INSTALL_DEBIAN.txt
@@ -5,7 +5,7 @@ 1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin with the following command line (on one line!): apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 Answer the questions from the package manager as follows. install/lib/installer_base.lib.php
@@ -177,7 +177,7 @@ $this->db->dbName = $cf['database']; $server_ini_content = rf("tpl/server.ini.master"); $server_ini_content = addslashes($server_ini_content); $server_ini_content = mysql_real_escape_string($server_ini_content); $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', 1, 1, 1, 1, 1, 1, '$server_ini_content', 0, 1);"; $this->db->query($sql); install/lib/mysql.lib.php
@@ -171,7 +171,7 @@ // Check der variablen function quote($formfield) { return addslashes($formfield); return mysql_real_escape_string($formfield); } // Check der variablen install/sql/ispconfig3.sql
@@ -609,6 +609,50 @@ -- -------------------------------------------------------- -- -- Tabellenstruktur für Tabelle `software_repo` -- CREATE TABLE `software_repo` ( `software_repo_id` bigint(20) NOT NULL auto_increment, `sys_userid` int(11) NOT NULL default '0', `sys_groupid` int(11) NOT NULL default '0', `sys_perm_user` varchar(5) default NULL, `sys_perm_group` varchar(5) default NULL, `sys_perm_other` varchar(5) default NULL, `repo_name` varchar(40) default NULL, `repo_url` varchar(40) default NULL, `repo_username` varchar(30) default NULL, `repo_password` varchar(30) default NULL, `active` varchar(255) NOT NULL default 'y', PRIMARY KEY (`software_repo_id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; -- -------------------------------------------------------- -- -- Tabellenstruktur für Tabelle `software_update` -- CREATE TABLE `software_update` ( `software_update_id` int(11) NOT NULL auto_increment, `software_repo_id` int(11) NOT NULL, `update_url` varchar(255) NOT NULL, `update_md5` varchar(255) NOT NULL, `install` char(1) NOT NULL, `depenencies` varchar(255) NOT NULL, `update_title` varchar(255) NOT NULL, PRIMARY KEY (`software_update_id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; -- -- Daten für Tabelle `software_update` -- -- -------------------------------------------------------- -- -- Tabellenstruktur für Tabelle `spamfilter_policy` -- install/update.php
@@ -157,7 +157,7 @@ } $new_ini = array_to_ini($tpl_ini_array); $inst->db->query("UPDATE server SET config = '".addslashes($new_ini)."' WHERE server_id = ".$conf['server_id']); $inst->db->query("UPDATE server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']); unset($old_ini_array); unset($tpl_ini_array); unset($new_ini); interface/lib/classes/db_mysql.inc.php
@@ -160,10 +160,14 @@ return $this->quote($formfield); } /** Escapes quotes in variable. addslashes() */ /** Escapes quotes in variable. mysql_real_escape_string() */ public function quote($formfield) { return addslashes($formfield); { if(!$this->connect()){ $this->updateError('WARNING: mysql_connect: Used addslashes instead of mysql_real_escape_string'); return addslashes($formfield); } return mysql_real_escape_string($formfield, $this->linkId); } /** Unquotes a variable, strip_slashes() */ interface/lib/classes/form.inc.php
@@ -293,7 +293,7 @@ switch ($this->tableDef[$key]['datatype']) { case 'VARCHAR': if(!is_array($val)) { $new_record[$key] = addslashes($val); $new_record[$key] = mysql_real_escape_string($val); } else { $new_record[$key] = implode($this->tableDef[$key]['separator'],$val); } @@ -308,7 +308,7 @@ $new_record[$key] = intval($val); break; case 'DOUBLE': $new_record[$key] = addslashes($val); $new_record[$key] = mysql_real_escape_string($val); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$val); interface/lib/classes/listform.inc.php
@@ -312,7 +312,7 @@ case 'VARCHAR': case 'TEXT': if(!is_array($record[$key])) { $record[$key] = addslashes($record[$key]); $record[$key] = mysql_real_escape_string($record[$key]); } else { $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); } @@ -330,7 +330,7 @@ break; case 'DOUBLE': $record[$key] = addslashes($record[$key]); $record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': interface/lib/classes/remoting_lib.inc.php
@@ -291,14 +291,14 @@ switch ($field['datatype']) { case 'VARCHAR': if(!@is_array($record[$key])) { $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):''; $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; } else { $new_record[$key] = implode($field['separator'],$record[$key]); } break; case 'TEXT': if(!is_array($record[$key])) { $new_record[$key] = addslashes($record[$key]); $new_record[$key] = mysql_real_escape_string($record[$key]); } else { $new_record[$key] = implode($field['separator'],$record[$key]); } @@ -317,7 +317,7 @@ //if($key == 'refresh') die($record[$key]); break; case 'DOUBLE': $new_record[$key] = addslashes($record[$key]); $new_record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$record[$key]); interface/lib/classes/searchform.inc.php
