Module: check_mk
Branch: master
Commit: 042edf72b897367a4f20f6556d97272f4996aa1d
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=042edf72b89736…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Oct 1 19:40:56 2018 +0200
Improved start_url input validation
Change-Id: I5a595ba5efd9cf4bbef19cf35ef9158a140323c4
---
cmk/gui/plugins/userdb/user_attributes.py | 9 +++++++--
cmk/gui/plugins/wato/check_mk_configuration.py | 15 +++++++++------
cmk/gui/utils.py | 7 +++++++
cmk/gui/watolib.py | 1 -
4 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/cmk/gui/plugins/userdb/user_attributes.py
b/cmk/gui/plugins/userdb/user_attributes.py
index 426ba21..35d457b 100644
--- a/cmk/gui/plugins/userdb/user_attributes.py
+++ b/cmk/gui/plugins/userdb/user_attributes.py
@@ -28,7 +28,10 @@ from cmk.gui.config import theme_choices
from cmk.gui.valuespec import *
from cmk.gui.i18n import _
from cmk.gui.globals import html
-from . import UserAttribute, user_attribute_registry
+from cmk.gui.plugins.userdb import (
+ UserAttribute,
+ user_attribute_registry,
+)
@user_attribute_registry.register
class ForceAuthUserUserAttribute(UserAttribute):
@@ -160,7 +163,9 @@ class StartURLUserAttribute(UserAttribute):
"URL you like here."),
size = 80,
default_value = "dashboard.py",
- attrencode = True
+ attrencode = True,
+ allow_empty = False,
+ validate = utils.validate_start_url,
),
],
),
diff --git a/cmk/gui/plugins/wato/check_mk_configuration.py
b/cmk/gui/plugins/wato/check_mk_configuration.py
index 3bb1c1d..2ada3c8 100644
--- a/cmk/gui/plugins/wato/check_mk_configuration.py
+++ b/cmk/gui/plugins/wato/check_mk_configuration.py
@@ -304,12 +304,15 @@ register_configvar(group,
register_configvar(group,
"start_url",
- TextAscii(title = _("Start URL to display in main frame"),
- help = _("When you point your browser to the Check_MK GUI, usually the
dashboard "
- "is shown in the main (right) frame. You can replace this
with any other "
- "URL you like here."),
- size = 80,
- attrencode = True),
+ TextAscii(
+ title = _("Start URL to display in main frame"),
+ help = _("When you point your browser to the Check_MK GUI, usually the
dashboard "
+ "is shown in the main (right) frame. You can replace this with any
other "
+ "URL you like here."),
+ size = 80,
+ allow_empty = False,
+ validate = utils.validate_start_url,
+ ),
domain = "multisite")
register_configvar(group,
diff --git a/cmk/gui/utils.py b/cmk/gui/utils.py
index 23f625f..80fae55 100644
--- a/cmk/gui/utils.py
+++ b/cmk/gui/utils.py
@@ -39,6 +39,7 @@ import cmk.paths
from cmk.gui.i18n import _
from cmk.gui.globals import html
+from cmk.gui.exceptions import MKUserError
def drop_dotzero(v, digits=2):
@@ -95,6 +96,12 @@ def is_allowed_url(url):
return True
+def validate_start_url(value, varprefix):
+ if not is_allowed_url(value):
+ raise MKUserError(varprefix, _("The given value is not allowed. You may only
configure "
+ "relative URLs like
<tt>dashboard.py?name=my_dashboard</tt>."))
+
+
def cmp_version(a, b):
"""Compare two version numbers with each other
Allow numeric version numbers, but also characters.
diff --git a/cmk/gui/watolib.py b/cmk/gui/watolib.py
index e1b531a..83a177b 100644
--- a/cmk/gui/watolib.py
+++ b/cmk/gui/watolib.py
@@ -10536,7 +10536,6 @@ class LivestatusViaTCP(Dictionary):
kwargs["optional_keys"] = [ "only_from" ]
super(LivestatusViaTCP, self).__init__(**kwargs)
-
#.
# .--CME-----------------------------------------------------------------.
# | ____ __ __ _____ |