gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -74,8 +74,8 @@

			$zone = $app->functions->intval($_GET['zone']);
			// get domain-name
			$sql = "SELECT * FROM dns_soa WHERE id = ? AND ?";
			$rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
			$sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
			$rec = $app->db->queryOneRecord($sql, $zone);
			$domain_name = rtrim($rec['origin'], '.');

			// set defaults
			@@ -88,8 +88,8 @@
			$dmarc_sp = 'same';

			//* check for an existing dmarc-record
			$sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND ?";
			$rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.', $app->tform->getAuthSQL('r'));
			$sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND " . $app->tform->getAuthSQL('r');
			$rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.');
			if ( isset($rec) && !empty($rec) ) {
			$this->id = 1;
			$old_data = strtolower($rec['data']);
			@@ -204,7 +204,7 @@
			global $app, $conf;

			// Get the parent soa record of the domain
			$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST['zone'], $app->tform->getAuthSQL('r'));
			$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);

			// Check if Domain belongs to user
			if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
			@@ -225,56 +225,28 @@
			} // end if user is not admin

			$domain_name = rtrim($soa['origin'], '.');
			// DMARC requieres at lest a spf OR dkim-record
			// abort if more than 1 active spf-records (backward-compatibility)
			$sql = "SELECT * FROM dns_rr WHERE name = ? AND type='TXT' AND data like 'v=spf1%' AND active='Y'";
			$temp = $app->db->queryAllRecords($sql, $domain_name.'.');
			if (is_array($temp[1])) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'].$email;
			}

			$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND active = 'Y' AND (data LIKE 'v=DKIM1;%' OR data LIKE 'v=spf1%')";
			// DMARC requieres at least one active dkim-record...
			$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND active='Y'";
			$temp = $app->db->queryAllRecords($sql, '%._domainkey.'.$domain_name.'.');
			if (empty($temp)) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_spf_txt'].$email;
			}
			unset($temp);
			//TODO: should DMARC requiere DKIM and SPF to be valid? This breaks draft-kucherawy-dmarc-base-07 but makes much more sense
			/*
			// DMARC requieres at least one active dkim-record...
			$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND active='Y'";
			$temp = $app->db->queryOneRecord($sql, '%._domainkey.'.$domain_name.'.');
			if (!is_array($temp)) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_txt'].$email;
			}
			unset($temp);

			// ... and dkim-signed mails to allow "policy != none"
			$sql = "SELECT * FROM mail_domain WHERE domain = '".$app->db->quote($domain_name)."'";
			$temp = $app->db->queryOneRecord($sql);
			if ($temp['dkim'] != 'y' && $this->dataRecord['dmarc_policy'] != 'none') {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_policy_error_txt'].$email;
			}
			unset($temp);

			// DMARC requieres an active spf-record
			$sql = "SELECT * FROM dns_rr WHERE name = ? AND type='TXT' AND data like 'v=spf1%' AND active='Y'";
			// ... and an active spf-record (this breaks the current draft but DMARC is useless if you use DKIM or SPF
			$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND (data LIKE 'v=spf1%' AND active = 'y')";
			$temp = $app->db->queryAllRecords($sql, $domain_name.'.');
			// abort if more than 1 active spf-records (backward-compatibility)
			if (is_array($temp[1])) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'].$email;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'];
			}
			if (empty($temp)) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_spf_txt'].$email;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_spf_txt'];
			}
			unset($temp);
			*/

			//validate dmarc_pct
			$this->dataRecord['dmarc_pct'] = $app->functions->intval($this->dataRecord['dmarc_pct']);
			if ($this->dataRecord['dmarc_pct'] < 0) $this->dataRecord['dmarc_pct'] = 0;
			@@ -289,7 +261,7 @@
			foreach ($dmarc_rua as $rec) {
			if (!filter_var($rec, FILTER_VALIDATE_EMAIL)) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].$dmarc_rua;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].': '.$dmarc_rua;
			} else {
			$temp .= 'mailto:'.$rec.',';
			}
			@@ -305,7 +277,7 @@
			foreach ($dmarc_ruf as $rec) {
			if (!filter_var($rec, FILTER_VALIDATE_EMAIL)) {
			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].$dmarc_rua;
			$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].': '.$dmarc_rua;
			} else {
			$temp .= 'mailto:'.$rec.',';
			}
			@@ -377,13 +349,13 @@
			global $app, $conf;

			//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
			$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
			$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
			$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
			$app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);

			//* Update the serial number of the SOA record
			$soa_id = $app->functions->intval($_POST["zone"]);
			$serial = $app->validate_dns->increase_serial($soa["serial"]);
			$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
			$app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);

			}

			@@ -391,10 +363,10 @@
			global $app, $conf;

			//* Update the serial number of the SOA record
			$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
			$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
			$soa_id = $app->functions->intval($_POST["zone"]);
			$serial = $app->validate_dns->increase_serial($soa["serial"]);
			$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
			$app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
			}

			}