@@ -1,351 +1,351 @@ <?php /* Copyright (c) 2005, Till Brehm, projektfarm Gmbh All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of ISPConfig nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * Listenbehandlung * * @package searchform * @author Till Brehm * @version 1.1 */ class searchform { public $debug = 0; public $errorMessage; public $listDef; public $searchValues; public $pagingHTML; public $pagingValues; public $searchChanged = 0; public $module; public function loadListDef($file, $module = '') { global $app, $conf; if(!is_file($file)){ die("List-Definition: $file not found."); } include_once($file); $this->listDef = $liste; $this->module = $module; //* Fill datasources foreach($this->listDef['item'] as $key => $field) { if(is_array($field['datasource'])) { $this->listDef['item'][$key]['value'] = $this->getDatasourceData($field); } } return true; } /** * Get the key => value array of a form filed from a datasource definitiom * * @param field = array with field definition * @param record = Dataset as array * @return key => value array for the value field of a form */ public function getDatasourceData($field) { global $app; $values = array(); if($field['datasource']['type'] == 'SQL') { //* Preparing SQL string. We will replace some common placeholders $querystring = $field['datasource']['querystring']; $querystring = str_replace('{USERID}', $_SESSION['s']['user']['userid'], $querystring); $querystring = str_replace('{GROUPID}', $_SESSION['s']['user']['default_group'], $querystring); $querystring = str_replace('{GROUPS}', $_SESSION['s']['user']['groups'], $querystring); $table_idx = $this->formDef['db_table_idx']; //$querystring = str_replace('{RECORDID}',$record[$table_idx],$querystring); $app->uses('tform'); $querystring = str_replace('{AUTHSQL}', $app->tform->getAuthSQL('r'), $querystring); //* Getting the records $tmp_records = $app->db->queryAllRecords($querystring); if($app->db->errorMessage != ''){ die($app->db->errorMessage); } if(is_array($tmp_records)) { $key_field = $field['datasource']['keyfield']; $value_field = $field['datasource']['valuefield']; foreach($tmp_records as $tmp_rec) { $values[$tmp_rec[$key_field]] = $tmp_rec[$value_field]; } } } if($field['datasource']['type'] == 'CUSTOM') { //* Calls a custom class to validate this record if($field['datasource']['class'] != '' and $field['datasource']['function'] != '') { $datasource_class = $field['datasource']['class']; $datasource_function = $field['datasource']['function']; $app->uses($datasource_class); $record = array(); $values = $app->$datasource_class->$datasource_function($field, $record); }else{ $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n"; } } return $values; } public function getSearchSQL($sql_where = '') { global $db; //* Config vars $list_name = $this->listDef['name']; $search_prefix = $this->listDef['search_prefix']; //* store retrieval query foreach($this->listDef['item'] as $i) { $field = $i['field']; //* TODO ? hat sich die suche ge�ndert - has itself search ? $ki = $search_prefix.$field; if(isset($_REQUEST) and $_REQUEST[$ki] != $_SESSION['search'][$list_name][$ki]){ $this->searchChanged = 1; } //* suchfield in session store. if(isset($_REQUEST[$ki])){ $_SESSION['search'][$list_name][$ki] = $_REQUEST[$ki]; } if($i['formtype'] == 'SELECT'){ if(is_array($i['value'])) { $out = '<option value=""></option>'; foreach($i['value'] as $k => $v) { $selected = ($k == $_SESSION['search'][$list_name][$ki] && $_SESSION['search'][$list_name][$ki] != '') ? ' SELECTED' : ''; $out .= "<option value='$k'$selected>$v</option>\r\n"; } } $this->searchValues[$ki] = $out; }else{ $this->searchValues[$ki] = $_SESSION['search'][$list_name][$ki]; } } //* store variables in object. $this->searchValues = $_SESSION["search"][$list_name]; foreach($this->listDef['item'] as $i) { $field = $i['field']; //if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and"; if($_SESSION['search'][$list_name][$ki] != ''){ $sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$ki].