From 7d25635f278549eaac801f78e320e714fe61bf06 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Tue, 16 Sep 2014 20:40:00 +0000 Subject: Modify passwd actions to detect readonly files and prevent modification If you edit the file with editfile, the permissions will be changed to readwrite, making the file editable --- freeradius3-viewpasswdfile-html.lsp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'freeradius3-viewpasswdfile-html.lsp') diff --git a/freeradius3-viewpasswdfile-html.lsp b/freeradius3-viewpasswdfile-html.lsp index 5e6ad7f..fe28b28 100644 --- a/freeradius3-viewpasswdfile-html.lsp +++ b/freeradius3-viewpasswdfile-html.lsp @@ -30,8 +30,16 @@ html = require("acf.html") redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.value) %> +<% +local editable = false +if view.value.mode and string.match(view.value.mode.value, "^.w") then + editable = true +end +%> + <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> <% htmlviewfunctions.displayitem(view.value.filename) %> +<% if view.value.mode then htmlviewfunctions.displayitem(view.value.mode) end %> <% if view.value.data then %> <% local containspasswd = 0 %> @@ -48,6 +56,7 @@ redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.val <% for i,r in ipairs( view.value.data.value ) do %> <% for j,f in ipairs(r) do %> @@ -67,7 +77,7 @@ redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.val
+<% if editable then %> <% entry.value = i %> <% if viewlibrary.check_permission("editpasswdentry") then %> <% htmlviewfunctions.displayitem(cfe({type="link", value={filename=filename, entry=entry, redir=redir}, label="", option="Edit", action="editpasswdentry"}), page_info, -1) %> @@ -58,6 +67,7 @@ redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.val <% if 0 < containspasswd and r[containspasswd] ~= "" and viewlibrary.check_permission("editpasswd") then %> <% htmlviewfunctions.displayitem(cfe({type="link", value={filename=filename, entry=entry, redir=redir}, label="", option="Change Pass", action="editpasswd"}), page_info, -1) %> <% end %> +<% end %> <% if (j == containspasswd) and (f ~= "") then io.write("********") else io.write(html.html_escape(f)) end %>
<% end %> -<% if view.value.data and viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("createpasswdentry") then +<% if editable and view.value.data and viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("createpasswdentry") then local createform = viewlibrary.dispatch_component("createpasswdentry", {filename=view.value.filename.value, redir=redir.value}, true) createform.action = page_info.script .. page_info.prefix .. page_info.controller .. "/createpasswdentry" htmlviewfunctions.displayitem(createform, page_info, htmlviewfunctions.incrementheader(header_level)) -- cgit v1.2.3