From 1a35cccf5e33fb38c27d8e4667b8519d50117eab Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sun, 1 Dec 2013 19:05:14 +0000
Subject: [PATCH] list-virtual.php: - remember domain and page browser offset
 in $_SESSION   (fixes 50% of http://sourceforge.net/p/postfixadmin/bugs/298/
 ) - various cleanups

functions.inc.php:
- add safesession() (like safeget(), but for $_SESSION)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1593 a1433add-5e2c-0410-b055-b7f2511e0802
---
 functions.inc.php | 14 +++++++++++
 list-virtual.php  | 59 ++++++++++++++---------------------------------
 2 files changed, 31 insertions(+), 42 deletions(-)

diff --git a/functions.inc.php b/functions.inc.php
index 6b93bc42..f397e889 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -361,6 +361,20 @@ function safecookie ($param, $default="") {
     return $retval;
 }
 
+/**
+ * safesession
+ * @see safeget()
+ * @param String $param 
+ * @param String $default (optional)
+ * @return String value from $_SESSION[$param] or $default
+ */
+function safesession ($param, $default="") {
+    $retval=$default;
+    if (isset($_SESSION[$param])) $retval=$_SESSION[$param];
+    return $retval;
+}
+
+
 /**
  * pacol
  * @param int $allow_editing
diff --git a/list-virtual.php b/list-virtual.php
index 7ad19e68..729ffb44 100644
--- a/list-virtual.php
+++ b/list-virtual.php
@@ -16,48 +16,32 @@
  *
  * Template File: list-virtual.php
  *
- * Template Variables:
- *
- * tAlias
- * tMailbox
- *
  * Form POST \ GET Variables:
  *
  * fDomain
  * fDisplay
+ * search
  */
 require_once('common.php');
 
 
 authentication_require_role('admin');
 
-$fDomain = false;
 $admin_username = authentication_get_username();
 
-if (authentication_has_role('global-admin')) {
-    $list_domains = list_domains ();
-    $is_superadmin = 1;
-} else {
-    $list_domains = list_domains_for_admin(authentication_get_username());
-    $is_superadmin = 0;
-}
-$tAlias = array();
-$tMailbox = array();
-$fDisplay = 0;
+$list_domains = list_domains_for_admin($admin_username);
+
 $page_size = $CONF['page_size'];
 
-if ($_SERVER['REQUEST_METHOD'] == "GET") {
-    if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
-    if (isset ($_GET['limit'])) $fDisplay = intval ($_GET['limit']);
-    $search = escape_string(safeget('search'));
-} else {
-    if (isset ($_POST['fDomain'])) $fDomain = escape_string ($_POST['fDomain']);
-    if (isset ($_POST['limit'])) $fDisplay = intval ($_POST['limit']);
-    $search = escape_string(safepost('search'));
+$fDomain = safepost('fDomain', safeget('domain', safesession('list-virtual:domain')));
+if (safesession('list-virtual:domain') != $fDomain) {
+    unset($_SESSION['list-virtual:limit']);
 }
+$fDisplay = (int) safepost('limit', safeget('limit', safesession('list-virtual:limit')));
+$search   = safepost('search',  safeget('search', '')); # not remembered in the session
 
 if (count($list_domains) == 0) {
-    if ($is_superadmin) {
+    if (authentication_has_role('global-admin')) {
         flash_error($PALANG['no_domains_exist']);
     } else {
         flash_error($PALANG['no_domains_for_this_admin']);
@@ -74,21 +58,22 @@ if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) {
 
 if(!in_array($fDomain, $list_domains)) {
     flash_error( $PALANG['invalid_parameter'] );
+    unset($_SESSION['list-virtual:domain']);
     header("Location: list-domain.php"); # invalid domain, or not owned by this admin
     exit;
 }
 
 if (!check_owner(authentication_get_username(), $fDomain)) { 
     flash_error( $PALANG['invalid_parameter'] . " If you see this message, please open a bugreport"); # this check is most probably obsoleted by the in_array() check above
+    unset($_SESSION['list-virtual:domain']);
     header("Location: list-domain.php"); # domain not owned by this admin
     exit(0);
 }
 
-// store fDomain in $_SESSION so after adding/editing aliases/mailboxes we can
-// take the user back to the appropriate domain listing. (see templates/menu.tpl)
-if($fDomain) {
-    $_SESSION['list_virtual_sticky_domain'] = $fDomain;
-}
+// store domain and page browser offset in $_SESSION so after adding/editing aliases/mailboxes we can
+// take the user back to the appropriate domain listing.
+$_SESSION['list-virtual:domain'] = $fDomain;
+$_SESSION['list-virtual:limit'] = $fDisplay;
 
 #
 # alias domain
@@ -120,28 +105,17 @@ if (Config::bool('alias_domain')) {
 
 if ($search == "") {
     $list_param = "domain='$fDomain'";
-    # sql_domain / sql_where only needed for pagebrowser
     $sql_domain = " $table_alias.domain='$fDomain' ";
-    $sql_where  = "";
 } else {
     $list_param = "(address LIKE '%$search%' OR goto LIKE '%$search%')";
-    # sql_domain / sql_where only needed for pagebrowser
     $sql_domain = db_in_clause("$table_alias.domain", $list_domains);
-    $sql_where  = " AND ( address LIKE '%$search%' OR goto LIKE '%$search%' ) ";
 }
 
 $alias_pagebrowser_query = "
     FROM $table_alias
-    WHERE $sql_domain AND NOT EXISTS(SELECT 1 FROM $table_mailbox WHERE username=$table_alias.address) $sql_where
+    WHERE $sql_domain AND NOT EXISTS(SELECT 1 FROM $table_mailbox WHERE username=$table_alias.address) AND ( $list_param )
     ORDER BY address 
 ";
-/*
-$query = "
-    SELECT address, goto, modified, active
-    $alias_pagebrowser_query
-    LIMIT $page_size OFFSET $fDisplay
-";
-*/
 
 $handler = new AliasHandler(0, $admin_username);
 $handler->getList($list_param, $page_size, $fDisplay);
@@ -203,6 +177,7 @@ if ($result['rows'] > 0) {
     $delimiter = preg_quote($CONF['recipient_delimiter'], "/");
     $goto_single_rec_del = "";
 
+    $tMailbox = array();
     while ($row = db_array ($result['result'])) {
         if ($display_mailbox_aliases) {
             $goto_split = explode(",", $row['goto']);