Skip to content

Commit 8143c39

Browse files
author
vogelor
committed
Fixed a bug: if the domain-module is used and there are NO domains in the list, then the user was able to free edit the domain-name. This bug is fixed now and a empty list is generated, so the user can enter only a empty name!
1 parent 2c8daab commit 8143c39

File tree

2 files changed

+60
-43
lines changed

2 files changed

+60
-43
lines changed

interface/web/mail/mail_domain_edit.php

Lines changed: 50 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -49,10 +49,10 @@
4949
$app->load('tform_actions');
5050

5151
class page_action extends tform_actions {
52-
52+
5353
function onShowNew() {
5454
global $app, $conf;
55-
55+
5656
// we will check only users, not admins
5757
if($_SESSION["s"]["user"]["typ"] == 'user') {
5858
if(!$app->tform->checkClientLimit('limit_maildomain')) {
@@ -65,10 +65,10 @@ function onShowNew() {
6565

6666
parent::onShowNew();
6767
}
68-
68+
6969
function onShowEnd() {
7070
global $app, $conf;
71-
71+
7272
if($_SESSION["s"]["user"]["typ"] == 'admin') {
7373
// Getting Clients of the user
7474
if($_SESSION["s"]["user"]["typ"] == 'admin') {
@@ -88,18 +88,18 @@ function onShowEnd() {
8888
}
8989
}
9090
$app->tpl->setVar("client_group_id",$client_select);
91-
91+
9292
} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
9393

9494
// Get the limits of the client
9595
$client_group_id = $_SESSION["s"]["user"]["default_group"];
9696
$client = $app->db->queryOneRecord("SELECT client.client_id, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by contact_name");
97-
97+
9898
// Set the webserver to the default server of the client
9999
$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_webserver]");
100100
$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
101101
unset($tmp);
102-
102+
103103
// Fill the client select field
104104
$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
105105
$clients = $app->db->queryAllRecords($sql);
@@ -115,14 +115,14 @@ function onShowEnd() {
115115
$app->tpl->setVar("client_group_id",$client_select);
116116