$i['suffix']."' and"; } } return ($sql_where != '') ? substr($sql_where, 0, -3) : '1'; } public function getPagingSQL($sql_where = '1') { global $app, $conf; $list_name = $this->listDef['name']; $search_prefix = $this->listDef['search_prefix']; $records_per_page = $this->listDef['records_per_page']; $table = $this->listDef['table']; //* set page to seror id session not set if($_SESSION['search'][$list_name]['page'] == '') $_SESSION['search'][$list_name]['page'] = 0; //* Set page size to request if set if(isset($_REQUEST['page'])) $_SESSION['search'][$list_name]['page'] = $_REQUEST['page']; //* TODO PAGE to 0 set, if look for themselves ge?ndert. = page auf 0 setzen, wenn suche sich ge�ndert hat. if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0; $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page; $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where"); $pages = intval(($record_count['anzahl'] - 1) / $records_per_page); $vars['list_file'] = $this->listDef['file']; $vars['page'] = $_SESSION['search'][$list_name]['page']; $vars['last_page'] = $_SESSION['search'][$list_name]['page'] - 1; $vars['next_page'] = $_SESSION['search'][$list_name]['page'] + 1; $vars['pages'] = $pages; $vars['max_pages'] = $pages + 1; $vars['records_gesamt'] = $record_count['anzahl']; $vars['page_params'] = $this->listDef['page_params']; if($_SESSION['search'][$list_name]['page'] > 0) $vars['show_page_back'] = 1; if($_SESSION['search'][$list_name]['page'] <= $vars['pages'] - 1) $vars['show_page_next'] = 1; $this->pagingValues = $vars; $this->pagingHTML = $this->getPagingHTML($vars); return "LIMIT $sql_von, $records_per_page"; } public function getPagingHTML($vars) { global $app; $page_params = $vars['page_params']; $list_file = $vars['list_file']; $content = '<a href="'.$list_file.'?page=0'.$page_params.'"><img src="../themes/iprg/images/btn_left.png" border="0"></a> '; if($vars['show_page_back'] == 1){ $content .= '<a href="'.$list_file.'?page='.$vars['last_page'].$page_params.'"><img src="../themes/iprg/images/btn_back.png" border="0"></a> '; } $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; if($vars['show_page_next'] == 1){ $content .= '<a href="'.$list_file.'?page='.$vars['next_page'].$page_params.'"><img src="../themes/iprg/images/btn_next.png" border="0"></a> '; } $content .= '<a href="'.$list_file.'?page='.$vars['pages'].$page_params.'"> <img src="../themes/iprg/images/btn_right.png" border="0"></a>'; return $content; } public function getPagingHTMLasTXT($vars) { global $app; $page_params = $vars['page_params']; $list_file = $vars['list_file']; $content = '[<a href="'.$list_file.'?page=0'.$page_params.'">|<< </a>]'; if($vars['show_page_back'] == 1){ $content .= '[<< <a href="'.$list_file.'?page='.$vars['last_page'].$page_params.'">'.$app->lng('Back').'</a>] '; } $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; if($vars['show_page_next'] == 1){ $content .= '[<a href="'.$vars['list_file'].'?page='.$vars['next_page'].$page_params.'">'.$app->lng('Next').' >></a>] '; } $content .= '[<a href="'.$list_file.'?page='.$vars['pages'].$page_params.'"> >>|</a>]'; return $content; } public function getSortSQL() { $sort_field = $this->listDef['sort_field']; $sort_direction = $this->listDef['sort_direction']; return ($sort_field != '' && $sort_direction != '') ? "ORDER BY $sort_field $sort_direction" : ''; } public function saveSearchSettings($searchresult_name) { global $app, $conf; $list_name = $this->listDef['name']; $settings = $_SESSION['search'][$list_name]; unset($settings['page']); $data = addslashes(serialize($settings)); $userid = $_SESSION['s']['user']['userid']; $groupid = $_SESSION['s']['user']['default_group']; $sys_perm_user = 'riud'; $sys_perm_group = 'r'; $sys_perm_other = ''; $module = $_SESSION['s']['module']['name']; $searchform = $this->listDef['name']; $title = $searchresult_name; $sql = 'INSERT INTO `searchform` ( ' .'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` ' .')VALUES (' ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')"; $app->db->query($sql); } public function decode($record) { if(is_array($record)) { foreach($this->listDef['item'] as $field) { $key = $field['field']; switch ($field['datatype']) { case 'DATE': if($val > 0) { $record[$key] = date($this->dateformat, $record[$key]); } break; case 'INTEGER': $record[$key] = intval($record[$key]); break; case 'DOUBLE': $record[$key] = $record[$key]; break; case 'CURRENCY': $record[$key] = number_format($record[$key], 2, ',', ''); break; case 'VARCHAR': case 'TEXT': default: $record[$key] = stripslashes($record[$key]); break; } } } return $record; } public function encode($record) { if(is_array($record)) { foreach($this->listDef['item'] as $field) { $key = $field['field']; switch ($field['datatype']) { case 'VARCHAR': case 'TEXT': if(!is_array($record[$key])) { $record[$key] = addslashes($record[$key]); } else { $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); } break; case 'DATE': if($record[$key] > 0) { list($tag, $monat, $jahr) = explode('.', $record[$key]); $record[$key] = mktime(0, 