ISPConfig3 devel
parent: 27f80994 | patch | commit | ignore whitespace
tbrehm
2012-10-25 3d8d1f097260e3ee54f0913de4e8ddd550223ad4 
Fixed: FS#2395 - mail_user_add doesn't check if the domain exists
3 files modified
32 ■■■■ changed files
interface/lib/classes/remoting.inc.php 28 ●●●● patch | view | raw | blame | history
interface/lib/classes/remoting_lib.inc.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/mail_user_add.php 2 ●●● patch | view | raw | blame | history 
 interface/lib/classes/remoting.inc.php


@@ -306,30 +306,52 @@


    }


    


    


    //* dodanie uzytkownika email


    //* Add mail domain


    public function mail_user_add($session_id, $client_id, $params){


        global $app;


		


        if (!$this->checkPerm($session_id, 'mail_user_add')){


            $this->server->fault('permission_denied','You do not have the permissions to access this function.');


            return false;


        }


		


        //* Check if mail domain exists


        $email_parts = explode('@',$params['email']);


        $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");


        if($tmp['domain'] != $email_parts[1]) {


            $this->server->fault('mail_domain_does_not_exist','Mail domain - '.$email_parts[1].' - does not exist.');


            return false;


        }


		


        $affected_rows = $this->insertQuery('../mail/form/mail_user.tform.php', $client_id, $params);


        return $affected_rows;


    }




    //* edycja uzytkownika email	


    //* Update mail user	


    public function mail_user_update($session_id, $client_id, $primary_id, $params)


    {


        global $app;


		


        if (!$this->checkPerm($session_id, 'mail_user_update'))


        {


            $this->server->fault('permission_denied','You do not have the permissions to access this function.');


            return false;


        }


		


        //* Check if mail domain exists


        $email_parts = explode('@',$params['email']);


        $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");


        if($tmp['domain'] != $email_parts[1]) {


            $this->server->fault('mail_domain_does_not_exist','Mail domain - '.$email_parts[1].' - does not exist.');


            return false;


        }


		


        $affected_rows = $this->updateQuery('../mail/form/mail_user.tform.php', $client_id, $primary_id, $params);


        return $affected_rows;


    }




    


    //*usuniecie uzytkownika emial


    //* Delete mail user


    public function mail_user_delete($session_id, $primary_id)


    {


        if (!$this->checkPerm($session_id, 'mail_user_delete'))




 interface/lib/classes/remoting_lib.inc.php


@@ -160,7 +160,7 @@


                        }


                }*/


                


                $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");


                $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");


                $this->sys_username         = $user['username'];


                $this->sys_userid            = $user['userid'];


                $this->sys_default_group     = $user['default_group'];




 remoting_client/examples/mail_user_add.php


@@ -25,7 +25,7 @@


            'uid' => 5000,


            'gid' => 5000,


            'maildir' => '/var/vmail/test.int/joe',


            'quota' => 10000000000,


            'quota' => 1000,


            'cc' => '',


            'homedir' => '/var/vmail',


            'autoresponder' => 'n',