From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/tools/dns_import_tupa.php |   73 +++++++++++++++++++++++++++---------
 1 files changed, 55 insertions(+), 18 deletions(-)

diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index 775d515..849a097 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -45,6 +45,9 @@
 
 // Resyncing dns zones
 if(isset($_POST['start']) && $_POST['start'] == 1) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
 
 	//* Set variable sin template
 	$app->tpl->setVar('dbhost', $_POST['dbhost']);
@@ -86,44 +89,74 @@
 		$domains = $exdb->queryAllRecords("SELECT * FROM domains WHERE type = 'MASTER'");
 		if(is_array($domains)) {
 			foreach($domains as $domain) {
-				$soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ".$domain['id']);
+				$soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ?", $domain['id']);
 				if(is_array($soa)) {
 					$parts = explode(' ', $soa['content']);
-					$origin = $app->db->quote(addot($soa['name']));
-					$ns = $app->db->quote(addot($parts[0]));
-					$mbox = $app->db->quote(addot($parts[1]));
-					$serial = $app->db->quote($parts[2]);
+					$origin = addot($soa['name']);
+					$ns = addot($parts[0]);
+					$mbox = addot($parts[1]);
+					$serial = $parts[2];
 					$refresh = 7200;
 					$retry =  540;
 					$expire = 604800;
-					$minimum = 86400;
-					$ttl = $app->db->quote($soa['ttl']);
+					$minimum = 3600;
+					$ttl = $soa['ttl'];
 
-					$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES
-					('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '')";
+					$insert_data = array(
+						"sys_userid" => $sys_userid,
+						"sys_groupid" => $sys_groupid,
+						"sys_perm_user" => 'riud',
+						"sys_perm_group" => 'riud',
+						"sys_perm_other" => '',
+						"server_id" => $server_id,
+						"origin" => $origin,
+						"ns" => $ns,
+						"mbox" => $mbox,
+						"serial" => $serial,
+						"refresh" => $refresh,
+						"retry" => $retry,
+						"expire" => $expire,
+						"minimum" => $minimum,
+						"ttl" => $ttl,
+						"active" => 'Y',
+						"xfer" => ''
+					);
 					$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
 					unset($parts);
 					$msg .= 'Import Zone: '.$soa['name'].'<br />';
 
 					//* Process the other records
-					$records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ".$domain['id']);
+					$records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ?", $domain['id']);
 					if(is_array($records)) {
 						foreach($records as $rec) {
 							$rr = array();
 
-							$rr['name'] = $app->db->quote(addot($rec['name']));
-							$rr['type'] = $app->db->quote($rec['type']);
-							$rr['aux'] = $app->db->quote($rec['prio']);
-							$rr['ttl'] = $app->db->quote($rec['ttl']);
+							$rr['name'] = addot($rec['name']);
+							$rr['type'] = $rec['type'];
+							$rr['aux'] = $rec['prio'];
+							$rr['ttl'] = $rec['ttl'];
 
 							if($rec['type'] == 'NS' || $rec['type'] == 'MX' || $rec['type'] == 'CNAME') {
-								$rr['data'] = $app->db->quote(addot($rec['content']));
+								$rr['data'] = addot($rec['content']);
 							} else {
-								$rr['data'] = $app->db->quote($rec['content']);
+								$rr['data'] = $rec['content'];
 							}
 
-							$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
-							('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+							$insert_data = array(
+								"sys_userid" => $sys_userid,
+								"sys_groupid" => $sys_groupid,
+								"sys_perm_user" => 'riud',
+								"sys_perm_group" => 'riud',
+								"sys_perm_other" => '',
+								"server_id" => $server_id,
+								"zone" => $dns_soa_id,
+								"name" => $rr['name'],
+								"type" => $rr['type'],
+								"data" => $rr['data'],
+								"aux" => $rr['aux'],
+								"ttl" => $rr['ttl'],
+								"active" => 'Y'
+							);
 							$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
 							//$msg .= $insert_data.'<br />';
 
@@ -151,6 +184,10 @@
 $app->tpl->setVar('msg', $msg);
 $app->tpl->setVar('error', $error);
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
 
 $app->tpl_defaults();
 $app->tpl->pparse();

--
Gitblit v1.9.1