banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

reformat; fix some transition bugs

Browse Source
pull/231/head
David Goodwin 6 years ago committed by David Goodwin
parent ea33d9951a
commit 1176c9ce78
11 changed files with 61 additions and 132 deletions
Show Stats Download Patch File Download Diff File

118
functions.inc.php
Unescape Escape View File

@ -327,39 +327,13 @@ function check_email($email) {
* @return string cleaned data, suitable for use within an SQL statement. * @return string cleaned data, suitable for use within an SQL statement.
*/ */
function escape_string($string) { function escape_string($string) {
global $CONF; if (is_numeric($string)) {
return $string;
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$string = stripslashes($string);
} }
$escaped_string = '';
if (!is_numeric($string)) {
$link = db_connect(); $link = db_connect();
if ($CONF['database_type'] == "mysql" && is_resource($link)) { return trim($link->quote($string), "'");
$escaped_string = mysql_real_escape_string($string, $link);
}
if ($CONF['database_type'] == "mysqli" && $link instanceof mysqli) {
$escaped_string = mysqli_real_escape_string($link, $string);
}
if (db_sqlite()) {
$escaped_string = SQLite3::escapeString($string);
}
if (db_pgsql() && is_resource($link)) {
// php 5.2+ allows for $link to be specified.
if (version_compare(phpversion(), "5.2.0", ">=")) {
$escaped_string = pg_escape_string($link, $string);
} else {
$escaped_string = pg_escape_string($string);
}
}
} else {
$escaped_string = $string;
}
return $escaped_string;
} }
@ -588,12 +562,10 @@ function create_page_browser($idxfield, $querypart) {
if (isset($result[$k + 1])) { if (isset($result[$k + 1])) {
$row2 = $result[$k + 1]; $row2 = $result[$k + 1];
$label = substr($row['label'], 0, $label_len) . '-' . substr($row2['label'], 0, $label_len); $label = substr($row['label'], 0, $label_len) . '-' . substr($row2['label'], 0, $label_len);
} } else {
else {
$label = substr($row['label'], 0, $label_len); $label = substr($row['label'], 0, $label_len);
} }
$pagebrowser[] = $label; $pagebrowser[] = $label;
} }
if (db_pgsql()) { if (db_pgsql()) {
@ -652,7 +624,6 @@ function check_owner($username, $domain) {
* @return array of domain names. * @return array of domain names.
*/ */
function list_domains_for_admin($username) { function list_domains_for_admin($username) {
$table_domain = table_by_key('domain'); $table_domain = table_by_key('domain');
$table_domain_admins = table_by_key('domain_admins'); $table_domain_admins = table_by_key('domain_admins');
@ -683,7 +654,6 @@ function list_domains_for_admin($username) {
$result = db_prepared_fetch_all($query, $pvalues); $result = db_prepared_fetch_all($query, $pvalues);
return array_column($result, 'domain'); return array_column($result, 'domain');
} }
@ -729,6 +699,7 @@ function list_admins() {
$handler = new AdminHandler(); $handler = new AdminHandler();
$handler->getList(''); $handler->getList('');
return $handler->result(); return $handler->result();
} }
@ -1509,8 +1480,7 @@ function db_connect_with_errors() {
} }
$queries[] = 'SET CHARACTER SET utf8'; $queries[] = 'SET CHARACTER SET utf8';
$queries[] = "SET COLLATION_CONNECTION='utf8_general_ci'"; $queries[] = "SET COLLATION_CONNECTION='utf8_general_ci'";
} } elseif (db_sqlite()) {
elseif (db_sqlite()) {
$dsn = "sqlite:{$CONF['database_name']}"; $dsn = "sqlite:{$CONF['database_name']}";
$username_password = false; $username_password = false;
} elseif (db_pgsql()) { } elseif (db_pgsql()) {
@ -1523,9 +1493,8 @@ function db_connect_with_errors() {
} }
if ($username_password) { if ($username_password) {
$link = new PDO($dsn, Config::read_string('database_user'), Config::read_string('database_pass'), $options); $link = new PDO($dsn, Config::read_string('database_user'), Config::read_string('database_password'), $options);
} } else {
else {
$link = new PDO($dsn, null, null, $options); $link = new PDO($dsn, null, null, $options);
} }
@ -1658,8 +1627,7 @@ function db_prepared_insert($sql, array $values = array()) {
try { try {
$stmt = $link->prepare($sql); $stmt = $link->prepare($sql);