117117
}
118-
118+
119119
/*
120120
* Now we have to check, if we should use the domain-module to select the domain
121121
* or not
122-
*/
122+
*/
123123
$app->uses('ini_parser,getconf');
124124
$settings = $app->getconf->get_global_config('domains');
125-
if ($settings['use_domain_module'] == 'y'){
125+
if ($settings['use_domain_module'] == 'y') {
126126
$client_group_id = $_SESSION["s"]["user"]["default_group"];
127127
$sql = "SELECT domain FROM domain WHERE sys_groupid =" . $client_group_id;
128128
$domains = $app->db->queryAllRecords($sql);
@@ -131,11 +131,19 @@ function onShowEnd() {
131131
foreach( $domains as $domain) {
132132
$domain_select .= "<option value=" . $domain['domain'] . ">" . $domain['domain'] . "</option>\r\n";
133133
}
134+
135+
} else {
136+
/*
137+
* We have no domains in the domain-list. This means, we can not add ANY new domain.
138+
* To avoid, that the variable "domain_option" is empty and so the user can
139+
* free enter a domain, we have to create a empty option!
140+
*/
141+
$domain_select .= "<option value=''></option>\r\n";
134142
}
135143
$app->tpl->setVar("domain_option",$domain_select);
136144
}
137-
138-
145+
146+
139147
// Get the spamfilter policys for the user
140148
$tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$this->dataRecord["domain"]."'");
141149
$sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
@@ -151,37 +159,37 @@ function onShowEnd() {
151159
unset($policys);
152160
unset($policy_select);
153161
unset($tmp_user);
154-
162+
155163
if($this->id > 0) {
156164
//* we are editing a existing record
157165
$app->tpl->setVar("edit_disabled", 1);
158166
$app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
159167
} else {
160168
$app->tpl->setVar("edit_disabled", 0);
161169
}
162-
170+
163171
parent::onShowEnd();
164172
}
165-
173+
166174
function onSubmit() {
167175
global $app, $conf;
168176
if($_SESSION["s"]["user"]["typ"] != 'admin') {
169-
177+
170178
// Get the limits of the client
171179
$client_group_id = $_SESSION["s"]["user"]["default_group"];
172180
$client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
173-
181+
174182
// When the record is updated
175183
if($this->id > 0) {
176184
// restore the server ID if the user is not admin and record is edited
177185
$tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain_id = ".intval($this->id));
178186
$this->dataRecord["server_id"] = $tmp["server_id"];
179187
unset($tmp);
180-
// When the record is inserted
188+
// When the record is inserted
181189
} else {
182190
// set the server ID to the default mailserver of the client
183191
$this->dataRecord["server_id"] = $client["default_mailserver"];
184-
192+
185193
// Check if the user may add another mail_domain
186194
if($client["limit_maildomain"] >= 0) {
187195
$tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = $client_group_id");
@@ -190,21 +198,21 @@ function onSubmit() {
190198
}
191199
}
192200
}
193-
201+
194202
// Clients may not set the client_group_id, so we unset them if user is not a admin
195203
if(!$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
196204
}
197-
205+
198206
//* make sure that the email domain is lowercase
199207
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
200-
201-
208+
209+
202210
parent::onSubmit();
203211
}
204-
212+
205213
function onAfterInsert() {
206214
global $app, $conf;
207-
215+
208216
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
209217
// also make sure that the user can not delete domain created by a admin
210218
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
@@ -215,7 +223,7 @@ function onAfterInsert() {
215223
$client_group_id = intval($this->dataRecord["client_group_id"]);
216224
$app->db->query("UPDATE mail_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$this->id);
217225
}
218-
226+
219227
// Spamfilter policy
220228
$policy_id = intval($this->dataRecord["policy"]);
221229
if($policy_id > 0) {
@@ -226,17 +234,17 @@ function onAfterInsert() {
226234
} else {
227235
$tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
228236
// We create a new record
229-
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
237+
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
230238
VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".mysql_real_escape_string($this->dataRecord["domain"])."', '@".mysql_real_escape_string($this->dataRecord["domain"])."', 'Y')";
231239
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
232240
unset($tmp_domain);
233241
}
234242
} // endif spamfilter policy
235243
}
236-
244+
237245
function onBeforeUpdate() {
238246
global $app, $conf;
239-
247+
240248
//* Check if the server has been changed
241249
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
242250
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
@@ -247,7 +255,7 @@ function onBeforeUpdate() {
247255
$this->dataRecord["server_id"] = $rec['server_id'];
248256
}
249257
unset($rec);
250-
//* If the user is neither admin nor reseller
258+
//* If the user is neither admin nor reseller
251259
} else {
252260
//* We do not allow users to change a domain which has been created by the admin
253261
$rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ".$this->id);
@@ -259,12 +267,12 @@ function onBeforeUpdate() {
259267
unset($rec);
260268
}
261269
}
262-
263-
264-
270+
271+
272+
265273
function onAfterUpdate() {
266274
global $app, $conf;
267-
275+
268276
// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
269277
// also make sure that the user can not delete domain created by a admin
270278
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
@@ -275,7 +283,7 @@ function onAfterUpdate() {
275283
$client_group_id = intval($this->dataRecord["client_group_id"]);
276284
$app->db->query("UPDATE mail_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$this->id);
277285
}
278-
286+
279287
// Spamfilter policy
280288
$policy_id = intval($this->dataRecord["policy"]);
281289
$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".mysql_real_escape_string($this->dataRecord["domain"])."'");
@@ -286,7 +294,7 @@ function onAfterUpdate() {
286294
} else {
287295
$tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
288296
// We create a new record
289-
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
297+
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
290298
VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".mysql_real_escape_string($this->dataRecord["domain"])."', '@".mysql_real_escape_string($this->dataRecord["domain"])."', 'Y')";
291299
$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
292300
unset($tmp_domain);
@@ -301,7 +309,7 @@ function onAfterUpdate() {
301309
if($this->oldDataRecord['domain'] != $this->dataRecord['domain'] || (isset($this->dataRecord['client_group_id']) && $this->oldDataRecord['sys_groupid'] != $this->dataRecord['client_group_id'])) {
302310
$app->uses('getconf');
303311
$mail_config = $app->getconf->get_server_config($this->dataRecord["server_id"],'mail');
304-
312+
305313
//* Update the mailboxes
306314
$mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."'");
307315
$sys_groupid = (isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid'];
@@ -316,7 +324,7 @@ function onAfterUpdate() {
316324
$app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);
317325
}
318326
}
319-
327+
320328
//* Update the aliases
321329
$forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."' OR destination like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."'");
322330
if(is_array($forwardings)) {
@@ -326,16 +334,16 @@ function onAfterUpdate() {
326334
$app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);
327335
}
328336
}
329-
337+
330338
//* Delete the old spamfilter record
331339
$tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".mysql_real_escape_string($this->oldDataRecord["domain"])."'");
332340
$app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);
333341
unset($tmp);
334-
342+
335343
} // end if domain name changed
336-
344+
337345
}
338-
346+
339347
}
340348

341349
$page = new page_action;

interface/web/sites/web_domain_edit.php

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,11 +217,20 @@ function onShowEnd() {
217217
$sql = "SELECT domain FROM domain WHERE sys_groupid =" . $client_group_id;
218218
$domains = $app->db->queryAllRecords($sql);
219219
$domain_select = '';
220-
if(is_array($domains)) {
220+
if(is_array($domains) && sizeof($domains) > 0) {
221+
/* We have domains in the list, so create the drop-down-list */
221222
foreach( $domains as $domain) {
222223
$domain_select .= "<option value=" . $domain['domain'] . ">" . $domain['domain'] . "</option>\r\n";
223224
}
224225
}
226+
else {
227+
/*
228+
* We have no domains in the domain-list. This means, we can not add ANY new domain.
229+
* To avoid, that the variable "domain_option" is empty and so the user can
230+
* free enter a domain, we have to create a empty option!
231+
*/
232+
$domain_select .= "<option value=''></option>\r\n";
233+
}
225234
$app->tpl->setVar("domain_option",$domain_select);
226235
}
227236

0 commit comments

Comments
 (0)