Bugfix: SMTP password was visible in html source

Bugfix: Show error message on smtp enabled without administrator mail / name

Author: mcramer

interface/web/admin/lib/lang/de_system_config.lng

@@ -1,5 +1,6 @@
 <?php
 $wb['system_config_desc_txt'] = '';
+$wb['smtp_missing_admin_mail_txt'] = 'Bitte geben Sie die Administrator E-Mail und den Namen ein, wenn Sie SMTP Versand nutzen wollen.';
 $wb['warning'] = 'Bearbeiten Sie diese Werte sorgfältig! Entfernen Sie die Prefixe nicht auf Systemen mit mehr als einem Client.';
 $wb['dbname_prefix_txt'] = 'Datenbanknamen Prefix';
 $wb['dbuser_prefix_txt'] = 'Datenbankbenutzer Prefix';

interface/web/admin/lib/lang/en_system_config.lng

@@ -1,5 +1,6 @@
 <?php
 $wb['system_config_desc_txt'] = '';
+$wb['smtp_missing_admin_mail_txt'] = 'Please enter the admin name and admin mail address if you want to use smtp mail sending.';
 $wb['dashboard_atom_url_admin_txt'] = 'Dashboard atom feed URL (admin)';
 $wb['dashboard_atom_url_reseller_txt'] = 'Dashboard atom feed URL (reseller)';
 $wb['dashboard_atom_url_client_txt'] = 'Dashboard atom feed URL (client)';

interface/web/admin/system_config_edit.php

@@ -77,6 +77,25 @@ function onShowEdit() {
 		$app->tpl->setVar($record);
 	}
 
+    function onSubmit() {
+        global $app;
+        
+        $app->uses('ini_parser,getconf');
+		
+        $section = $app->tform->getCurrentTab();
+		
+		$server_config_array = $app->getconf->get_global_config();
+		$new_config = $app->tform->encode($this->dataRecord,$section);
+        if($section == 'mail') {
+            if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
+            if($new_config['smtp_enabled'] == 'y' && ($new_config['admin_mail'] == '' || $new_config['admin_name'] == '')) {
+                $app->tform->errorMessage .= $app->tform->lng("smtp_missing_admin_mail_txt");
+            }
+        }
+        
+        parent::onSubmit();
+    }
+    
 	function onUpdateSave($sql) {
 		global $app,$conf;
 
@@ -85,7 +104,6 @@ function onUpdateSave($sql) {
 
 		$section = $app->tform->getCurrentTab();
 
-        
 		$server_config_array = $app->getconf->get_global_config();
 		$new_config = $app->tform->encode($this->dataRecord,$section);
         if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['vhost_subdomains'] == 'y') {
@@ -94,6 +112,8 @@ function onUpdateSave($sql) {
             if($check['cnt'] > 0) {
                 $new_config['vhost_subdomains'] = 'y';
             }
+        } elseif($section == 'mail') {
+            if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
         }
         $server_config_array[$section] = $new_config;
 		$server_config_str = $app->ini_parser->get_ini_string($server_config_array);

interface/web/admin/templates/system_config_mail_edit.htm

@@ -59,7 +59,7 @@ <h2><tmpl_var name="list_head_txt"></h2>
             </div>
             <div class="ctrlHolder">
                 <label for="smtp_pass">{tmpl_var name='smtp_pass_txt'}</label>
-                <input name="smtp_pass" id="smtp_pass" value="{tmpl_var name='smtp_pass'}" size="30" maxlength="255" type="password" class="textInput" />
+                <input name="smtp_pass" id="smtp_pass" value="" size="30" maxlength="255" type="password" class="textInput" />
             </div>
             <div class="ctrlHolder">
                 <p class="label">{tmpl_var name='smtp_crypt_txt'}</p>