$stmt->execute($values); $stmt->execute($values);
} } catch (PDOException $e) {
catch(PDOException $e) {
$error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ; $error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ;
error_log($error_text); error_log($error_text);
} }
@ -1673,15 +1641,13 @@ function db_prepared_insert($sql, array $values = array()) {
* @return array e.g. ['result' => PDOStatement, 'error' => string ] * @return array e.g. ['result' => PDOStatement, 'error' => string ]
*/ */
function db_prepared_query($sql, array $values = array(), $ignore_errors = false) { function db_prepared_query($sql, array $values = array(), $ignore_errors = false) {
$link = db_connect(); $link = db_connect();
$error_text = ''; $error_text = '';
try { try {
$stmt = $link->prepare($sql); $stmt = $link->prepare($sql);
$stmt->execute($values); $stmt->execute($values);
} } catch (PDOException $e) {
catch(PDOException $e) {
$error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ; $error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ;
error_log($error_text); error_log($error_text);
if (!$ignore_errors) { if (!$ignore_errors) {
@ -1701,32 +1667,10 @@ function db_prepared_query($sql, array $values = array(), $ignore_errors = false
* @param int $ignore_errors (default 0 aka do not ignore errors) * @param int $ignore_errors (default 0 aka do not ignore errors)
* @return array ['result' => resource, 'rows' => int ,'error' => string] * @return array ['result' => resource, 'rows' => int ,'error' => string]
*/ */
function db_query($query, $ignore_errors = 0) function db_query($query, $ignore_errors = 0) {
{
return db_prepared_query($query, array(), $ignore_errors == 0); return db_prepared_query($query, array(), $ignore_errors == 0);
} }
// db_row
// Action: Returns a row from a table
// Call: db_row (int result)
/**
* Get an associative array from a DB query resource.
*
* @param PDOStatement $result
* @return array
*/
function db_assoc(PDOStatement $result) {
$row = $result->fetch(PDO::FETCH_ASSOC);
if (!is_array($row)) {
$row = [];
}
return $row;
}
/** /**
@ -1746,7 +1690,6 @@ function db_delete($table, $where, $delete, $additionalwhere='') {
$query = "DELETE FROM $table WHERE $where = ? $additionalwhere"; $query = "DELETE FROM $table WHERE $where = ? $additionalwhere";
return db_prepared_insert($query, [$delete]); return db_prepared_insert($query, [$delete]);
} }
@ -1799,8 +1742,7 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
if (in_array($field, $timestamp)) { if (in_array($field, $timestamp)) {
$value_string .= $comma . $value; // see above. $value_string .= $comma . $value; // see above.
unset($prepared_statment_values[$field]); unset($prepared_statment_values[$field]);
} } else {
else {
$value_string .= $comma . ":{$field}"; $value_string .= $comma . ":{$field}";
} }
$comma = ','; $comma = ',';
@ -1810,7 +1752,6 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
return db_prepared_insert( return db_prepared_insert(
"INSERT INTO $table (" . implode(",", array_keys($values)) .") VALUES ($value_string)", "INSERT INTO $table (" . implode(",", array_keys($values)) .") VALUES ($value_string)",
$prepared_statment_values); $prepared_statment_values);
} }
@ -1826,7 +1767,6 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
* @return int - number of updated rows * @return int - number of updated rows
*/ */
function db_update($table, $where_col, $where_value, $values, $timestamp = array('modified')) { function db_update($table, $where_col, $where_value, $values, $timestamp = array('modified')) {
$table_key = table_by_key($table); $table_key = table_by_key($table);
$sql_values = array(); $sql_values = array();
@ -1837,16 +1777,13 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
if (in_array($key, $timestamp)) { if (in_array($key, $timestamp)) {
if (db_sqlite()) { if (db_sqlite()) {
$set[] = " $key = datetime('now') "; $set[] = " $key = datetime('now') ";
} } else {
else {
$set[] = " $key = now() "; $set[] = " $key = now() ";
} }
} } else {
else {
$set[] = " $key = :$key "; $set[] = " $key = :$key ";
$pvalues[$key] = $value; $pvalues[$key] = $value;
} }
} }
