From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 install/lib/update.lib.php |   58 +++++++++++++++++++++++++++++++++++++++++-----------------
 1 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index d2d11bf..9fb57cb 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -123,8 +123,12 @@
 function updateDbAndIni() {
 	global $inst, $conf;
 
+	//* check sql-mode
+	$check_sql_mode = $inst->db->queryOneRecord("SELECT @@sql_mode");
+	if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+
 	//* Update $conf array with values from the server.ini that shall be preserved
-	$tmp = $inst->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+	$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
 	$ini_array = ini_to_array(stripslashes($tmp['config']));
 	$current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0;
 
@@ -218,8 +222,8 @@
 		}
 
 		//* update the database version in server table
-		$inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
-		if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+		$inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
+		if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
 
 
 		//* If ISPConfig Version < 3.0.3, we will do a full db update
@@ -228,7 +232,7 @@
 		swriteln($inst->lng('Starting full database update.'));
 
 		//** Delete the old database
-		if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) {
+		if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['mysql']['database']) ) {
 			$inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.');
 		}
 
@@ -239,7 +243,7 @@
 		$db_tables = $inst->db->getTables();
 
 		foreach($db_tables as $table) {
-			$inst->db->query("TRUNCATE $table");
+			$inst->db->query("TRUNCATE ??", $table);
 		}
 
 		//** load old data back into database
@@ -262,15 +266,15 @@
 		}
 
 		//* update the database version in server table
-		$inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
-		if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+		$inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
+		if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
 
 		if ($conf['powerdns']['installed']) {
 
 			swriteln($inst->lng('Starting full PowerDNS database update.'));
 
 			//** Delete the old PowerDNS database
-			if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['powerdns']['database']) ) {
+			if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['powerdns']['database']) ) {
 				$inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.');
 			}
 
@@ -288,7 +292,7 @@
 
 
 	//** Update server ini
-	$tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+	$tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 	$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
 	unset($tmp_server_rec);
 	$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
@@ -344,12 +348,12 @@
 	}
 
 	$new_ini = array_to_ini($tpl_ini_array);
-	$sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
-	$inst->db->query($sql);
+	$sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
+	$inst->db->query($sql, $conf["mysql"]["database"] . ".server", $new_ini, $conf['server_id']);
 
 	if($inst->db->dbHost != $inst->dbmaster->dbHost) {
-		$sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
-		$inst->dbmaster->query($sql);
+		$sql = "UPDATE ?? SET config = ? WHERE server_id = ?";
+		$inst->dbmaster->query($sql, $conf["mysql"]["master_database"].".server", $new_ini, $conf['server_id']);
 	}
 	unset($old_ini_array);
 	unset($tpl_ini_array);
@@ -357,7 +361,7 @@
 
 
 	//** Update system ini
-	$tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1");
+	$tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini");
 	$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
 	unset($tmp_server_rec);
 	$tpl_ini_array = ini_to_array(rf('tpl/system.ini.master'));
@@ -372,11 +376,11 @@
 	}
 
 	$new_ini = array_to_ini($tpl_ini_array);
-	$tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1');
+	$tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM ?? WHERE 1', $conf["mysql"]["database"] . '.sys_ini');
 	if($tmp['number'] == 0) {
-		$inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')");
+		$inst->db->query("INSERT INTO ?? (sysini_id, config) VALUES (1,?)", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
 	} else {
-		$inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1");
+		$inst->db->query("UPDATE ?? SET config = ? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini", $new_ini);
 	}
 	unset($old_ini_array);
 	unset($tpl_ini_array);
@@ -385,4 +389,24 @@
 
 
 
+function setDefaultServers(){
+	global $inst, $conf;
+	
+	// clients
+	$clients = $inst->db->queryAllRecords("SELECT * FROM ".$conf["mysql"]["database"].".client");
+	if(is_array($clients) && !empty($clients)){
+		foreach($clients as $client){
+			// mailserver
+			if(trim($client['mail_servers']) == '') $inst->db->query("UPDATE ?? SET mail_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_mailserver']), $client['client_id']);
+			// webserver
+			if(trim($client['web_servers']) == '') $inst->db->query("UPDATE ?? SET web_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_webserver']), $client['client_id']);
+			// dns server
+			if(trim($client['dns_servers']) == '') $inst->db->query("UPDATE ?? SET dns_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dnsserver']), $client['client_id']);
+			// db server
+			if(trim($client['db_servers']) == '') $inst->db->query("UPDATE ?? SET db_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dbserver']), $client['client_id']);
+		}
+	}
+	
+}
+
 ?>

--
Gitblit v1.9.1