Merge remote-tracking branch 'origin/stable-3.0.5'

Conflicts:
	interface/lib/classes/tform.inc.php
	interface/web/admin/lib/lang/de_directive_snippets.lng
	interface/web/dns/dns_import.php
	interface/web/dns/dns_soa_edit.php
	interface/web/dns/dns_wizard.php
	interface/web/mail/mail_domain_edit.php
	interface/web/sites/database_edit.php
	interface/web/sites/lib/lang/de_web_domain.lng
	interface/web/sites/lib/lang/en_web_domain.lng
	interface/web/sites/web_domain_edit.php
	server/server.php

Author: Marius Cramer

interface/lib/classes/aps_crawler.inc.php

@@ -595,7 +595,7 @@ public function fixURLs()
 				foreach($incomplete_pkgs as $incomplete_pkg){
 					$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
 					if($pkg_url != ''){
-						$app->db->datalogUpdate('aps_packages', "package_url = '".$pkg_url."'", 'id', $incomplete_pkg['id']);
+						$app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
 					}
 				}
 			}

interface/lib/classes/aps_guicontroller.inc.php

@@ -266,18 +266,18 @@ public function createPackageInstance($settings, $packageid)
 			unset($tmp);
 
 			// get information if the webserver is a db server, too
-			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$websrv['server_id']);
+			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$app->functions->intval($websrv['server_id']));
 			if($web_server['db_server'] == 1) {
 				// create database on "localhost" (webserver)
-				$mysql_db_server_id = $websrv['server_id'];
+				$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
 				$mysql_db_host = 'localhost';
 				$mysql_db_remote_access = 'n';
 				$mysql_db_remote_ips = '';
 			} else {
 				//* get the default database server of the client
-				$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$websrv['sys_groupid']);
+				$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
 				if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
-					$mysql_db_server_id =  $client['default_dbserver'];
+					$mysql_db_server_id =  $app->functions->intval($client['default_dbserver']);
 					$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
 					$mysql_db_host = $dbserver_config['ip_address'];
 					$mysql_db_remote_access = 'y';
@@ -301,13 +301,13 @@ public function createPackageInstance($settings, $packageid)
 
 			//* Find a free db name for the app
 			for($n = 1; $n <= 1000; $n++) {
-				$mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
+				$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
 				$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
 				if($tmp['number'] == 0) break;
 			}
 			//* Find a free db username for the app
 			for($n = 1; $n <= 1000; $n++) {
-				$mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
+				$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
 				$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
 				if($tmp['number'] == 0) break;
 			}
@@ -316,12 +316,12 @@ public function createPackageInstance($settings, $packageid)
 
 			//* Create the mysql database user
 			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
-					  VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
+					  VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
 			$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');
 
 			//* Create the mysql database
 			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
-					  VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
+					  VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
 			$app->db->datalogInsert('web_database', $insert_data, 'database_id');
 
 			//* Add db details to package settings
@@ -332,7 +332,7 @@ public function createPackageInstance($settings, $packageid)
 		}
 
 		//* Insert new package instance
-		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
+		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
 		$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');
 
 		//* Insert all package settings
@@ -404,7 +404,7 @@ public function reinstallInstance($instanceid)
         $app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
 		*/
 
-		$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
+		$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$app->db->quote($instanceid)." LIMIT 0,1";
 		$tmp = $app->db->queryOneRecord($sql);
 		if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
 

interface/lib/classes/auth.inc.php

@@ -33,7 +33,8 @@ class auth {
 
 	public function get_user_id()
 	{
-		return $_SESSION['s']['user']['userid'];
+		global $app;
+		return $app->functions->intval($_SESSION['s']['user']['userid']);
 	}
 
 	public function is_admin() {
@@ -80,7 +81,9 @@ public function add_group_to_user($userid, $groupid) {
 	public function get_client_limit($userid, $limitname)
 	{
 		global $app;
-
+		
+		$userid = $app->functions->intval($userid);
+		
 		// simple query cache
 		if($this->client_limits===null)
 			$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");

interface/lib/classes/client_templates.inc.php

@@ -49,7 +49,7 @@ function update_client_templates($clientId, $templates = array()) {
 
 		if($old_style == true) {
 			// we have to take care of this in an other way
-			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
+			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
 			if(is_array($in_db) && count($in_db) > 0) {
 				foreach($in_db as $item) {
 					if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,32 +61,32 @@ function update_client_templates($clientId, $templates = array()) {
 				if($count > 0) {
 					// add new template to client (includes those from old-style without assigned_template_id)
 					for($i = $count; $i > 0; $i--) {
-						$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $tpl_id . ')');
+						$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
 					}
 				} elseif($count < 0) {
 					// remove old ones
 					for($i = $count; $i < 0; $i++) {
-						$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $clientId . ' AND client_template_id = ' . $tpl_id . ' LIMIT 1');
+						$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
 					}
 				}
 			}
 		} else {
 			// we have to take care of this in an other way
-			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
+			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
 			if(is_array($in_db) && count($in_db) > 0) {
 				// check which templates were removed from this client
 				foreach($in_db as $item) {
 					if(in_array($item['assigned_template_id'], $used_assigned) == false) {
 						// delete this one
-						$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $item['assigned_template_id']);
+						$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
 					}
 				}
 			}
 
