From 18f38fd1caf417cde96a4c6d786669e39f4964a5 Mon Sep 17 00:00:00 2001 From: Matt Scott Date: Fri, 24 Nov 2023 09:49:40 -0500 Subject: [PATCH] Updated backend to properly encode the zone name sent to PDNS API so that zones with URL unsafe characters don't break the request. --- powerdnsadmin/models/domain.py | 21 ++++++++++++++++----- powerdnsadmin/static/custom/js/custom.js | 4 ++-- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py index bfa0445..f0b9a30 100644 --- a/powerdnsadmin/models/domain.py +++ b/powerdnsadmin/models/domain.py @@ -643,6 +643,8 @@ class Domain(db.Model): """ Update records from Master DNS server """ + import urllib.parse + domain = Domain.query.filter(Domain.name == domain_name).first() if domain: headers = {'X-API-Key': self.PDNS_API_KEY} @@ -650,7 +652,7 @@ class Domain(db.Model): r = utils.fetch_json(urljoin( self.PDNS_STATS_URL, self.API_EXTENDED_URL + '/servers/localhost/zones/{0}/axfr-retrieve'.format( - domain.name)), + urllib.parse.quote_plus(domain.name))), headers=headers, timeout=int( Setting().get('pdns_api_timeout')), @@ -673,6 +675,8 @@ class Domain(db.Model): """ Get zone DNSSEC information """ + import urllib.parse + domain = Domain.query.filter(Domain.name == domain_name).first() if domain: headers = {'X-API-Key': self.PDNS_API_KEY} @@ -681,7 +685,7 @@ class Domain(db.Model): urljoin( self.PDNS_STATS_URL, self.API_EXTENDED_URL + '/servers/localhost/zones/{0}/cryptokeys'.format( - domain.name)), + urllib.parse.quote_plus(domain.name))), headers=headers, timeout=int(Setting().get('pdns_api_timeout')), method='GET', @@ -709,6 +713,8 @@ class Domain(db.Model): """ Enable zone DNSSEC """ + import urllib.parse + domain = Domain.query.filter(Domain.name == domain_name).first() if domain: headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'} @@ -718,7 +724,9 @@ class Domain(db.Model): jdata = utils.fetch_json( urljoin( self.PDNS_STATS_URL, self.API_EXTENDED_URL + - '/servers/localhost/zones/{0}'.format(domain.name)), + '/servers/localhost/zones/{0}'.format( + urllib.parse.quote_plus(domain.name) + )), headers=headers, timeout=int(Setting().get('pdns_api_timeout')), method='PUT', @@ -738,7 +746,8 @@ class Domain(db.Model): urljoin( self.PDNS_STATS_URL, self.API_EXTENDED_URL + '/servers/localhost/zones/{0}/cryptokeys'.format( - domain.name)), + urllib.parse.quote_plus(domain.name) + )), headers=headers, timeout=int(Setting().get('pdns_api_timeout')), method='POST', @@ -775,6 +784,8 @@ class Domain(db.Model): """ Remove keys DNSSEC """ + import urllib.parse + domain = Domain.query.filter(Domain.name == domain_name).first() if domain: headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'} @@ -784,7 +795,7 @@ class Domain(db.Model): urljoin( self.PDNS_STATS_URL, self.API_EXTENDED_URL + '/servers/localhost/zones/{0}/cryptokeys/{1}'.format( - domain.name, key_id)), + urllib.parse.quote_plus(domain.name), key_id)), headers=headers, timeout=int(Setting().get('pdns_api_timeout')), method='DELETE', diff --git a/powerdnsadmin/static/custom/js/custom.js b/powerdnsadmin/static/custom/js/custom.js index 1b7a983..e4890d9 100644 --- a/powerdnsadmin/static/custom/js/custom.js +++ b/powerdnsadmin/static/custom/js/custom.js @@ -30,14 +30,14 @@ function applyChanges(data, url, showResult, refreshPage) { function applyRecordChanges(data, domain) { $.ajax({ type : "POST", - url : $SCRIPT_ROOT + '/domain/' + domain + '/apply', + url : $SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/apply', data : JSON.stringify(data),// now data come in this function contentType : "application/json; charset=utf-8", crossDomain : true, dataType : "json", success : function(data, status, jqXHR) { // update Apply button value - $.getJSON($SCRIPT_ROOT + '/domain/' + domain + '/info', function(data) { + $.getJSON($SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/info', function(data) { $(".button_apply_changes").val(data['serial']); });