mirror of
https://github.com/Mailu/Mailu.git
synced 2024-12-04 10:24:41 +02:00
Add extra server-side validation of setup form values
Remove deprecated database_flavor JavaScript functionality Remove statistics question which has never been implemented
This commit is contained in:
Dimitri Huisman
parent
02d5202c68
commit
eb65e5eea0
@ -39,9 +39,6 @@ AUTH_RATELIMIT_IP={{ auth_ratelimit_ip }}/hour
|
||||
AUTH_RATELIMIT_USER={{ auth_ratelimit_user }}/day
|
||||
{% endif %}
|
||||
|
||||
# Opt-out of statistics, replace with "True" to opt out
|
||||
DISABLE_STATISTICS={{ disable_statistics or 'False' }}
|
||||
|
||||
###################################
|
||||
# Optional features
|
||||
###################################
|
||||
|
||||
@ -108,18 +108,41 @@ def build_app(path):
|
||||
try:
|
||||
ipaddress.ip_network(data['subnet'])
|
||||
except:
|
||||
flask.flash('Configured subnet(IPv4) is invalid.', 'error')
|
||||
flask.flash('Configured subnet(IPv4) is invalid', 'error')
|
||||
valid = False
|
||||
try:
|
||||
ipaddress.ip_network(data['subnet6'])
|
||||
except:
|
||||
flask.flash('Configured subnet(IPv6) is invalid.', 'error')
|
||||
flask.flash('Configured subnet(IPv6) is invalid', 'error')
|
||||
valid = False
|
||||
try:
|
||||
data['dns'] = str(ipaddress.IPv4Network(data['subnet'], strict=False)[-2])
|
||||
except ValueError as err:
|
||||
flask.flash('Invalid configuration: ' + str(err))
|
||||
valid = False
|
||||
if data['webmail_type'] != 'none':
|
||||
if data['webmail_path'] == '':
|
||||
flask.flash('Webmail path cannot be empty when webmail is enabled', 'error')
|
||||
valid = False
|
||||
if data['webmail_path'][0] != '/':
|
||||
flask.flash('Webmail path must start with a leading slash "/"', 'error')
|
||||
valid = False
|
||||
if 'admin_enabled' in data:
|
||||
if data['admin_enabled'] == 'true':
|
||||
if data['admin_path'] == '':
|
||||
flask.flash('Admin path cannot be empty when admin is enabled', 'error')
|
||||
valid = False
|
||||
if data['admin_path'][0] != '/':
|
||||
flask.flash('Admin path must start with a leading slash "/"', 'error')
|
||||
valid = False
|
||||
if 'api_enabled' in data:
|
||||
if (data['api_enabled'] == 'true'):
|
||||
if data['api_path'] == '' or data['api_token'] == '':
|
||||
flask.flash('API path and API token cannot be empty when API is enabled', 'error')
|
||||
valid = False
|
||||
if data['api_path'][0] != '/':
|
||||
flask.flash('API path must start with a leading slash "/"', 'error')
|
||||
valid = False
|
||||
if valid:
|
||||
db.set(data['uid'], json.dumps(data))
|
||||
return flask.redirect(flask.url_for('.setup', uid=data['uid']))
|
||||
@ -131,7 +154,6 @@ def build_app(path):
|
||||
subnet6=random_ipv6_subnet()
|
||||
)
|
||||
|
||||
|
||||
@prefix_bp.route("/setup/<uid>", methods=["GET"])
|
||||
@root_bp.route("/setup/<uid>", methods=["GET"])
|
||||
def setup(uid):
|
||||
|
||||
@ -10,17 +10,21 @@ $(document).ready(function() {
|
||||
if ($("#webmail").val() == 'none') {
|
||||
$("#webmail_path").hide();
|
||||
$("#webmail_path").val("");
|
||||
$("#webmail_path").prop('required',false);
|
||||
} else {
|
||||
$("#webmail_path").show();
|
||||
$("#webmail_path").val("/webmail");
|
||||
$("#webmail_path").prop('required',true);
|
||||
}
|
||||
$("#webmail").click(function() {
|
||||
if (this.value == 'none') {
|
||||
$("#webmail_path").hide();
|
||||
$("#webmail_path").val("");
|
||||
$("#webmail_path").prop('required',false);
|
||||
} else {
|
||||
$("#webmail_path").show();
|
||||
$("#webmail_path").val("/webmail");
|
||||
$("#webmail_path").prop('required',true);
|
||||
}
|
||||
});
|
||||
});
|
||||
@ -29,14 +33,17 @@ $(document).ready(function() {
|
||||
if ($('#admin').prop('checked')) {
|
||||
$("#admin_path").show();
|
||||
$("#admin_path").val("/admin");
|
||||
