mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

UI and security improvements

Browse source
This commit is contained in:
Matthew Grotke 2026-05-18 20:02:22 -04:00
parent 9a272ee959
commit b8c4914a52
13 changed files with 136 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

19
docker/router-dash/app/action_apply_ddns_providers.py
View file

@ -1,6 +1,8 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
import json
import sanitize
import validate
bp = Blueprint('action_apply_ddns_providers', __name__)
@ -10,10 +12,9 @@ DDNS_FILE = '/configs/ddns.json'
@bp.route('/action/add_ddns_provider', methods=['POST'])
@require_level('administrator')
def add_ddns_provider():
provider_type = request.form.get('provider', '').strip().lower()
description = request.form.get('description', '').strip()
hostnames_raw = request.form.get('hostnames', '')
hostnames = [h.strip() for h in hostnames_raw.splitlines() if h.strip()]
provider_type = sanitize.filtervalue(request.form.get('provider', ''), validate.VALID_DDNS_PROVIDERS)
description = sanitize.description(request.form.get('description', ''))
hostnames = sanitize.domainlist(request.form.get('hostnames', '').splitlines())
if not description:
flash('Description is required.', 'error')
@ -21,7 +22,7 @@ def add_ddns_provider():
if not hostnames:
flash('At least one hostname is required.', 'error')
return redirect('/view/view_ddns')
if provider_type not in ('noip', 'cloudflare', 'duckdns'):
if not provider_type:
flash('Unknown provider type.', 'error')
return redirect('/view/view_ddns')
@ -64,12 +65,16 @@ def edit_ddns_provider():
flash('Invalid row index.', 'error')
return redirect('/view/view_ddns')
provider_type = request.form.get('provider', '').strip().lower()
description = request.form.get('description', '').strip()
provider_type = sanitize.filtervalue(request.form.get('provider', ''), validate.VALID_DDNS_PROVIDERS)
description = sanitize.description(request.form.get('description', ''))
hostnames_raw = request.form.get('hostnames', '')
enabled = request.form.get('enabled') == 'on'
hostnames = [h.strip() for h in hostnames_raw.splitlines() if h.strip()]
if not provider_type:
flash('Unknown provider type.', 'error')
return redirect('/view/view_ddns')
try:
with open(DDNS_FILE) as f:
data = json.load(f)