceRecord(record, domain) {
//name
html += "<div class=\"form-group\">";
html += "<label for=\"txtName" + id + "\">Name</label>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 120px;\" value=\"" + encodeURI(name) + "\" disabled>";
html += "<input id=\"txtName" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"@\" style=\"width: 120px;\" value=\"" + htmlEncode(name) + "\" disabled>";
html += "</div>";
//service
html += "<div class=\"form-group\">";
html += "<label for=\"txtService" + id + "\">Service</label>";
html += "<input id=\"txtService" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"service\" style=\"width: 80px;\" value=\"" + encodeURI(service) + "\" disabled>";
html += "<input id=\"txtService" + id + "\" type=\"text\" class=\"form-control\" placeholder=\"service\" style=\"width: 80px;\" value=\"" + htmlEncode(service) + "\" disabled>";
html += "</div>";
//protocol
html += "<div class=\"form-group\">";
html += "<label for=\"txtProtocol" + id + "\">Protocol</label>";
html += "<input id=\"txtProtocol" + id + "\"type=\"text\" class=\"form-control\" placeholder=\"protocol\" style=\"width: 80px;\" value=\"" + encodeURI(protocol) + "\" disabled>";
html += "<input id=\"txtProtocol" + id + "\"type=\"text\" class=\"form-control\" placeholder=\"protocol\" style=\"width: 80px;\" value=\"" + htmlEncode(protocol) + "\" disabled>";
html += "</div>";
//priority
@@ -1897,7 +1894,7 @@ function renderSRVResourceRecord(record, domain) {
//buttons
html += "<div class=\"form-group\" style=\"display: block; margin-bottom: 0px;\">";
html += "<div id=\"data" + id + "\" data-record-name=\"" + encodeURI(record.name) + "\" data-record-value=\"" + encodeURI(record.rData.value) + "\" data-record-port=\"" + record.rData.port + "\" data-record-disabled=\"" + record.disabled + "\" style=\"display: none;\"></div>";
html += "<div id=\"data" + id + "\" data-record-name=\"" + htmlEncode(record.name) + "\" data-record-value=\"" + htmlEncode(record.rData.value) + "\" data-record-port=\"" + record.rData.port + "\" data-record-disabled=\"" + record.disabled + "\" style=\"display: none;\"></div>";
html += "<button id=\"btnEdit" + id + "\" type=\"button\" class=\"btn btn-primary\" data-id=\"" + id + "\" onclick=\"return editResourceRecord(this);\" style=\"margin-right: 10px;\">Edit</button>";
html += "<button id=\"btnUpdate" + id + "\" type=\"submit\" class=\"btn btn-primary\" data-loading-text=\"Updating...\" data-id=\"" + id + "\" onclick=\"return updateResourceRecord(this);\" style=\"margin-right: 10px; display: none;\">Update</button>";
html += "<button id=\"btnCancelEdit" + id + "\" type=\"button\" class=\"btn btn-default\" data-id=\"" + id + "\" onclick=\"return cancelEditResourceRecord(this);\" style=\"margin-right: 10px; display: none;\">Cancel</button>";
@@ -2264,7 +2261,7 @@ function addResourceRecord() {
ttl = 3600;
}
var apiUrl = "/api/addRecord?token=" + token + "&domain=" + name + "&type=" + type + "&ttl=" + ttl + "&value=" + value;
var apiUrl = "/api/addRecord?token=" + token + "&domain=" + encodeURIComponent(name) + "&type=" + type + "&ttl=" + ttl + "&value=" + encodeURIComponent(value);
switch (type) {
case "MX":
@@ -2327,7 +2324,7 @@ function deleteResourceRecord(objBtn) {
if (!confirm("Are you sure to permanently delete the " + type + " record '" + name + "' with value '" + value + "'?"))
return false;
var apiUrl = "/api/deleteRecord?token=" + token + "&domain=" + name + "&type=" + type + "&value=" + value;
var apiUrl = "/api/deleteRecord?token=" + token + "&domain=" + name + "&type=" + type + "&value=" + encodeURIComponent(value);
if (type === "SRV") {
var port = $("#txtPort" + id).val();
@@ -2494,7 +2491,7 @@ function updateResourceRecord(objBtn, disable) {
break;
}
var apiUrl = "/api/updateRecord?token=" + token + "&type=" + type + "&domain=" + newName + "&oldDomain=" + oldName + "&value=" + newValue + "&oldValue=" + oldValue + "&ttl=" + ttl + "&disable=" + disable;
var apiUrl = "/api/updateRecord?token=" + token + "&type=" + type + "&domain=" + newName + "&oldDomain=" + oldName + "&value=" + encodeURIComponent(newValue) + "&oldValue=" + encodeURIComponent(oldValue) + "&ttl=" + ttl + "&disable=" + disable;
switch (type) {
case "MX":
@@ -2624,7 +2621,7 @@ function resolveQuery(importRecords) {
divDnsClientLoader.show();
HTTPRequest({
url: "/api/resolveQuery?token=" + token + "&server=" + server + "&domain=" + domain + "&type=" + type + "&protocol=" + protocol + (importRecords ? "&import=true" : ""),
url: "/api/resolveQuery?token=" + token + "&server=" + encodeURIComponent(server) + "&domain=" + encodeURIComponent(domain) + "&type=" + type + "&protocol=" + protocol + (importRecords ? "&import=true" : ""),
success: function (responseJSON) {
preDnsClientOutput.text(JSON.stringify(responseJSON.response.result, null, 2));