/* @todo this needs refactoring/moving out from here */ /* @todo this needs refactoring/moving out from here */
@ -1867,7 +1804,6 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
$sql="UPDATE $table_key SET " . implode(",", $set) . " WHERE $where_col = :where"; $sql="UPDATE $table_key SET " . implode(",", $set) . " WHERE $where_col = :where";
return db_prepared_insert($sql, $pvalues); return db_prepared_insert($sql, $pvalues);
} }
@ -2042,8 +1978,7 @@ function check_db_version($error_out = true) {
if (isset($row['value'])) { if (isset($row['value'])) {
$dbversion = (int) $row['value']; $dbversion = (int) $row['value'];
} } else {
else {
db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0); db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0);
} }
@ -2071,10 +2006,10 @@ function gen_show_status($show_alias) {
$stat_string = ""; $stat_string = "";
$stat_goto = ""; $stat_goto = "";
$stat_result = db_prepared_fetch_all("SELECT goto FROM $table_alias WHERE address=?", [$show_alias]); $stat_result = db_prepared_fetch_one("SELECT goto FROM $table_alias WHERE address=?", array($show_alias));
if (sizeof($stat_result) > 0) { if ($stat_result) {
$stat_goto = $stat_result[0]['goto']; $stat_goto = $stat_result['goto'];
} }
$delimiter_regex = null; $delimiter_regex = null;
@ -2115,11 +2050,12 @@ function gen_show_status($show_alias) {
$sql .= " OR address = ? "; $sql .= " OR address = ? ";
} }
$stat_result = db_prepared_query($sql, $v); $stat_result = db_prepared_fetch_one($sql, $v);
if (array_key_exists('rows', $stat_result) && $stat_result['rows'] == 0) { if (empty($stat_result)) {
$stat_ok = 0; $stat_ok = 0;
} }
if ($stat_ok == 0) { if ($stat_ok == 0) {
if ($stat_domain == $CONF['vacation_domain'] || in_array($stat_domain, $CONF['show_undeliverable_exceptions'])) { if ($stat_domain == $CONF['vacation_domain'] || in_array($stat_domain, $CONF['show_undeliverable_exceptions'])) {
$stat_ok = 1; $stat_ok = 1;
@ -2135,8 +2071,8 @@ function gen_show_status($show_alias) {
// Vacation CHECK // Vacation CHECK
if ( $CONF['show_vacation'] == 'YES' ) { if ( $CONF['show_vacation'] == 'YES' ) {
$stat_result = db_prepared_query("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ; $stat_result = db_prepared_fetch_one("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ;
if ($stat_result['rows'] == 1) { if (!empty($stat_result)) {
$stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;"; $stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
} else { } else {
$stat_string .= $CONF['show_status_text'] . "&nbsp;"; $stat_string .= $CONF['show_status_text'] . "&nbsp;";
@ -2145,11 +2081,11 @@ function gen_show_status($show_alias) {
// Disabled CHECK // Disabled CHECK
if ( $CONF['show_disabled'] == 'YES' ) { if ( $CONF['show_disabled'] == 'YES' ) {
$stat_result = db_prepared_query( $stat_result = db_prepared_fetch_one(
"SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND active = ?", "SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND active = ?",
array($show_alias, db_get_boolean(false)) array($show_alias, db_get_boolean(false))
); );
if ($stat_result['rows'] == 1) { if (!empty($stat_result)) {
$stat_string .= "<span style='background-color:" . $CONF['show_disabled_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;"; $stat_string .= "<span style='background-color:" . $CONF['show_disabled_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
} else { } else {
$stat_string .= $CONF['show_status_text'] . "&nbsp;"; $stat_string .= $CONF['show_status_text'] . "&nbsp;";
@ -2163,9 +2099,9 @@ function gen_show_status($show_alias) {
$now = "datetime('now')"; $now = "datetime('now')";
} }
$stat_result = db_prepared_query("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) )); $stat_result = db_prepared_fetch_one("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) ));
if ($stat_result['rows'] == 1) { if (!empty($stat_result)) {
$stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;"; $stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
} else { } else {
$stat_string .= $CONF['show_status_text'] . "&nbsp;"; $stat_string .= $CONF['show_status_text'] . "&nbsp;";

