From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/tools/resync.php | 87 ++++++++++++++++++++++++++++++++++++-------
1 files changed, 73 insertions(+), 14 deletions(-)
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 6a85b18..1b2405d 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -51,6 +51,14 @@
class page_action extends tform_actions {
//* called during onShowEnd
+ /*
+ * @param array $server_rec
+ * @param string $server_type
+ * @param string or array $search
+ *
+ * @return array
+ */
+
private function create_list($server_rec, $server_type, $search) {
$server_count = 0;
@@ -89,6 +97,11 @@
'server_type' => 'mail',
'server_id' => $server_id,
),
+ 'mail_get' => array (
+ 'index_field' => 'mailget_id',
+ 'server_type' => 'mail',
+ 'server_id' => $server_id,
+ ),
'mail_mailinglist' => array (
'index_field' => 'mailinglist_id',
'server_type' => 'mail',
@@ -98,7 +111,7 @@
'index_field' => 'mailuser_id',
'server_type' => 'mail',
'server_id' => $server_id,
- ),
+ ),
);
}
if($type == 'mail_filter') {
@@ -116,6 +129,20 @@
'index_field' => 'filter_id',
'server_type' => 'mail',
),
+ 'spamfilter_policy' => array (
+ 'index_field' => 'id',
+ 'server_type' => 'mail',
+ ),
+ 'spamfilter_users' => array (
+ 'index_field' => 'id',
+ 'server_type' => 'mail',
+ 'server_id' => $server_id,
+ ),
+ 'spamfilter_wblist' => array (
+ 'index_field' => 'wblist_id',
+ 'server_type' => 'mail',
+ 'server_id' => $server_id,
+ ),
);
}
if($type == 'web' ) {
@@ -182,8 +209,8 @@
//* firewall
$array_out = array();
foreach($server_data as $db_table => $data) {
- $sql = @(isset($data['server_id']))?"SELECT * FROM $db_table WHERE server_id = $server_id":"SELECT * FROM $db_table";;
- $records = $app->db->queryAllRecords($sql);
+ $sql = @(isset($data['server_id']))?"SELECT * FROM ?? WHERE server_id = ?":"SELECT * FROM ??";
+ $records = $app->db->queryAllRecords($sql, $db_table, $server_id);
if (!empty($records)) array_push($array_out, $db_table);
}
@@ -220,6 +247,17 @@
unset($options_servers);
}
+ //* mail-get
+ $server_list = $this->create_list($mail_server_rec, 'mail', 'mail_get');
+ $options_servers = $server_list[0];$server_count = $server_list[1];
+ unset($server_list);
+ if (isset($options_servers)) { //* server with data found
+ if ($server_count > 1) $options_servers = "<option value='0'>".$app->tform->wordbook['all_active_mail_txt']."</option>" . $options_servers;
+ $app->tpl->setVar('mailget_server_id', $options_servers);
+ $app->tpl->setVar('mail_get_found', 1);
+ unset($options_servers);
+ }
+
//* mailbox
$server_list = $this->create_list($mail_server_rec, 'mail', 'mail_user');
$options_servers = $server_list[0];$server_count = $server_list[1];
@@ -232,7 +270,7 @@
}
//* mailfilter
- $server_list = $this->create_list($mail_server_rec, 'mail_filter', array('mail_access', 'mail_content_filter', 'mail_user_filter'));
+ $server_list = $this->create_list($mail_server_rec, 'mail_filter', array('mail_access', 'mail_content_filter', 'mail_user_filter','spamfilter_users', 'spamfilter_wblist'));
$options_servers = $server_list[0];$server_count = $server_list[1];
unset($server_list);
if (isset($options_servers)) { //* server with data found
@@ -252,6 +290,7 @@
$app->tpl->setVar('mailinglist_found', 1);
unset($options_servers);
}
+
}
//* fetch web-server
@@ -368,6 +407,10 @@
}
}
+ $csrf_token = $app->auth->csrf_token_get('tools_resync');
+ $app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+ $app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
+
parent::onShowEnd();
}
@@ -377,23 +420,23 @@
$server_name = array();
if ( $server_id == 0 ) { //* resync multiple server
- $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ".$server_type."_server = 1 AND active = 1 AND mirror_server_id = 0");
+ $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ?? = 1 AND active = 1 AND mirror_server_id = 0", $server_type."_server");
foreach ($temp as $server) {
$temp_id .= $server['server_id'].',';
$server_name[$server['server_id']] = $server['server_name'];
}