0, 0, $monat, $tag, $jahr); } break; case 'INTEGER': $record[$key] = intval($record[$key]); break; case 'DOUBLE': $record[$key] = addslashes($record[$key]); break; case 'CURRENCY': $record[$key] = str_replace(',', '.', $record[$key]); break; } } } return $record; } } <?php /* Copyright (c) 2005, Till Brehm, projektfarm Gmbh All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of ISPConfig nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * Listenbehandlung * * @package searchform * @author Till Brehm * @version 1.1 */ class searchform { public $debug = 0; public $errorMessage; public $listDef; public $searchValues; public $pagingHTML; public $pagingValues; public $searchChanged = 0; public $module; public function loadListDef($file, $module = '') { global $app, $conf; if(!is_file($file)){ die("List-Definition: $file not found."); } include_once($file); $this->listDef = $liste; $this->module = $module; //* Fill datasources foreach($this->listDef['item'] as $key => $field) { if(is_array($field['datasource'])) { $this->listDef['item'][$key]['value'] = $this->getDatasourceData($field); } } return true; } /** * Get the key => value array of a form filed from a datasource definitiom * * @param field = array with field definition * @param record = Dataset as array * @return key => value array for the value field of a form */ public function getDatasourceData($field) { global $app; $values = array(); if($field['datasource']['type'] == 'SQL') { //* Preparing SQL string. We will replace some common placeholders $querystring = $field['datasource']['querystring']; $querystring = str_replace('{USERID}', $_SESSION['s']['user']['userid'], $querystring); $querystring = str_replace('{GROUPID}', $_SESSION['s']['user']['default_group'], $querystring); $querystring = str_replace('{GROUPS}', $_SESSION['s']['user']['groups'], $querystring); $table_idx = $this->formDef['db_table_idx']; //$querystring = str_replace('{RECORDID}',$record[$table_idx],$querystring); $app->uses('tform'); $querystring = str_replace('{AUTHSQL}', $app->tform->getAuthSQL('r'), $querystring); //* Getting the records $tmp_records = $app->db->queryAllRecords($querystring); if($app->db->errorMessage != ''){ die($app->db->errorMessage); } if(is_array($tmp_records)) { $key_field = $field['datasource']['keyfield']; $value_field = $field['datasource']['valuefield']; foreach($tmp_records as $tmp_rec) { $values[$tmp_rec[$key_field]] = $tmp_rec[$value_field]; } } } if($field['datasource']['type'] == 'CUSTOM') { //* Calls a custom class to validate this record if($field['datasource']['class'] != '' and $field['datasource']['function'] != '') { $datasource_class = $field['datasource']['class']; $datasource_function = $field['datasource']['function']; $app->uses($datasource_class); $record = array(); $values = $app->$datasource_class->$datasource_function($field, $record); }else{ $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n"; } } return $values; } public function getSearchSQL($sql_where = '') { global $db; //* Config vars $list_name = $this->listDef['name']; $search_prefix = $this->listDef['search_prefix']; //* store retrieval query foreach($this->listDef['item'] as $i) { $field = $i['field']; //* TODO ? hat sich die suche ge�ndert - has itself search ? $ki = $search_prefix.$field; if(isset($_REQUEST) and $_REQUEST[$ki] != $_SESSION['search'][$list_name][$ki]){ $this->searchChanged = 1; } //* suchfield in session store. if(isset($_REQUEST[$ki])){ $_SESSION['search'][$list_name][$ki] = $_REQUEST[$ki]; } if($i['formtype'] == 'SELECT'){ if(is_array($i['value'])) { $out = '<option value=""></option>'; foreach($i['value'] as $k => $v) { $selected = ($k == $_SESSION['search'][$list_name][$ki] && $_SESSION['search'][$list_name][$ki] != '') ? ' SELECTED' : ''; $out .= "<option value='$k'$selected>$v</option>\r\n"; } } $this->searchValues[$ki] = $out; }else{ $this->searchValues[$ki] = $_SESSION['search'][$list_name][$ki]; } } //* store variables in object. $this->searchValues = $_SESSION["search"][$list_name]; foreach($this->listDef['item'] as $i) { $field = $i['field']; //if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and"; if($_SESSION['search'][$list_name][$ki] != ''){ $sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$ki].