v4.0.0.0

Changelog: https://haproxy-wi.org/changelog.py#4

app/funct.py

@@ -924,4 +924,17 @@ def get_users_params(**kwargs):
 	else:
 		servers = sql.get_dick_permit()
 	
-	return user, user_id, role, token, servers
+	return user, user_id, role, token, servers
+	
+
+def check_group(group, role_id):
+	import http.cookies
+	import sql
+	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
+	user_id = cookie.get('uuid')
+	user_group = sql.get_user_group_by_uuid(user_id.value)
+	if user_group == group or user_group == '1' or role_id == 1:
+		return True
+	else:
+		logging('localhost', ' has tried to actions in not own group ', haproxywi=1, login=1)
+		return False

app/options.py

@@ -378,7 +378,7 @@ if serv is not None and act == "stats":
 	data = response.content
 	if form.getvalue('service') == 'nginx':
 		from jinja2 import Environment, FileSystemLoader
-		env = Environment(loader=FileSystemLoader('templates/'))
+		env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 		template = env.get_template('ajax/nginx_stats.html')
 		
 		servers_with_status = list()
@@ -1112,11 +1112,11 @@ if form.getvalue('newuser') is not None:
 	activeuser = form.getvalue('activeuser')	
 	role_id = sql.get_role_id_by_name(role)
 	
-	if sql.check_group(group, role_id):
+	if funct.check_group(group, role_id):
 		if funct.is_admin(level=role_id):
 			if sql.add_user(new_user, email, password, role, group, activeuser):
 				from jinja2 import Environment, FileSystemLoader
-				env = Environment(loader=FileSystemLoader('templates/'))
+				env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 				template = env.get_template('ajax/new_user.html')
 
 				template = template.render(users=sql.select_users(user=new_user),
@@ -1148,7 +1148,7 @@ if form.getvalue('updateuser') is not None:
 	activeuser = form.getvalue('activeuser')	
 	role_id = sql.get_role_id_by_name(role)
 	
-	if sql.check_group(group, role_id):			
+	if funct.check_group(group, role_id):			
 		if funct.is_admin(level=role_id):
 			sql.update_user(new_user, email, role, group, id, activeuser)
 			funct.logging(new_user, ' has updated user ', haproxywi=1, login=1)
@@ -1184,7 +1184,7 @@ if form.getvalue('newserver') is not None:
 
 	if sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx):
 		from jinja2 import Environment, FileSystemLoader
-		env = Environment(loader=FileSystemLoader('templates/'))
+		env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 		template = env.get_template('ajax/new_server.html')
 
 		template = template.render(groups = sql.select_groups(),

app/sql.py

@@ -1601,22 +1601,9 @@ def check_token():
 		sys.exit()
 		
 		
-def check_group(group, role_id):
-	import http.cookies
-	import os
-	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
-	user_id = cookie.get('uuid')
-	user_group = get_user_group_by_uuid(user_id.value)
-	if user_group == group or user_group == '1' or role_id == 1:
-		return True
-	else:
-		funct.logging('localhost', ' has tried to actions in not own group ', haproxywi=1, login=1)
-		return False
-		
-		
 def show_update_option(option):
 	from jinja2 import Environment, FileSystemLoader
-	env = Environment(loader=FileSystemLoader('templates/ajax'))
+	env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
 	template = env.get_template('/new_option.html')
 
 	print('Content-type: text/html\n')
@@ -1626,7 +1613,7 @@ def show_update_option(option):
 	
 def show_update_savedserver(server):
 	from jinja2 import Environment, FileSystemLoader
-	env = Environment(loader=FileSystemLoader('templates/ajax'))
+	env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
 	template = env.get_template('/new_saved_servers.html')
 
 	print('Content-type: text/html\n')