mirror of
https://github.com/znc/znc.git
synced 2026-03-28 17:42:41 +01:00
Adjusted the GetParam calls in webadmin.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1938 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
cflakes
@@ -223,6 +223,20 @@ public:
|
||||
return pNewUser;
|
||||
}
|
||||
|
||||
CString SafeGetUserNameParam(CWebSock& WebSock) {
|
||||
CString sUserName = WebSock.GetParam("user"); // check for POST param
|
||||
if(sUserName.empty() && !WebSock.IsPost()) {
|
||||
// if no POST param named user has been given and we are not
|
||||
// saving this form, fall back to using the GET parameter.
|
||||
sUserName = WebSock.GetParam("user", false);
|
||||
}
|
||||
return sUserName;
|
||||
}
|
||||
|
||||
CUser* SafeGetUserFromParam(CWebSock& WebSock) {
|
||||
return CZNC::Get().FindUser(SafeGetUserNameParam(WebSock));
|
||||
}
|
||||
|
||||
virtual CString GetWebMenuTitle() { return "webadmin"; }
|
||||
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
|
||||
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
|
||||
@@ -242,9 +256,9 @@ public:
|
||||
|
||||
return UserPage(WebSock, Tmpl);
|
||||
} else if (sPageName == "editchan") {
|
||||
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
|
||||
CUser* pUser = SafeGetUserFromParam(WebSock);
|
||||
|
||||
// Admin/Self Check
|
||||
// Admin||Self Check
|
||||
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
|
||||
return false;
|
||||
}
|
||||
@@ -254,7 +268,11 @@ public:
|
||||
return true;
|
||||
}
|
||||
|
||||
CChan* pChan = pUser->FindChan(WebSock.GetParam("name"));
|
||||
CString sChan = WebSock.GetParam("name");
|
||||
if(sChan.empty() && !WebSock.IsPost()) {
|
||||
sChan = WebSock.GetParam("name", false);
|
||||
}
|
||||
CChan* pChan = pUser->FindChan(sChan);
|
||||
if (!pChan) {
|
||||
WebSock.PrintErrorPage("No such channel");
|
||||
return true;
|
||||
@@ -262,9 +280,9 @@ public:
|
||||
|
||||
return ChanPage(WebSock, Tmpl, pUser, pChan);
|
||||
} else if (sPageName == "addchan") {
|
||||
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
|
||||
CUser* pUser = SafeGetUserFromParam(WebSock);
|
||||
|
||||
// Admin/Self Check
|
||||
// Admin||Self Check
|
||||
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
|
||||
return false;
|
||||
}
|
||||
@@ -274,10 +292,11 @@ public:
|
||||
}
|
||||
|
||||
WebSock.PrintErrorPage("No such username");
|
||||
return true;
|
||||
} else if (sPageName == "delchan") {
|
||||
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
|
||||
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user", false));
|
||||
|
||||
// Admin/Self Check
|
||||
// Admin||Self Check
|
||||
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
|
||||
return false;
|
||||
}
|
||||
@@ -287,14 +306,16 @@ public:
|
||||
}
|
||||
|
||||
WebSock.PrintErrorPage("No such username");
|
||||
return true;
|
||||
} else if (sPageName == "deluser") {
|
||||
// Admin Check
|
||||
if (!spSession->IsAdmin()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!WebSock.IsPost()) {
|
||||
CString sUser = WebSock.GetParam("user", true);
|
||||
// Show the "Are you sure?" page:
|
||||
|
||||
CString sUser = WebSock.GetParam("user", false);
|
||||
CUser* pUser = CZNC::Get().FindUser(sUser);
|
||||
|
||||
if (!pUser) {
|
||||
@@ -307,6 +328,9 @@ public:
|
||||
return true;
|
||||
}
|
||||
|
||||
// The "Are you sure?" page has been submitted with "Yes",
|
||||
// so we actually delete the user now:
|
||||
|
||||
CString sUser = WebSock.GetParam("user");
|
||||
CUser* pUser = CZNC::Get().FindUser(sUser);
|
||||
|
||||
@@ -321,9 +345,16 @@ public:
|
||||
WebSock.PrintErrorPage("No such username");
|
||||
return true;
|
||||
} else if (sPageName == "edituser") {
|
||||
CUser* pUser = WebSock.HasParam("user") ? CZNC::Get().FindUser(WebSock.GetParam("user")) : spSession->GetUser();
|
||||
CString sUserName = SafeGetUserNameParam(WebSock);
|
||||
CUser* pUser = CZNC::Get().FindUser(sUserName);
|
||||
|
||||
// Admin/Self Check
|
||||
if(!pUser) {
|
||||
if(sUserName.empty()) {
|
||||
pUser = spSession->GetUser();
|
||||
} // else: the "no such user" message will be printed.
|
||||
}
|
||||
|
||||
// Admin||Self Check
|
||||
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
|
||||
return false;
|
||||
}
|
||||
@@ -333,8 +364,8 @@ public:
|
||||
}
|
||||
|
||||
WebSock.PrintErrorPage("No such username");
|
||||
return true;
|
||||
} else if (sPageName == "listusers") {
|
||||
// Admin Check
|
||||
if (!spSession->IsAdmin()) {
|
||||
return false;
|
||||
}
|
||||
@@ -434,7 +465,7 @@ public:
|
||||
}
|
||||
|
||||
bool DelChan(CWebSock& WebSock, CUser* pUser) {
|
||||
CString sChan = WebSock.GetParam("name");
|
||||
CString sChan = WebSock.GetParam("name", false);
|
||||
|
||||
if (!pUser) {
|
||||
WebSock.PrintErrorPage("That user doesn't exist");
|
||||
|
||||
Reference in New Issue
Block a user