diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | weblog-model.lua | 164 | ||||
| -rw-r--r-- | weblog-viewblocklog-html.lsp | 8 | ||||
| -rw-r--r-- | weblog.menu | 2 |
4 files changed, 142 insertions, 34 deletions
@@ -1,6 +1,6 @@ APP_NAME=weblog PACKAGE=acf-$(APP_NAME) -VERSION=0.3.1 +VERSION=0.3.2 APP_DIST=\ weblog* \ diff --git a/weblog-model.lua b/weblog-model.lua index 9e32e53..5cced4b 100644 --- a/weblog-model.lua +++ b/weblog-model.lua @@ -487,6 +487,20 @@ local listusagestats = function() return entries end +local testdatabaseentry = function(datatype, value) + local success = true + local errtxt + local sql = "CREATE TEMP TABLE testing ( test "..escape(datatype).." DEFAULT '"..escape(value).."' ) ON COMMIT DROP" + local res, err = pcall(function() + assert (con:execute(sql)) + end) + if not res then + success = false + errtxt = string.gsub(err or "", "\n.*", "") + end + return success, errtxt +end + local printtableentries = function(tablename) -- retrieve a cursor local count = 0 @@ -898,7 +912,7 @@ function getnewwatchlistentry() return cfe({ type="group", value=watch, label="Watchlist Entry" }) end -function createwatchlistentry(watch) +local function validatewatchlistentry(watch) local success = true for i,name in ipairs({"clientuserid", "expiredatetime"}) do if watch.value[name].value == "" then @@ -906,28 +920,48 @@ function createwatchlistentry(watch) success = false end end + if not watch.value.expiredatetime.errtxt then + local res, err = pcall(function() + databaseconnect(DatabaseUser) + local s + s,watch.value.expiredatetime.errtxt = testdatabaseentry("TIMESTAMP", watch.value.expiredatetime.value) + databasedisconnect() + success = success and s + end) + if not res and err then + watch.value.expiredatetime.errtxt = err + success = false + end + end + return success +end + +function createwatchlistentry(watch) watch.value.clientuserid.value = watch.value.clientuserid.value:lower() watch.errtxt = "Failed to create watchlist entry" - local res, err = pcall(function() - databaseconnect(DatabaseUser) - local watchlist = listwatchlistentries() or {} - for i,w in ipairs(watchlist) do - if w.clientuserid == watch.value.clientuserid.value then - watch.value.clientuserid.errtxt = "User ID already exists" - success = false - break + local success = validatewatchlistentry(watch) + if success then + local res, err = pcall(function() + databaseconnect(DatabaseUser) + local watchlist = listwatchlistentries() or {} + for i,w in ipairs(watchlist) do + if w.clientuserid == watch.value.clientuserid.value then + watch.value.clientuserid.errtxt = "User ID already exists" + success = false + break + end end - end - if success then - local count = importwatchlistentry(watch.value.clientuserid.value, watch.value.expiredatetime.value) - if count > 0 then - watch.errtxt = nil + if success then + local count = importwatchlistentry(watch.value.clientuserid.value, watch.value.expiredatetime.value) + if count > 0 then + watch.errtxt = nil + end end + databasedisconnect() + end) + if not res and err then + watch.errtxt = watch.errtxt .. "\n" .. err end - databasedisconnect() - end) - if not res and err then - watch.errtxt = watch.errtxt .. "\n" .. err end return watch @@ -951,6 +985,42 @@ function deletewatchlistent(clientuserid) return result end +local validateparameters = function(params) + local success = true + if params.clientip.value ~= "" and string.find(params.clientip.value, "[^%d%.]") then + params.clientip.errtxt = "Invalid IP Address" + success = false + end + if params.window.value ~= "" and not validator.is_integer(params.window.value) then + params.window.errtxt = "Must be an integer" + success = false + end + local res, err = pcall(function() + databaseconnect(DatabaseUser) + local s + if params.starttime.value ~= "" then + s,params.starttime.errtxt = testdatabaseentry("TIMESTAMP", params.starttime.value) + success = success and s + end + if params.endtime.value ~= "" then + s,params.endtime.errtxt = testdatabaseentry("TIMESTAMP", params.endtime.value) + success = success and s + end + if params.focus.value ~= "" then + s,params.focus.errtxt = testdatabaseentry("TIMESTAMP", params.focus.value) + success = success and s + end + databasedisconnect() + end) + if not res and err then + params.starttime.errtxt = err + params.endtime.errtxt = err + params.focus.errtxt = err + success = false + end + return success +end + local handleparameters = function(clientuserid, starttime, endtime, clientip, focus) local result = {} result.clientuserid = cfe({ value=clientuserid or "", label="User ID" }) @@ -958,7 +1028,7 @@ local handleparameters = function(clientuserid, starttime, endtime, clientip, fo result.endtime = cfe({ value=endtime or "", label="End Time" }) result.clientip = cfe({ value=clientip or "", label="Client IP" }) result.window = cfe({ value=config.window or "5", label="Time Window" }) - result.focus = cfe({ value=focus or "", label="Time Window" }) + result.focus = cfe({ value=focus or "", label="Focus Time" }) return result end @@ -969,11 +1039,16 @@ function getweblog(clientuserid, starttime, endtime, clientip, focus) end local result = handleparameters(clientuserid, starttime, endtime, clientip, focus) result.log = cfe({ type="list", value={}, label="Weblog Access