+ if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');
} else {
$temp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $server_id);
$server_name[$server_id] = $temp['server_name'];
}
unset($temp);
- if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');
- $sql = "SELECT * FROM $db_table";
- if ($db_table != "mail_user_filter") $sql .= " WHERE server_id IN (".$server_id.") ";
+ $sql = "SELECT * FROM ??";
+ if ($db_table != "mail_user_filter" && $db_table != "spamfilter_policy") $sql .= " WHERE server_id IN (".$server_id.") ";
$sql .= $opt;
if ($active) $sql .= " AND active = 'y'";
- $records = $app->db->queryAllRecords($sql);
+ $records = $app->db->queryAllRecords($sql, $db_table);
return array($records, $server_name);
}
@@ -418,7 +461,12 @@
function onSubmit() {
global $app;
-
+
+ if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+ }
+
//* all services
if($this->dataRecord['resync_all'] == 1) {
$this->dataRecord['resync_sites'] = 1;
@@ -428,6 +476,7 @@
$this->dataRecord['resync_cron'] = 1;
$this->dataRecord['resync_db'] = 1;
$this->dataRecord['resync_mail'] = 1;
+ $this->dataRecord['resync_mailget'] = 1;
$this->dataRecord['resync_mailbox'] = 1;
$this->dataRecord['resync_mailfilter'] = 1;
$this->dataRecord['resync_mailinglist'] = 1;
@@ -473,8 +522,15 @@
}
//* maildomains
- if($this->dataRecord['resync_mail'] == 1)
+ if($this->dataRecord['resync_mail'] == 1) {
$msg .= $this->do_resync('mail_domain', 'domain_id', 'mail', $this->dataRecord['mail_server_id'], 'domain', $app->tform->wordbook['do_mail_txt']);
+ $msg .= $this->do_resync('spamfilter_policy', 'id', 'mail', $this->dataRecord['mail_server_id'], '', $app->tform->wordbook['do_mail_spamfilter_policy_txt'], false);
+ }
+
+ //* mailget
+ if($this->dataRecord['resync_mailget'] == 1) {
+ $msg .= $this->do_resync('mail_get', 'mailget_id', 'mail', $this->dataRecord['mail_server_id'], 'source_username', $app->tform->wordbook['do_mailget_txt']);
+ }
//* mailbox
if($this->dataRecord['resync_mailbox'] == 1) {
@@ -487,6 +543,9 @@
$msg .= $this->do_resync('mail_access', 'access_id', 'mail', $this->dataRecord['mailbox_server_id'], '', $app->tform->wordbook['do_mail_access_txt']);
$msg .= $this->do_resync('mail_content_filter', 'content_filter_id', 'mail', $this->dataRecord['mailbox_server_id'], '', $app->tform->wordbook['do_mail_contentfilter_txt']);
$msg .= $this->do_resync('mail_user_filter', 'filter_id', 'mail', $this->dataRecord['mailbox_server_id'], '', $app->tform->wordbook['do_mail_userfilter_txt'], false);
+ //* spam
+ $msg .= $this->do_resync('spamfilter_users', 'id', 'mail', $this->dataRecord['mailbox_server_id'], '', $app->tform->wordbook['do_mail_spamfilter_txt'], false);
+ $msg .= $this->do_resync('spamfilter_wblist', 'wblist_id', 'mail', $this->dataRecord['mailbox_server_id'], '', $app->tform->wordbook['do_mail_spamfilter_txt']) ;
}
//* mailinglists
@@ -511,13 +570,13 @@
if(!empty($rr_records)) {
foreach($rr_records as $rec) {
$new_serial = $app->validate_dns->increase_serial($rec['serial']);
- $app->db->datalogUpdate('dns_rr', "serial = '".$new_serial."'", 'id', $rec['id']);
+ $app->db->datalogUpdate('dns_rr', array("serial" => $new_serial), 'id', $rec['id']);
}
} else {
$msg .= $app->tform->wordbook['no_results_txt'].'<br>';
}
$new_serial = $app->validate_dns->increase_serial($soa_rec['serial']);
- $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $soa_rec['id']);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $soa_rec['id']);
$msg .= '['.$server_name[$soa_rec['server_id']].'] '.$soa_rec['origin'].' ('.count($rr_records).')<br>';
}
else $msg .= $app->tform->wordbook['no_results_txt'].'<br>';
@@ -529,7 +588,7 @@
if($this->dataRecord['resync_client'] == 1) {
$db_table = 'client';
$index_field = 'client_id';
- $records = $app->db->queryAllRecords("SELECT * FROM ".$db_table);
+ $records = $app->db->queryAllRecords("SELECT * FROM ??", $db_table);
$msg .= '<b>'.$app->tform->wordbook['do_clients_txt'].'</b><br>';
if(!empty($records)) {
$tform_def_file = '../client/form/client.tform.php';
--
Gitblit v1.9.1