From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/dns/dns_import.php |   76 ++++++++++++++++++++++++++-----------
 1 files changed, 53 insertions(+), 23 deletions(-)

diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index 5598b56..7e96a42 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -106,13 +106,13 @@
 
 	// Get the limits of the client
 	$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
-	$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+	$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 
 	// load the list of clients
-	$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
-	$clients = $app->db->queryAllRecords($sql);
-	$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
+	$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+	$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+	$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
 	$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
 	if(is_array($clients)) {
 		foreach( $clients as $client) {
@@ -127,7 +127,7 @@
 if($_SESSION["s"]["user"]["typ"] != 'admin')
 {
 	$client_group_id = $_SESSION["s"]["user"]["default_group"];
-	$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+	$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 	$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
 
@@ -138,8 +138,8 @@
 		$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
 	}
 
-	$sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
-	$dns_servers = $app->db->queryAllRecords($sql);
+	$sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+	$dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
 
 	$options_dns_servers = "";
 
@@ -199,8 +199,8 @@
 if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
 	$valid_zone_file = FALSE;
 
-	$sql = "SELECT server_name FROM `server` WHERE server_id=".$app->functions->intval($server_id)." OR mirror_server_id=".$app->functions->intval($server_id)." ORDER BY server_name ASC";
-	$servers = $app->db->queryAllRecords($sql);
+	$sql = "SELECT server_name FROM `server` WHERE server_id=? OR mirror_server_id=? ORDER BY server_name ASC";
+	$servers = $app->db->queryAllRecords($sql, $server_id, $server_id);
 	for ($i=0;$i<count($servers);$i++)
 	{
 		if (substr($servers[$i]['server_name'], strlen($servers[$i]['server_name'])-1) != ".")
@@ -695,21 +695,38 @@
 
 	// Insert the soa record
 	$sys_userid = $_SESSION['s']['user']['userid'];
-	$origin = $app->db->quote($soa['name']);
-	$ns = $app->db->quote($soa['ns']);
-	$mbox = $app->db->quote($soa['mbox']);
-	$refresh = $app->db->quote($soa['refresh']);
-	$retry = $app->db->quote($soa['retry']);
-	$expire = $app->db->quote($soa['expire']);
-	$minimum = $app->db->quote($soa['minimum']);
-	$ttl = $app->db->quote($soa['ttl']);
-	$xfer = $app->db->quote('');
-	$serial = $app->db->quote($app->functions->intval($soa['serial'])+1);
+	$origin = $soa['name'];
+	$ns = $soa['ns'];
+	$mbox = $soa['mbox'];
+	$refresh = $soa['refresh'];
+	$retry = $soa['retry'];
+	$expire = $soa['expire'];
+	$minimum = $soa['minimum'];
+	$ttl = $soa['ttl'];
+	$xfer = '';
+	$serial = $app->functions->intval($soa['serial']+1);
 	//print_r($soa);
 	//die();
 	if($valid_zone_file){
-		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES
-		('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer')";
+		$insert_data = array(
+			"sys_userid" => $sys_userid,
+			"sys_groupid" => $sys_groupid,
+			"sys_perm_user" => 'riud',
+			"sys_perm_group" => 'riud',
+			"sys_perm_other" => '',
+			"server_id" => $server_id,
+			"origin" => $origin,
+			"ns" => $ns,
+			"mbox" => $mbox,
+			"serial" => $serial,
+			"refresh" => $refresh,
+			"retry" => $retry,
+			"expire" => $expire,
+			"minimum" => $minimum,
+			"ttl" => $ttl,
+			"active" => 'Y',
+			"xfer" => $xfer
+		);
 		$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
 
 		// Insert the dns_rr records
@@ -717,8 +734,21 @@
 		{
 			foreach($dns_rr as $rr)
 			{
-				$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
-				('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')";
+				$insert_data = array(
+					"sys_userid" => $sys_userid,
+					"sys_groupid" => $sys_groupid,
+					"sys_perm_user" => 'riud',
+					"sys_perm_group" => 'riud',
+					"sys_perm_other" => '',
+					"server_id" => $server_id,
+					"zone" => $dns_soa_id,
+					"name" => $rr['name'],
+					"type" => $rr['type'],
+					"data" => $rr['data'],
+					"aux" => $rr['aux'],
+					"ttl" => $rr['ttl'],
+					"active" => 'Y'
+				);
 				$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
 			}
 		}

--
Gitblit v1.9.1