4
model/AdminHandler.php
Unescape Escape View File

@ -154,8 +154,8 @@ class AdminHandler extends PFAHandler {
'domain' => 'ALL', 'domain' => 'ALL',
); );
$where = db_where_clause(array('username' => $this->id, 'domain' => 'ALL'), $this->struct); $where = db_where_clause(array('username' => $this->id, 'domain' => 'ALL'), $this->struct);
$result = db_query("SELECT username from " . table_by_key('domain_admins') . " " . $where); $result = db_prepared_fetch_one("SELECT username from " . table_by_key('domain_admins') . " " . $where);
if ($result['rows'] == 0) { if(empty($result)) {
db_insert('domain_admins', $values, array('created')); db_insert('domain_admins', $values, array('created'));
# TODO: check for errors # TODO: check for errors
} }

4
model/PFAHandler.php
Unescape Escape View File

@ -727,7 +727,9 @@ abstract class PFAHandler {
$db_result = array(); $db_result = array();
$result = db_prepared_fetch_all($query); $result = db_prepared_fetch_all($query);
foreach ($result as $row) { foreach ($result as $row) {
$db_result[$row[$this->id_field]] = $row; $db_result[$row[$this->id_field]] = $row;
} }
@ -814,7 +816,6 @@ abstract class PFAHandler {
* @return boolean true on successful login (i.e. password matches etc) * @return boolean true on successful login (i.e. password matches etc)
*/ */
public function login($username, $password) { public function login($username, $password) {
$table = table_by_key($this->db_table); $table = table_by_key($this->db_table);
$active = db_get_boolean(true); $active = db_get_boolean(true);
$query = "SELECT password FROM $table WHERE {$this->id_field} = :username AND active = :active"; $query = "SELECT password FROM $table WHERE {$this->id_field} = :username AND active = :active";
@ -861,7 +862,6 @@ abstract class PFAHandler {
* @return boolean true on success (i.e. code matches etc) * @return boolean true on success (i.e. code matches etc)
*/ */
public function checkPasswordRecoveryCode($username, $token) { public function checkPasswordRecoveryCode($username, $token) {
$table = table_by_key($this->db_table); $table = table_by_key($this->db_table);
$active = db_get_boolean(true); $active = db_get_boolean(true);

5
model/VacationHandler.php
Unescape Escape View File

@ -186,7 +186,6 @@ class VacationHandler extends PFAHandler {
* will return false if no existing data * will return false if no existing data
*/ */
public function get_details() { public function get_details() {
$table_vacation = table_by_key('vacation'); $table_vacation = table_by_key('vacation');
$sql = "SELECT * FROM $table_vacation WHERE email = :username"; $sql = "SELECT * FROM $table_vacation WHERE email = :username";
@ -244,8 +243,8 @@ class VacationHandler extends PFAHandler {
// is there an entry in the vacaton table for the user, or do we need to insert? // is there an entry in the vacaton table for the user, or do we need to insert?
$table_vacation = table_by_key('vacation'); $table_vacation = table_by_key('vacation');
$result = db_query("SELECT * FROM $table_vacation WHERE email = '$E_username'"); $result = db_prepared_fetch_one("SELECT * FROM $table_vacation WHERE email = ?", array($this->username));
if ($result['rows'] == 1) { if(!empty($result)) {
$result = db_update('vacation', 'email', $this->username, $vacation_data); $result = db_update('vacation', 'email', $this->username, $vacation_data);
} else { } else {
$result = db_insert('vacation', $vacation_data); $result = db_insert('vacation', $vacation_data);

2
public/backup.php
Unescape Escape View File

@ -101,7 +101,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
foreach ($result as $row) { foreach ($result as $row) {
fwrite($fh, array_pop($row)); fwrite($fh, array_pop($row));
} }
} }
for ($i = 0 ; $i < sizeof($tables) ; ++$i) { for ($i = 0 ; $i < sizeof($tables) ; ++$i) {
@ -120,7 +119,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
$fields = ""; $fields = "";
$values = ""; $values = "";
} }
} }
} }
header("Content-Type: text/plain"); header("Content-Type: text/plain");

1
public/list-virtual.php
Unescape Escape View File

@ -229,7 +229,6 @@ $delimiter = preg_quote($CONF['recipient_delimiter'], "/");
$goto_single_rec_del = ""; $goto_single_rec_del = "";
foreach ($result as $row) { foreach ($result as $row) {
if ($display_mailbox_aliases) { if ($display_mailbox_aliases) {
$goto_split = explode(",", $row['goto']); $goto_split = explode(",", $row['goto']);
$row['goto_mailbox'] = 0; $row['goto_mailbox'] = 0;

1
public/list.php
Unescape Escape View File

@ -76,6 +76,7 @@ if (count($search)) {
} else { } else {
$handler->getList(''); $handler->getList('');
} }
$items = $handler->result(); $items = $handler->result();
if (count($handler->errormsg)) { if (count($handler->errormsg)) {

1
public/upgrade.php
Unescape Escape View File

@ -1416,7 +1416,6 @@ function upgrade_1284_mysql_pgsql() {
printdebug("Setting superadmin flag for " . $row['username']); printdebug("Setting superadmin flag for " . $row['username']);
db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true))); db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
} }
} }
function upgrade_1345_mysql() { function upgrade_1345_mysql() {

3
tests/DbBasicTest.php
Unescape Escape View File

@ -3,7 +3,6 @@
require_once('common.php'); require_once('common.php');
class DbBasicTest extends \PHPUnit\Framework\TestCase { class DbBasicTest extends \PHPUnit\Framework\TestCase {
private $test_domain; private $test_domain;
public function setUp() { public function setUp() {
@ -12,10 +11,8 @@ class DbBasicTest extends \PHPUnit\Framework\TestCase {
$this->test_domain = $test_domain; $this->test_domain = $test_domain;
$db->exec("DELETE FROM domain WHERE domain = '$test_domain'"); $db->exec("DELETE FROM domain WHERE domain = '$test_domain'");
} }
public function testInsertDeleteDomain() { public function testInsertDeleteDomain() {
$domain = $this->test_domain; $domain = $this->test_domain;
$username = 'testusername' . uniqid(); $username = 'testusername' . uniqid();

Write Preview
Loading…
Cancel
Save