ddns.cgi: Fix sanity check logic.

Message ID 20210706160829.2548-1-stefan.schantl@ipfire.org
State Accepted
Commit 1d32c50e0306b7b9d304bd0037a99252f9e6eb9a
Headers show
Series ddns.cgi: Fix sanity check logic. | expand

Commit Message

Stefan Schantl July 6, 2021, 4:08 p.m. UTC
The input validation did not work in the proper way. It allways
reported "No password" when using a provider which supports token and
the token has been given.

This of course is wrong and leaded to unuseable providers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 html/cgi-bin/ddns.cgi | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

Comments

Bernhard Bitsch July 7, 2021, 7:37 p.m. UTC | #1
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>

Am 06.07.2021 um 18:08 schrieb Stefan Schantl:
> The input validation did not work in the proper way. It allways
> reported "No password" when using a provider which supports token and
> the token has been given.
> 
> This of course is wrong and leaded to unuseable providers.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
>   html/cgi-bin/ddns.cgi | 32 ++++++++++++++++++++------------
>   1 file changed, 20 insertions(+), 12 deletions(-)
> 
> diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
> index e30aa3d4f..0e3ccbe45 100644
> --- a/html/cgi-bin/ddns.cgi
> +++ b/html/cgi-bin/ddns.cgi
> @@ -171,20 +171,28 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::
>   		$errormessage = $Lang::tr{'invalid domain name'};
>   	}
>   
> -	# Check if a username has been sent.
> -	if ($settings{'LOGIN'} eq '') {
> -		$errormessage = $Lang::tr{'username not set'};
> -	}
> +	# Check if the choosen provider supports token based authentication.
> +	if ($settings{'SERVICE'} ~~ @token_provider) {
> +		# Check if a token has been given.
> +		unless ($settings{'TOKEN'}) {
> +			$errormessage = $Lang::tr{'token not set'};
> +		}
>   
> -	# Check if a password has been typed in.
> -	# freedns.afraid.org does not require this field.
> -	if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
> -		$errormessage = $Lang::tr{'password not set'};
> -	}
> +		# Automatically set the username to token.
> +		$settings{'LOGIN'} = "token";
>   
> -	# Check if a token has been given for provider which support tokens.
> -	if (($settings{'SERVICE'} ~~ @token_provider) && ($settings{'TOKEN'} eq '')) {
> -		$errormessage = $Lang::tr{'token not set'};
> +	# A provider without token support has been choosen.
> +	} else {
> +		# Check if a username has been sent.
> +		if ($settings{'LOGIN'} eq '') {
> +			$errormessage = $Lang::tr{'username not set'};
> +		}
> +
> +		# Check if a password has been typed in.
> +		# freedns.afraid.org does not require this field.
> +		if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
> +			$errormessage = $Lang::tr{'password not set'};
> +		}
>   	}
>   
>   	# Go furter if there was no error.
>

Patch

diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index e30aa3d4f..0e3ccbe45 100644
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -171,20 +171,28 @@  if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::
 		$errormessage = $Lang::tr{'invalid domain name'};
 	}
 
-	# Check if a username has been sent.
-	if ($settings{'LOGIN'} eq '') {
-		$errormessage = $Lang::tr{'username not set'};
-	}
+	# Check if the choosen provider supports token based authentication.
+	if ($settings{'SERVICE'} ~~ @token_provider) {
+		# Check if a token has been given.
+		unless ($settings{'TOKEN'}) {
+			$errormessage = $Lang::tr{'token not set'};
+		}
 
-	# Check if a password has been typed in.
-	# freedns.afraid.org does not require this field.
-	if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
-		$errormessage = $Lang::tr{'password not set'};
-	}
+		# Automatically set the username to token.
+		$settings{'LOGIN'} = "token";
 
-	# Check if a token has been given for provider which support tokens.
-	if (($settings{'SERVICE'} ~~ @token_provider) && ($settings{'TOKEN'} eq '')) {
-		$errormessage = $Lang::tr{'token not set'};
+	# A provider without token support has been choosen.
+	} else {
+		# Check if a username has been sent.
+		if ($settings{'LOGIN'} eq '') {
+			$errormessage = $Lang::tr{'username not set'};
+		}
+
+		# Check if a password has been typed in.
+		# freedns.afraid.org does not require this field.
+		if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
+			$errormessage = $Lang::tr{'password not set'};
+		}
 	}
 
 	# Go furter if there was no error.