$("#admin_path").prop('required',true);
|
||||
}
|
||||
$("#admin").change(function() {
|
||||
if ($(this).is(":checked")) {
|
||||
$("#admin_path").show();
|
||||
$("#admin_path").val("/admin");
|
||||
$("#admin_path").prop('required',true);
|
||||
} else {
|
||||
$("#admin_path").hide();
|
||||
$("#admin_path").val("");
|
||||
$("#admin_path").prop('required',false);
|
||||
}
|
||||
});
|
||||
});
|
||||
@ -44,6 +51,7 @@ $(document).ready(function() {
|
||||
$(document).ready(function() {
|
||||
if ($('#api_enabled').prop('checked')) {
|
||||
$("#api_path").show();
|
||||
$("#api_path").prop('required',true);
|
||||
$("#api_path").val("/api")
|
||||
$("#api_token").show();
|
||||
$("#api_token").prop('required',true);
|
||||
@ -51,6 +59,7 @@ $(document).ready(function() {
|
||||
$("#api_token_label").show();
|
||||
} else {
|
||||
$("#api_path").hide();
|
||||
$("#api_path").prop('required',false);
|
||||
$("#api_path").val("")
|
||||
$("#api_token").hide();
|
||||
$("#api_token").prop('required',false);
|
||||
@ -60,6 +69,7 @@ $(document).ready(function() {
|
||||
$("#api_enabled").change(function() {
|
||||
if ($(this).is(":checked")) {
|
||||
$("#api_path").show();
|
||||
$("#api_path").prop('required',true);
|
||||
$("#api_path").val("/api");
|
||||
$("#api_token").show();
|
||||
$("#api_token").prop('required',true);
|
||||
@ -67,6 +77,7 @@ $(document).ready(function() {
|
||||
$("#api_token_label").show();
|
||||
} else {
|
||||
$("#api_path").hide();
|
||||
$("#api_path").prop('required',false);
|
||||
$("#api_path").val("")
|
||||
$("#api_token").hide();
|
||||
$("#api_token").prop('required',false);
|
||||
@ -76,45 +87,6 @@ $(document).ready(function() {
|
||||
});
|
||||
});
|
||||
|
||||
$(document).ready(function() {
|
||||
if ($("#database").val() == 'sqlite') {
|
||||
$("#external_db").hide();
|
||||
} else {
|
||||
$("#external_db").show();
|
||||
}
|
||||
|
||||
$("#webmail").click(function() {
|
||||
if (this.value == 'roundcube') {
|
||||
$("#db_flavor_rc_sel").show();
|
||||
} else {
|
||||
$("#db_flavor_rc_sel").hide();
|
||||
$("#roundcube_db_user,#roundcube_db_pw,#roundcube_db_url,#roundcube_db_name").prop('required',false);
|
||||
}
|
||||
});
|
||||
|
||||
$("#database").click(function() {
|
||||
if (this.value == 'sqlite') {
|
||||
$("#external_db").hide();
|
||||
$("#db_user,#db_pw,#db_url,#db_name").prop('required',false);
|
||||
$("#roundcube_db_user,#roundcube_db_pw,#roundcube_db_url,#roundcube_db_name").prop('required',false);
|
||||
} else {
|
||||
$("#external_db").show();
|
||||
$("#db_user,#db_pw,#db_url,#db_name").prop('required',true);
|
||||
}
|
||||
});
|
||||
|
||||
$("#database_rc").click(function() {
|
||||
if (this.value == 'sqlite'){
|
||||
$("#roundcube_external_db").hide();
|
||||
$("#roundcube_db_user,#roundcube_db_pw,#roundcube_db_url,#roundcube_db_name").prop('required',false);
|
||||
}
|
||||
else if ($("#webmail").val() == 'roundcube') {
|
||||
$("#roundcube_external_db").show();
|
||||
$("#roundcube_db_user,#roundcube_db_pw,#roundcube_db_url,#roundcube_db_name").prop('required',true);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
$(document).ready(function() {
|
||||
if ($('#enable_ipv6').prop('checked')) {
|
||||
$("#ipv6").show();
|
||||
|
||||
@ -58,13 +58,6 @@ Or in plain English: if receivers start to classify your mail as spam, this post
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="form-check form-check-inline">
|
||||
<label class="form-check-label">
|
||||
<input class="form-check-input" type="checkbox" name="disable_statistics" value="True">
|
||||
Opt-out of statistics
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>Website name</label>
|
||||
<input class="form-control" type="text" name="site_name" value="Mailu" required>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user