$i['suffix']."' and"; } } return ($sql_where != '') ? substr($sql_where, 0, -3) : '1'; } public function getPagingSQL($sql_where = '1') { global $app, $conf; $list_name = $this->listDef['name']; $search_prefix = $this->listDef['search_prefix']; $records_per_page = $this->listDef['records_per_page']; $table = $this->listDef['table']; //* set page to seror id session not set if($_SESSION['search'][$list_name]['page'] == '') $_SESSION['search'][$list_name]['page'] = 0; //* Set page size to request if set if(isset($_REQUEST['page'])) $_SESSION['search'][$list_name]['page'] = $_REQUEST['page']; //* TODO PAGE to 0 set, if look for themselves ge?ndert. = page auf 0 setzen, wenn suche sich ge�ndert hat. if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0; $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page; $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where"); $pages = intval(($record_count['anzahl'] - 1) / $records_per_page); $vars['list_file'] = $this->listDef['file']; $vars['page'] = $_SESSION['search'][$list_name]['page']; $vars['last_page'] = $_SESSION['search'][$list_name]['page'] - 1; $vars['next_page'] = $_SESSION['search'][$list_name]['page'] + 1; $vars['pages'] = $pages; $vars['max_pages'] = $pages + 1; $vars['records_gesamt'] = $record_count['anzahl']; $vars['page_params'] = $this->listDef['page_params']; if($_SESSION['search'][$list_name]['page'] > 0) $vars['show_page_back'] = 1; if($_SESSION['search'][$list_name]['page'] <= $vars['pages'] - 1) $vars['show_page_next'] = 1; $this->pagingValues = $vars; $this->pagingHTML = $this->getPagingHTML($vars); return "LIMIT $sql_von, $records_per_page"; } public function getPagingHTML($vars) { global $app; $page_params = $vars['page_params']; $list_file = $vars['list_file']; $content = '<a href="'.$list_file.'?page=0'.$page_params.'"><img src="../themes/iprg/images/btn_left.png" border="0"></a> '; if($vars['show_page_back'] == 1){ $content .= '<a href="'.$list_file.'?page='.$vars['last_page'].$page_params.'"><img src="../themes/iprg/images/btn_back.png" border="0"></a> '; } $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; if($vars['show_page_next'] == 1){ $content .= '<a href="'.$list_file.'?page='.$vars['next_page'].$page_params.'"><img src="../themes/iprg/images/btn_next.png" border="0"></a> '; } $content .= '<a href="'.$list_file.'?page='.$vars['pages'].$page_params.'"> <img src="../themes/iprg/images/btn_right.png" border="0"></a>'; return $content; } public function getPagingHTMLasTXT($vars) { global $app; $page_params = $vars['page_params']; $list_file = $vars['list_file']; $content = '[<a href="'.$list_file.'?page=0'.$page_params.'">|<< </a>]'; if($vars['show_page_back'] == 1){ $content .= '[<< <a href="'.$list_file.'?page='.$vars['last_page'].$page_params.'">'.$app->lng('Back').'</a>] '; } $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; if($vars['show_page_next'] == 1){ $content .= '[<a href="'.$vars['list_file'].'?page='.$vars['next_page'].$page_params.'">'.$app->lng('Next').' >></a>] '; } $content .= '[<a href="'.$list_file.'?page='.$vars['pages'].$page_params.'"> >>|</a>]'; return $content; } public function getSortSQL() { $sort_field = $this->listDef['sort_field']; $sort_direction = $this->listDef['sort_direction']; return ($sort_field != '' && $sort_direction != '') ? "ORDER BY $sort_field $sort_direction" : ''; } public function saveSearchSettings($searchresult_name) { global $app, $conf; $list_name = $this->listDef['name']; $settings = $_SESSION['search'][$list_name]; unset($settings['page']); $data = mysql_real_escape_string(serialize($settings)); $userid = $_SESSION['s']['user']['userid']; $groupid = $_SESSION['s']['user']['default_group']; $sys_perm_user = 'riud'; $sys_perm_group = 'r'; $sys_perm_other = ''; $module = $_SESSION['s']['module']['name']; $searchform = $this->listDef['name']; $title = $searchresult_name; $sql = 'INSERT INTO `searchform` ( ' .'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` ' .')VALUES (' ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')"; $app->db->query($sql); } public function decode($record) { if(is_array($record)) { foreach($this->listDef['item'] as $field) { $key = $field['field']; switch ($field['datatype']) { case 'DATE': if($val > 0) { $record[$key] = date($this->dateformat, $record[$key]); } break; case 'INTEGER': $record[$key] = intval($record[$key]); break; case 'DOUBLE': $record[$key] = $record[$key]; break; case 'CURRENCY': $record[$key] = number_format($record[$key], 2, ',', ''); break; case 'VARCHAR': case 'TEXT': default: $record[$key] = stripslashes($record[$key]); break; } } } return $record; } public function encode($record) { if(is_array($record)) { foreach($this->listDef['item'] as $field) { $key = $field['field']; switch ($field['datatype']) { case 'VARCHAR': case 'TEXT': if(!is_array($record[$key])) { $record[$key] = mysql_real_escape_string($record[$key]); } else { $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); } break; case 'DATE': if($record[$key] > 0) { list($tag, $monat, $jahr) = explode('.', $record[$key]); $record[$key] = mktime(0, 0, 0, $monat, $tag, $jahr); } break; case 'INTEGER': $record[$key] = intval($record[$key]); break; case 'DOUBLE': $record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': $record[$key] = str_replace(',', '.', $record[$key]); break; } } } return $record; } } ?> interface/lib/classes/tform.inc.php
