mirror of
https://github.com/webmin/webmin.git
synced 2026-02-09 00:39:57 +00:00
b593501cff
All $err type error messages in HTML are safely escaped now.
URL-encoding in links:
I have implemented urlize() in all places where user input ($in{'device'}, $in{'slice'}, $in{'part'}) was included in the URL (footer/redirect/other link), e.g. edit_slice.cgi?device=...&slice=....
Affected files include: create_part.cgi, create_slice.cgi, delete_part.cgi, delete_slice.cgi, change_slice_label.cgi, part_form.cgi, slice_form.cgi, edit_slice.cgi, edit_part.cgi, fsck.cgi, newfs.cgi, newfs_form.cgi, save_part.cgi, save_slice.cgi, save_slice_label.cgi, zfs_create.cgi, zvol_create.cgi.
69 lines
2.3 KiB
Perl
Executable File
69 lines
2.3 KiB
Perl
Executable File
#!/usr/local/bin/perl
|
|
# Actually create a new partition
|
|
|
|
use strict;
|
|
use warnings;
|
|
no warnings 'redefine';
|
|
no warnings 'uninitialized';
|
|
require './bsdfdisk-lib.pl';
|
|
our ( %in, %text, $module_name );
|
|
&ReadParse();
|
|
&error_setup( $text{'npart_err'} );
|
|
|
|
# Get the disk
|
|
my @disks = &list_disks_partitions();
|
|
|
|
# Validate input parameters
|
|
$in{'device'} =~ /^[a-zA-Z0-9_\/.-]+$/
|
|
or &error( $text{'disk_edevice'} || 'Invalid device' );
|
|
$in{'device'} !~ /\.\./ or &error( $text{'disk_edevice'} || 'Invalid device' );
|
|
$in{'slice'} =~ /^\d+$/ or &error( $text{'slice_egone'} );
|
|
my ($disk) = grep { $_->{'device'} eq $in{'device'} } @disks;
|
|
$disk || &error( $text{'disk_egone'} );
|
|
my ($slice) = grep { $_->{'number'} eq $in{'slice'} } @{ $disk->{'slices'} };
|
|
$slice || &error( $text{'slice_egone'} );
|
|
|
|
# Validate inputs, starting with slice number
|
|
my $part = {};
|
|
$in{'letter'} =~ /^[a-h]$/i || &error( $text{'npart_eletter'} );
|
|
$in{'letter'} = lc( $in{'letter'} );
|
|
|
|
# Partition 'c' is reserved in BSD disklabels (represents the whole slice)
|
|
$in{'letter'} ne 'c' || &error( $text{'npart_ereserved'} );
|
|
my ($clash) = grep { $_->{'letter'} eq $in{'letter'} } @{ $slice->{'parts'} };
|
|
$clash && &error( &text( 'npart_eclash', $in{'letter'} ) );
|
|
$part->{'letter'} = $in{'letter'};
|
|
|
|
# Start and end blocks
|
|
$in{'start'} =~ /^\d+$/ || &error( $text{'nslice_estart'} );
|
|
$in{'end'} =~ /^\d+$/ || &error( $text{'nslice_eend'} );
|
|
$in{'start'} < $in{'end'} || &error( $text{'npart_erange'} );
|
|
$part->{'startblock'} = $in{'start'};
|
|
$part->{'blocks'} = $in{'end'} - $in{'start'} + 1;
|
|
|
|
# Slice type
|
|
$in{'type'} =~ /^[a-zA-Z0-9._-]+$/
|
|
or &error( $text{'npart_etype'} || 'Invalid partition type' );
|
|
$part->{'type'} = $in{'type'};
|
|
|
|
# Do the creation
|
|
&ui_print_header( $slice->{'desc'}, $text{'npart_title'}, "" );
|
|
|
|
print &text( 'npart_creating', $in{'letter'},
|
|
&html_escape( $slice->{'desc'} ) ), "<p>\n";
|
|
|
|
# Actually create the partition inside the slice (initialize BSD label if needed)
|
|
my $err = &create_partition( $disk, $slice, $part );
|
|
if ($err) {
|
|
print &text( 'npart_failed', &html_escape($err) ), "<p>\n";
|
|
}
|
|
else {
|
|
print &text('npart_done'), "<p>\n";
|
|
&webmin_log( "create", "part", $part->{'device'}, $part );
|
|
}
|
|
|
|
my $url_device = &urlize( $in{'device'} );
|
|
my $url_slice = &urlize( $in{'slice'} );
|
|
&ui_print_footer( "edit_slice.cgi?device=$url_device&slice=$url_slice",
|
|
$text{'slice_return'} );
|