 			if(count($new_tpl) > 0) {
 				foreach($new_tpl as $item) {
 					// add new template to client (includes those from old-style without assigned_template_id)
-					$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $item . ')');
+					$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
 				}
 			}
 		}

interface/lib/classes/custom_datasource.inc.php

@@ -46,9 +46,9 @@ function dns_servers($field, $record) {
 
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
 		}
@@ -68,9 +68,9 @@ function slave_dns_servers($field, $record) {
 
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_slave_dnsserver'];
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
 		}
@@ -99,7 +99,7 @@ function webdav_domains($field, $record) {
 		}
 		if(count($server_ids) == 0) return array();
 		$server_ids = implode(',', $server_ids);
-		$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$server_ids.") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
+		$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
 
 		$records_new = array();
 		if(is_array($records)) {
@@ -158,12 +158,12 @@ function client_servers($field, $record) {
 
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
 			$client = $app->db->queryOneRecord($sql);
 			if($client['server_id'] > 0) {
 				//* Select the default server for the client
-				$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
+				$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
 			} else {
 				//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
 				$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);

interface/lib/classes/db_mysql.inc.php

@@ -284,7 +284,7 @@ public function datalogSave($db_table, $action, $primary_field, $primary_id, $re
 		// Insert the server_id, if the record has a server_id
 		$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
 		if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];
-
+		$server_id = intval($server_id);
 
 		if($diff_num > 0) {
 			//print_r($diff_num);
@@ -306,6 +306,9 @@ public function datalogSave($db_table, $action, $primary_field, $primary_id, $re
 	//** Inserts a record and saves the changes into the datalog
 	public function datalogInsert($tablename, $insert_data, $index_field) {
 		global $app;
+		
+		$tablename = $this->quote($tablename);
+		$index_field = $this->quote($index_field);
 
 		if(is_array($insert_data)) {
 			$key_str = '';
@@ -333,6 +336,10 @@ public function datalogInsert($tablename, $insert_data, $index_field) {
 	//** Updates a record and saves the changes into the datalog
 	public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
 		global $app;
+		
+		$tablename = $this->quote($tablename);
+		$index_field = $this->quote($index_field);
+		$index_value = $this->quote($index_value);
 
 		$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
 
@@ -356,6 +363,10 @@ public function datalogUpdate($tablename, $update_data, $index_field, $index_val
 	//** Deletes a record and saves the changes into the datalog
 	public function datalogDelete($tablename, $index_field, $index_value) {
 		global $app;
+		
+		$tablename = $this->quote($tablename);
+		$index_field = $this->quote($index_field);
+		$index_value = $this->quote($index_value);
 
 		$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
 		$this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");

interface/lib/classes/form.inc.php

@@ -1,5 +1,7 @@
 <?php
 
+die('Deprecated file: form.inc.php');
+
 /*
 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.

interface/lib/classes/plugin_backuplist.inc.php

@@ -108,8 +108,8 @@ function onShow() {
 		}
 
 		//* Get the data
-		$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
-		$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
+		$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
+		$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id = ".$app->functions->intval($web['server_id'])." ORDER BY tstamp DESC, backup_type ASC";
 		$records = $app->db->queryAllRecords($sql);
 
 		$bgcolor = "#FFFFFF";

interface/lib/classes/tform.inc.php

@@ -69,6 +69,7 @@ class tform extends tform_base {
 	function checkPerm($record_id, $perm) {
 		global $app;
 
+		$record_id = $app->functions->intval($record_id);
 		if($record_id > 0) {
 			// Add backticks for incomplete table names.
 			if(stristr($this->formDef['db_table'], '.')) {
@@ -163,7 +164,7 @@ function checkClientLimit($limit_name, $sql_where = '') {
 		if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
 
 		// Get the limits of the client that is currently logged in
-		$client_group_id = $_SESSION["s"]["user"]["default_group"];
+		$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 		$client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
 		// Check if the user may add another item
@@ -185,7 +186,7 @@ function checkResellerLimit($limit_name, $sql_where = '') {
 		if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
 
 		// Get the limits of the client that is currently logged in
-		$client_group_id = $_SESSION["s"]["user"]["default_group"];
+		$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 		$client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
 		//* If the client belongs to a reseller, we will check against the reseller Limit too

interface/lib/classes/tform_actions.inc.php

@@ -81,7 +81,7 @@ function onSubmit() {
 
 		// check if the client is locked - he may not change anything, then.
 		if(!$app->auth->is_admin()) {
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
 			if(is_array($client) && $client['locked'] == 'y') {
 				$app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";