@@ -482,14 +482,14 @@ switch ($field['datatype']) { case 'VARCHAR': if(!@is_array($record[$key])) { $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):''; $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; } else { $new_record[$key] = implode($field['separator'],$record[$key]); } break; case 'TEXT': if(!is_array($record[$key])) { $new_record[$key] = addslashes($record[$key]); $new_record[$key] = mysql_real_escape_string($record[$key]); } else { $new_record[$key] = implode($field['separator'],$record[$key]); } @@ -508,7 +508,7 @@ //if($key == 'refresh') die($record[$key]); break; case 'DOUBLE': $new_record[$key] = addslashes($record[$key]); $new_record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$record[$key]); @@ -699,10 +699,16 @@ $salt.="$"; // $salt = substr(md5(time()),0,2); $record[$key] = crypt($record[$key],$salt); $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; } elseif ($field['encryption'] == 'MYSQL') { $sql_insert_val .= "PASSWORD('".mysql_real_escape_string($record[$key])."'), "; } elseif ($field['encryption'] == 'CLEARTEXT') { $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; } else { $record[$key] = md5($record[$key]); $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; } $sql_insert_val .= "'".addslashes($record[$key])."', "; } elseif ($field['formtype'] == 'CHECKBOX') { $sql_insert_key .= "`$key`, "; if($record[$key] == '') { @@ -726,10 +732,16 @@ $salt.="$"; // $salt = substr(md5(time()),0,2); $record[$key] = crypt($record[$key],$salt); $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $sql_update .= "`$key` = PASSWORD('".mysql_real_escape_string($record[$key])."'), "; } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; } else { $record[$key] = md5($record[$key]); $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; } $sql_update .= "`$key` = '".addslashes($record[$key])."', "; } elseif ($field['formtype'] == 'CHECKBOX') { if($record[$key] == '') { // if a checkbox is not set, we set it to the unchecked value interface/web/client/client_edit.php
@@ -57,20 +57,20 @@ function onAfterInsert() { global $app; // Create the group for the client $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".addslashes($this->dataRecord["username"])."','',".$this->id.")"; $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")"; $app->db->query($sql); $groupid = $app->db->insertID(); $groups = $groupid; $username = addslashes($this->dataRecord["username"]); $password = addslashes($this->dataRecord["password"]); $username = mysql_real_escape_string($this->dataRecord["username"]); $password = mysql_real_escape_string($this->dataRecord["password"]); $modules = ISPC_INTERFACE_MODULES_ENABLED; if($this->dataRecord["limit_client"] > 0) $modules .= ',client'; $startmodule = 'mail'; $usertheme = addslashes($this->dataRecord["usertheme"]); $usertheme = mysql_real_escape_string($this->dataRecord["usertheme"]); $type = 'user'; $active = 1; $language = addslashes($this->dataRecord["language"]); $language = mysql_real_escape_string($this->dataRecord["language"]); // Create the controlpaneluser for the client $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) @@ -97,7 +97,7 @@ // username changed if(isset($app->tform->diffrec['username'])) { $username = addslashes($this->dataRecord["username"]); $username = mysql_real_escape_string($this->dataRecord["username"]); $client_id = $this->id; $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id"; $app->db->query($sql); @@ -107,7 +107,7 @@ // password changed if(isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { $password = addslashes($this->dataRecord["password"]); $password = mysql_real_escape_string($this->dataRecord["password"]); $client_id = $this->id; $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id"; $app->db->query($sql); @@ -117,7 +117,7 @@ if(isset($this->dataRecord["limit_client"])) { $modules = ISPC_INTERFACE_MODULES_ENABLED; if($this->dataRecord["limit_client"] > 0) $modules .= ',client'; $modules = addslashes($modules); $modules = mysql_real_escape_string($modules); $client_id = $this->id; $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id"; $app->db->query($sql); interface/web/mail/mail_domain_edit.php
