From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- install/lib/update.lib.php | 58 +++++++++++++++++++++++++++++++++++++++++----------------- 1 files changed, 41 insertions(+), 17 deletions(-) diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php index d2d11bf..9fb57cb 100644 --- a/install/lib/update.lib.php +++ b/install/lib/update.lib.php @@ -123,8 +123,12 @@ function updateDbAndIni() { global $inst, $conf; + //* check sql-mode + $check_sql_mode = $inst->db->queryOneRecord("SELECT @@sql_mode"); + if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION'); + //* Update $conf array with values from the server.ini that shall be preserved - $tmp = $inst->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); + $tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']); $ini_array = ini_to_array(stripslashes($tmp['config'])); $current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0; @@ -218,8 +222,8 @@ } //* update the database version in server table - $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); - if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); + $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']); + if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']); //* If ISPConfig Version < 3.0.3, we will do a full db update @@ -228,7 +232,7 @@ swriteln($inst->lng('Starting full database update.')); //** Delete the old database - if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) { + if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['mysql']['database']) ) { $inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.'); } @@ -239,7 +243,7 @@ $db_tables = $inst->db->getTables(); foreach($db_tables as $table) { - $inst->db->query("TRUNCATE $table"); + $inst->db->query("TRUNCATE ??", $table); } //** load old data back into database @@ -262,15 +266,15 @@ } //* update the database version in server table - $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); - if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']); + $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']); + if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']); if ($conf['powerdns']['installed']) { swriteln($inst->lng('Starting full PowerDNS database update.')); //** Delete the old PowerDNS database - if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['powerdns']['database']) ) { + if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['powerdns']['database']) ) { $inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.'); } @@ -288,7 +292,7 @@ //** Update server ini - $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']); + $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']); $old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config'])); unset($tmp_server_rec); $tpl_ini_array = ini_to_array(rf('tpl/server.ini.master')); @@ -344,12 +348,12 @@ } $new_ini = array_to_ini($tpl_ini_array); - $sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']; - $inst->db->query($sql); + $sql = "UPDATE ?? SET config = ? WHERE server_id = ?"; + $inst->db->query($sql, $conf["mysql"]["database"] . ".server", $new_ini, $conf['server_id']); if($inst->db->dbHost != $inst->dbmaster->dbHost) { - $sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']; - $inst->dbmaster->query($sql); + $sql = "UPDATE ?? SET config = ? WHERE server_id = ?"; + $inst->dbmaster->query($sql, $conf["mysql"]["master_database"].".server", $new_ini, $conf['server_id']); } unset($old_ini_array); unset($tpl_ini_array); @@ -357,7 +361,7 @@ //** Update system ini - $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1"); + $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini"); $old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config'])); unset($tmp_server_rec); $tpl_ini_array = ini_to_array(rf('tpl/system.ini.master')); @@ -372,11 +376,11 @@ } $new_ini = array_to_ini($tpl_ini_array); - $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1'); + $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM ?? WHERE 1', $conf["mysql"]["database"] . '.sys_ini'); if($tmp['number'] == 0) { - $inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')"); + $inst->db->query("INSERT INTO ?? (sysini_id, config) VALUES (1,?)", $conf["mysql"]["database"] . ".sys_ini", $new_ini); } else { - $inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1"); + $inst->db->query("UPDATE ?? SET config = ? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini", $new_ini); } unset($old_ini_array); unset($tpl_ini_array); @@ -385,4 +389,24 @@ +function setDefaultServers(){ + global $inst, $conf; + + // clients + $clients = $inst->db->queryAllRecords("SELECT * FROM ".$conf["mysql"]["database"].".client"); + if(is_array($clients) && !empty($clients)){ + foreach($clients as $client){ + // mailserver + if(trim($client['mail_servers']) == '') $inst->db->query("UPDATE ?? SET mail_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_mailserver']), $client['client_id']); + // webserver + if(trim($client['web_servers']) == '') $inst->db->query("UPDATE ?? SET web_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_webserver']), $client['client_id']); + // dns server + if(trim($client['dns_servers']) == '') $inst->db->query("UPDATE ?? SET dns_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dnsserver']), $client['client_id']); + // db server + if(trim($client['db_servers']) == '') $inst->db->query("UPDATE ?? SET db_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dbserver']), $client['client_id']); + } + } + +} + ?> -- Gitblit v1.9.1