From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/dns/dns_wizard.php |  102 +++++++++++++++++++++++++++++++++++---------------
 1 files changed, 71 insertions(+), 31 deletions(-)

diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index b27c66a..1800259 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -107,14 +107,14 @@
 
 	// Get the limits of the client
 	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-	$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+	$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 
 	if ($domains_settings['use_domain_module'] != 'y') {
 		// load the list of clients
-		$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
-		$clients = $app->db->queryAllRecords($sql);
-		$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
+		$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+		$clients = $app->db->queryAllRecords($sql, $client['client_id']);
+		$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
 		$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
 		if(is_array($clients)) {
 			foreach( $clients as $client) {
@@ -130,7 +130,7 @@
 if($_SESSION["s"]["user"]["typ"] != 'admin')
 {
 	$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-	$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+	$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 	$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
 
@@ -141,13 +141,13 @@
 		$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
 	}
 
-	$sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
-	$dns_servers = $app->db->queryAllRecords($sql);
+	$sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+	$dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
 
 	$options_dns_servers = "";
 
 	foreach ($dns_servers as $dns_server) {
-		$options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";
+		$options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($_POST['server_id'] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
 	}
 
 	$app->tpl->setVar("server_id", $options_dns_servers);
@@ -155,7 +155,7 @@
 
 }
 
-$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
+$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
 $fields = explode(',', $template_record['fields']);
 if(is_array($fields)) {
 	foreach($fields as $field) {
@@ -197,13 +197,16 @@
 }
 
 if($_POST['create'] == 1) {
-
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$error = '';
 
 	if ($post_server_id)
 	{
 		$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-		$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+		$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 		$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
 
@@ -335,11 +338,11 @@
 				if($section == 'dns_records') {
 					$parts = explode('|', $row);
 					$dns_rr[] = array(
-						'name' => $app->db->quote($parts[1]),
-						'type' => $app->db->quote($parts[0]),
-						'data' => $app->db->quote($parts[2]),
-						'aux'  => $app->db->quote($parts[3]),
-						'ttl'  => $app->db->quote($parts[4])
+						'name' => $parts[1],
+						'type' => $parts[0],
+						'data' => $parts[2],
+						'aux'  => $parts[3],
+						'ttl'  => $parts[4]
 					);
 				}
 			}
@@ -359,28 +362,60 @@
 	if($error == '') {
 		// Insert the soa record
 		$sys_userid = $_SESSION['s']['user']['userid'];
-		$origin = $app->db->quote($vars['origin']);
-		$ns = $app->db->quote($vars['ns']);
-		$mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));
-		$refresh = $app->db->quote($vars['refresh']);
-		$retry = $app->db->quote($vars['retry']);
-		$expire = $app->db->quote($vars['expire']);
-		$minimum = $app->db->quote($vars['minimum']);
-		$ttl = $app->db->quote($vars['ttl']);
-		$xfer = $app->db->quote($vars['xfer']);
-		$also_notify = $app->db->quote($vars['also_notify']);
-		$update_acl = $app->db->quote($vars['update_acl']);
+		$origin = $vars['origin'];
+		$ns = $vars['ns'];
+		$mbox = str_replace('@', '.', $vars['mbox']);
+		$refresh = $vars['refresh'];
+		$retry = $vars['retry'];
+		$expire = $vars['expire'];
+		$minimum = $vars['minimum'];
+		$ttl = $vars['ttl'];
+		$xfer = $vars['xfer'];
+		$also_notify = $vars['also_notify'];
+		$update_acl = $vars['update_acl'];
 		$serial = $app->validate_dns->increase_serial(0);
 
-		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES
-		('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";
+		$insert_data = array(
+			"sys_userid" => $sys_userid,
+			"sys_groupid" => $sys_groupid,
+			"sys_perm_user" => 'riud',
+			"sys_perm_group" => 'riud',
+			"sys_perm_other" => '',
+			"server_id" => $server_id,
+			"origin" => $origin,
+			"ns" => $ns,
+			"mbox" => $mbox,
+			"serial" => $serial,
+			"refresh" => $refresh,
+			"retry" => $retry,
+			"expire" => $expire,
+			"minimum" => $minimum,
+			"ttl" => $ttl,
+			"active" => 'Y',
+			"xfer" => $xfer,
+			"also_notify" => $also_notify,
+			"update_acl" => $update_acl
+		);
 		$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
 
 		// Insert the dns_rr records
 		if(is_array($dns_rr) && $dns_soa_id > 0) {
 			foreach($dns_rr as $rr) {
-				$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
-				('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+				$insert_data = array(
+					"sys_userid" => $sys_userid,
+					"sys_groupid" => $sys_groupid,
+					"sys_perm_user" => 'riud',
+					"sys_perm_group" => 'riud',
+					"sys_perm_other" => '',
+					"server_id" => $server_id,
+					"zone" => $dns_soa_id,
+					"name" => $rr['name'],
+					"type" => $rr['type'],
+					"data" => $rr['data'],
+					"aux" => $rr['aux'],
+					"ttl" => $rr['ttl'],
+					"active" => 'Y'
+				);
 				$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
 			}
 		}
@@ -398,6 +433,11 @@
 
 $app->tpl->setVar("title", 'DNS Wizard');
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
 include $lng_file;
 $app->tpl->setVar($wb);

--
Gitblit v1.9.1