cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-12-04 19:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix zone name encoding for UI XHR requests as well as requests to the PDNS API (#1707)

Browse Source
This commit is contained in:
Matt Scott 2023-11-24 10:02:46 -05:00 committed by GitHub
commit b494423e83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
powerdnsadmin/models/domain.py
View File

@ -643,6 +643,8 @@ class Domain(db.Model):
""" """
Update records from Master DNS server Update records from Master DNS server
""" """
import urllib.parse
domain = Domain.query.filter(Domain.name == domain_name).first() domain = Domain.query.filter(Domain.name == domain_name).first()
if domain: if domain:
headers = {'X-API-Key': self.PDNS_API_KEY} headers = {'X-API-Key': self.PDNS_API_KEY}
@ -650,7 +652,7 @@ class Domain(db.Model):
r = utils.fetch_json(urljoin( r = utils.fetch_json(urljoin(
self.PDNS_STATS_URL, self.API_EXTENDED_URL + self.PDNS_STATS_URL, self.API_EXTENDED_URL +
'/servers/localhost/zones/{0}/axfr-retrieve'.format( '/servers/localhost/zones/{0}/axfr-retrieve'.format(
domain.name)), urllib.parse.quote_plus(domain.name))),
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
@ -673,6 +675,8 @@ class Domain(db.Model):
""" """
Get zone DNSSEC information Get zone DNSSEC information
""" """
import urllib.parse
domain = Domain.query.filter(Domain.name == domain_name).first() domain = Domain.query.filter(Domain.name == domain_name).first()
if domain: if domain:
headers = {'X-API-Key': self.PDNS_API_KEY} headers = {'X-API-Key': self.PDNS_API_KEY}
@ -681,7 +685,7 @@ class Domain(db.Model):
urljoin( urljoin(
self.PDNS_STATS_URL, self.API_EXTENDED_URL + self.PDNS_STATS_URL, self.API_EXTENDED_URL +
'/servers/localhost/zones/{0}/cryptokeys'.format( '/servers/localhost/zones/{0}/cryptokeys'.format(
domain.name)), urllib.parse.quote_plus(domain.name))),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET', method='GET',
@ -709,6 +713,8 @@ class Domain(db.Model):
""" """
Enable zone DNSSEC Enable zone DNSSEC
""" """
import urllib.parse
domain = Domain.query.filter(Domain.name == domain_name).first() domain = Domain.query.filter(Domain.name == domain_name).first()
if domain: if domain:
headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'} headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
@ -718,7 +724,9 @@ class Domain(db.Model):
jdata = utils.fetch_json( jdata = utils.fetch_json(
urljoin( urljoin(
self.PDNS_STATS_URL, self.API_EXTENDED_URL + self.PDNS_STATS_URL, self.API_EXTENDED_URL +
'/servers/localhost/zones/{0}'.format(domain.name)), '/servers/localhost/zones/{0}'.format(
urllib.parse.quote_plus(domain.name)
)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
@ -738,7 +746,8 @@ class Domain(db.Model):
urljoin( urljoin(
self.PDNS_STATS_URL, self.API_EXTENDED_URL + self.PDNS_STATS_URL, self.API_EXTENDED_URL +
'/servers/localhost/zones/{0}/cryptokeys'.format( '/servers/localhost/zones/{0}/cryptokeys'.format(
domain.name)), urllib.parse.quote_plus(domain.name)
)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='POST', method='POST',
@ -775,6 +784,8 @@ class Domain(db.Model):
""" """
Remove keys DNSSEC Remove keys DNSSEC
""" """
import urllib.parse
domain = Domain.query.filter(Domain.name == domain_name).first() domain = Domain.query.filter(Domain.name == domain_name).first()
if domain: if domain:
headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'} headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
@ -784,7 +795,7 @@ class Domain(db.Model):
urljoin( urljoin(
self.PDNS_STATS_URL, self.API_EXTENDED_URL + self.PDNS_STATS_URL, self.API_EXTENDED_URL +
'/servers/localhost/zones/{0}/cryptokeys/{1}'.format( '/servers/localhost/zones/{0}/cryptokeys/{1}'.format(
domain.name, key_id)), urllib.parse.quote_plus(domain.name), key_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='DELETE', method='DELETE',

4
powerdnsadmin/static/custom/js/custom.js
View File

@ -30,14 +30,14 @@ function applyChanges(data, url, showResult, refreshPage) {
function applyRecordChanges(data, domain) { function applyRecordChanges(data, domain) {
$.ajax({ $.ajax({
type : "POST", type : "POST",
url : $SCRIPT_ROOT + '/domain/' + domain + '/apply', url : $SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/apply',
data : JSON.stringify(data),// now data come in this function data : JSON.stringify(data),// now data come in this function
contentType : "application/json; charset=utf-8", contentType : "application/json; charset=utf-8",
crossDomain : true, crossDomain : true,
dataType : "json", dataType : "json",
success : function(data, status, jqXHR) { success : function(data, status, jqXHR) {
// update Apply button value // update Apply button value
$.getJSON($SCRIPT_ROOT + '/domain/' + domain + '/info', function(data) { $.getJSON($SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/info', function(data) {
$(".button_apply_changes").val(data['serial']); $(".button_apply_changes").val(data['serial']);
}); });

6
powerdnsadmin/templates/dashboard.html
View File

@ -181,17 +181,17 @@
{% if current_user.role.name in ['Administrator', 'Operator'] or not SETTING.get('dnssec_admins_only') %} {% if current_user.role.name in ['Administrator', 'Operator'] or not SETTING.get('dnssec_admins_only') %}
$(document.body).on("click", ".button_dnssec", function () { $(document.body).on("click", ".button_dnssec", function () {
var domain = $(this).prop('id'); var domain = $(this).prop('id');
getdnssec($SCRIPT_ROOT + '/domain/' + domain + '/dnssec', domain); getdnssec($SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/dnssec', domain);
}); });
$(document.body).on("click", ".button_dnssec_enable", function () { $(document.body).on("click", ".button_dnssec_enable", function () {
var domain = $(this).prop('id'); var domain = $(this).prop('id');
enable_dns_sec($SCRIPT_ROOT + '/domain/' + domain + '/dnssec/enable', '{{ csrf_token() }}'); enable_dns_sec($SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/dnssec/enable', '{{ csrf_token() }}');
}); });
$(document.body).on("click", ".button_dnssec_disable", function () { $(document.body).on("click", ".button_dnssec_disable", function () {
var domain = $(this).prop('id'); var domain = $(this).prop('id');
enable_dns_sec($SCRIPT_ROOT + '/domain/' + domain + '/dnssec/disable', '{{ csrf_token() }}'); enable_dns_sec($SCRIPT_ROOT + '/domain/' + encodeURIComponent(domain) + '/dnssec/disable', '{{ csrf_token() }}');
}); });
{% endif %} {% endif %}
</script> </script>