@@ -160,7 +160,7 @@ // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); if($policy_id > 0) { $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".addslashes($this->dataRecord["domain"])."'"); $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".mysql_real_escape_string($this->dataRecord["domain"])."'"); if($tmp_user["id"] > 0) { // There is already a record that we will update $sql = "UPDATE spamfilter_users SET policy_id = $ploicy_id WHERE id = ".$tmp_user["id"]; @@ -169,7 +169,7 @@ $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id); // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".addslashes($this->dataRecord["domain"])."', '@".addslashes($this->dataRecord["domain"])."', 'Y')"; VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".mysql_real_escape_string($this->dataRecord["domain"])."', '@".mysql_real_escape_string($this->dataRecord["domain"])."', 'Y')"; $app->db->query($sql); unset($tmp_domain); } @@ -192,7 +192,7 @@ // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".addslashes($this->dataRecord["domain"])."'"); $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".mysql_real_escape_string($this->dataRecord["domain"])."'"); if($policy_id > 0) { if($tmp_user["id"] > 0) { // There is already a record that we will update @@ -202,7 +202,7 @@ $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id); // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".addslashes($this->dataRecord["domain"])."', '@".addslashes($this->dataRecord["domain"])."', 'Y')"; VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".mysql_real_escape_string($this->dataRecord["domain"])."', '@".mysql_real_escape_string($this->dataRecord["domain"])."', 'Y')"; $app->db->query($sql); unset($tmp_domain); } @@ -220,25 +220,25 @@ $mail_config = $app->getconf->get_server_config($this->dataRecord["server_id"],'mail'); //* Update the mailboxes $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".addslashes($this->oldDataRecord['domain'])."'"); $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."'"); if(is_array($mailusers)) { foreach($mailusers as $rec) { // setting Maildir, Homedir, UID and GID $mail_parts = explode("@",$rec['email']); $maildir = str_replace("[domain]",$this->dataRecord['domain'],$mail_config["maildir_path"]); $maildir = str_replace("[localpart]",$mail_parts[0],$maildir); $maildir = addslashes($maildir); $email = addslashes($mail_parts[0].'@'.$this->dataRecord['domain']); $maildir = mysql_real_escape_string($maildir); $email = mysql_real_escape_string($mail_parts[0].'@'.$this->dataRecord['domain']); $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email'", 'mailuser_id', $rec['mailuser_id']); } } //* Update the aliases $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".addslashes($this->oldDataRecord['domain'])."' OR destination like '%@".addslashes($this->oldDataRecord['domain'])."'"); $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."' OR destination like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."'"); if(is_array($forwardings)) { foreach($forwardings as $rec) { $destination = addslashes(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['destination'])); $source = addslashes(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['source'])); $destination = mysql_real_escape_string(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['destination'])); $source = mysql_real_escape_string(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['source'])); $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination'", 'forwarding_id', $rec['forwarding_id']); } } interface/web/mail/mail_get_edit.php
@@ -92,7 +92,7 @@ } // end if user is not admin // Set the server ID according to the selected destination $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".addslashes($this->dataRecord["destination"])."'"); $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".mysql_real_escape_string($this->dataRecord["destination"])."'"); $this->dataRecord["server_id"] = $tmp["server_id"]; unset($tmp); interface/web/mail/mail_user_edit.php
@@ -205,7 +205,7 @@ // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); if($policy_id > 0) { $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".addslashes($this->dataRecord["email"])."'"); $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".mysql_real_escape_string($this->dataRecord["email"])."'"); if($tmp_user["id"] > 0) { // There is already a record that we will update $sql = "UPDATE spamfilter_users SET policy_id = $ploicy_id WHERE id = ".