Log" }) - local res, err = pcall(function() - databaseconnect(DatabaseUser) - result.log.value = listpubweblogentries(clientuserid, starttime, endtime, clientip) or {} - databasedisconnect() - end) + local success = validateparameters(result) + if success then + local res, err = pcall(function() + databaseconnect(DatabaseUser) + result.log.value = listpubweblogentries(clientuserid, starttime, endtime, clientip) or {} + databasedisconnect() + end) + else + err = "Invalid search parameters" + end return cfe({ type="group", value=result, errtxt=err, label="Weblog Access Log" }) end @@ -984,11 +1059,16 @@ function getblocklog(clientuserid, starttime, endtime, clientip, focus) end local result = handleparameters(clientuserid, starttime, endtime, clientip, focus) result.log = cfe({ type="list", value={}, label="Weblog Block Log" }) - local res, err = pcall(function() - databaseconnect(DatabaseUser) - result.log.value = listpubblocklogentries(clientuserid, starttime, endtime, clientip) or {} - databasedisconnect() - end) + local success = validateparameters(result) + if success then + local res, err = pcall(function() + databaseconnect(DatabaseUser) + result.log.value = listpubblocklogentries(clientuserid, starttime, endtime, clientip) or {} + databasedisconnect() + end) + else + err = "Invalid search parameters" + end return cfe({ type="group", value=result, errtxt=err, label="Weblog Block Log" }) end @@ -1048,9 +1128,8 @@ function getconfig() return cfe({ type="group", value=result, label="Weblog Config" }) end -function updateconfig(newconfig) +local function validateconfig(newconfig) local success = modelfunctions.validateselect(newconfig.value.groupby) - -- Validating a timestamp is going to be tricky, how about using postgres? if newconfig.value.window.value == "" then newconfig.value.window.errtxt = "Cannot be blank" success = false @@ -1070,6 +1149,29 @@ function updateconfig(newconfig) newconfig.value.historydays.errtxt = "Must be a number" success = false end + local res, err = pcall(function() + databaseconnect(DatabaseUser) + local s + if newconfig.value.auditstart.value ~= "" then + s,newconfig.value.auditstart.errtxt = testdatabaseentry("TIMESTAMP", newconfig.value.auditstart.value) + success = success and s + end + if newconfig.value.auditend.value ~= "" then + s,newconfig.value.auditend.errtxt = testdatabaseentry("TIMESTAMP", newconfig.value.auditend.value) + success = success and s + end + databasedisconnect() + end) + if not res and err then + newconfig.value.auditstart.errtxt = err + newconfig.value.auditend.errtxt = err + success = false + end + return newconfig +end + +function updateconfig(newconfig) + local success = validateconfig(newconfig) if success then configcontent = format.update_ini_file(configcontent, "", "auditstart", newconfig.value.auditstart.value) configcontent = format.update_ini_file(configcontent, "", "auditend", newconfig.value.auditend.value) diff --git a/weblog-viewblocklog-html.lsp b/weblog-viewblocklog-html.lsp index 0c10e0a..29197f4 100644 --- a/weblog-viewblocklog-html.lsp +++ b/weblog-viewblocklog-html.lsp @@ -13,23 +13,29 @@ <% end %> <H1>Search Parameters</H1> +<% if data.errtxt then %><p class="error"><%= html.html_escape(data.errtxt) %></p><% end %> <form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>" method="POST"> <DL> <DT>Start Time</DT> <DD><%= html.html_escape(data.value.starttime.value) %> <input class="text" type="text" name="starttime" value="<%= html.html_escape(data.value.starttime.value) %>" > +<% if data.value.starttime.errtxt then %><p class="error"><%= html.html_escape(data.value.starttime.errtxt) %></p><% end %> </DD> <DT>User ID</DT> <DD><%= html.html_escape(data.value.clientuserid.value) %> <input class="text" type="text" name="clientuserid" value="<%= html.html_escape(data.value.clientuserid.value) %>" > +<% if data.value.clientuserid.errtxt then %><p class="error"><%= html.html_escape(data.value.clientuserid.errtxt) %></p><% end %> </DD> <DT>Client IP</DT> <DD><%= html.html_escape(data.value.clientip.value) %> <input class="text" type="text" name="clientip" value="<%= html.html_escape(data.value.clientip.value) %>" > +<% if data.value.clientip.errtxt then %><p class="error"><%= html.html_escape(data.value.clientip.errtxt) %></p><% end %> </DD> <DT>End Time</DT> -<DD><%= html.html_escape(data.value.endtime.value) %> +<DD><%= html.html_escape(data.value.endtime +.value) %> <input class="text" type="text" name="endtime" value="<%= html.html_escape(data.value.endtime.value) %>" > +<% if data.value.endtime.errtxt then %><p class="error"><%= html.html_escape(data.value.endtime.errtxt) %></p><% end %> </DD> <DT></DT><DD><input class="submit" type="submit" name="Update" value="Update"></DD> </DL> diff --git a/weblog.menu b/weblog.menu index cb19ac1..9090b81 100644 --- a/weblog.menu +++ b/weblog.menu @@ -1,4 +1,5 @@ #CAT GROUP/DESC TAB ACTION +Applications 41Weblog Status status Applications 41Weblog Audit viewauditstats Applications 41Weblog Config config Applications 41Weblog Watch_List viewwatchlist @@ -6,4 +7,3 @@ Applications 41Weblog Sources listsources Applications 41Weblog Usage viewusagestats Applications 41Weblog History viewactivitylog Applications 41Weblog Ad-Hoc_Query adhocquery -Applications 41Weblog Status status |