$tmp_user["id"]; @@ -213,7 +213,7 @@ } else { // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".addslashes($this->dataRecord["email"])."', '".addslashes($this->dataRecord["email"])."', 'Y')"; VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".mysql_real_escape_string($this->dataRecord["email"])."', '".mysql_real_escape_string($this->dataRecord["email"])."', 'Y')"; $app->db->query($sql); } } // endif spamfilter policy @@ -230,7 +230,7 @@ // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".addslashes($this->dataRecord["email"])."'"); $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".mysql_real_escape_string($this->dataRecord["email"])."'"); if($policy_id > 0) { if($tmp_user["id"] > 0) { // There is already a record that we will update @@ -239,7 +239,7 @@ } else { // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".addslashes($this->dataRecord["email"])."', '".addslashes($this->dataRecord["email"])."', 'Y')"; VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".mysql_real_escape_string($this->dataRecord["email"])."', '".mysql_real_escape_string($this->dataRecord["email"])."', 'Y')"; $app->db->query($sql); } }else { interface/web/mail/mail_user_filter_del.php
@@ -70,7 +70,7 @@ } } $out = addslashes($out); $out = mysql_real_escape_string($out); $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]); } interface/web/mail/mail_user_filter_edit.php
@@ -101,7 +101,7 @@ $out .= $this->getRule(); } $out = addslashes($out); $out = mysql_real_escape_string($out); $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]); } server/lib/classes/db_mysql.inc.php
@@ -163,7 +163,12 @@ // Check der variablen function quote($formfield) { return addslashes($formfield); if(!$this->connect()){ $this->updateError('WARNING: mysql_connect: Used addslashes instead of mysql_real_escape_string'); return addslashes($formfield); } return mysql_real_escape_string($formfield); } // Check der variablen server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -71,7 +71,7 @@ } //* Create the new database if (mysql_query('CREATE DATABASE '.addslashes($data["new"]["database_name"]),$link)) { if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data["new"]["database_name"]),$link)) { $app->log('Created MySQL database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG); } else { $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR); @@ -84,8 +84,8 @@ $db_host = 'localhost'; } mysql_query("GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';",$link); //echo "GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';"; mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link); //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';"; mysql_query("FLUSH PRIVILEGES;",$link); mysql_close($link); @@ -110,18 +110,18 @@ //* Rename User if($data["new"]["database_user"] != $data["old"]["database_user"]) { mysql_query("RENAME USER '".addslashes($data["old"]["database_user"])."' TO '".addslashes($data["new"]["database_user"])."'",$link); mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"])."' TO '".mysql_real_escape_string($data["new"]["database_user"])."'",$link); $app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG); } //* Remote access option has changed. if($data["new"]["remote_access"] != $data["old"]["remote_access"]) { if($data["new"]["remote_access"] == 'y') { mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link); mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link); mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link); mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link); } else { mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link); mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link); mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link); mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link); } $app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG); } @@ -142,7 +142,7 @@ //* Change password if($data["new"]["database_password"] != $data["old"]["database_password"]) { mysql_query("SET PASSWORD FOR '".addslashes($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".addslashes($data["new"]["database_password"])."');",$link); mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"])."');",$link); $app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG); } @@ -175,13 +175,13 @@ $db_host = 'localhost'; } if(mysql_query("DROP USER '".addslashes($data["old"]["database_user"])."'@'$db_host';",$link)) { if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"])."'@'$db_host';",$link)) { $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG); } else { $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR); } if(mysql_query('DROP DATABASE '.addslashes($data["old"]["database_name"]),$link)) { if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"]),$link)) { $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG); } else { $app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR);