- merged admin/delete.php into /delete.php

- the WHERE fieldname is now hardcoded instead of being a $_GET parameter This fixes a possible security hole in admin/delete.php (only vulnerabe when logged in as global-admin) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@166 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago · 39ed97329f
parent 30e72a6931
commit 39ed97329f
5 changed files with 105 additions and 197 deletions
--- a/admin/delete.php
+++ b/admin/delete.php
@ -1,161 +1,3 @@
 <?php
-/** 
+require('../delete.php');
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at : 
 *     http://www.postfixadmin.com or http://postfixadmin.sf.net 
 * 
 * @version $Id$ 
 * @license GNU GPL v2 or later. 
 * 
 * File: delete.php
 * Used to delete a domain, mailbox or alias.
 *
 * Template File: message.tpl
 *
 * Template Variables:
 *
 * tMessage
 *
 * Form POST \ GET Variables:
 *
 * fTable
 * fWhere
 * fDelete
 * fDomain
 */
 require_once('../common.php');
 authentication_require_role('global-admin');
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
   if (isset ($_GET['table'])) $fTable = escape_string ($_GET['table']);
   if (isset ($_GET['where'])) $fWhere = escape_string ($_GET['where']);
   if (isset ($_GET['delete'])) $fDelete = escape_string ($_GET['delete']);
   if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
   if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
   $error=0;
   if (empty ($fTable))
   {
      $error = 1;
   }
   if ($fTable == "domain")
   {
      $result_domain_admins = db_delete ($table_domain_admins,$fWhere,$fDelete);
      $result_alias = db_delete ($table_alias,$fWhere,$fDelete);
      $result_mailbox = db_delete ($table_mailbox,$fWhere,$fDelete);
      $result_log = db_delete ($table_log,$fWhere,$fDelete);
      if ($CONF['vacation'] == "YES")
      {
         $result_vacation = db_delete ($table_vacation,$fWhere,$fDelete);
      }
      $result_domain = db_delete ($table_domain,$fWhere,$fDelete);
      if (!$result_domain || !domain_postdeletion($fDelete))
      {
         $error = 1;
         $tMessage = $PALANG['pAdminDelete_domain_error'];
      }
      else
      {
         $url = "list-domain.php";
      }
   }
   if ($fTable == "admin")
   {
      $result_admin = db_delete ($table_admin,$fWhere,$fDelete);
      $result_domain_admins = db_delete ($table_domain_admins,$fWhere,$fDelete);
      if (!($result_admin == 1) and ($result_domain_admins >= 0))
      {
         $error = 1;
         $tMessage = $PALANG['pAdminDelete_admin_error'];
      }
      else
      {
         $url = "list-admin.php";
      }
   }
   if ($fTable == "alias" or $fTable == "mailbox")
   {
      if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
      $result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
      if ($result['rows'] != 1)
      {
         $error = 1;
         $tMessage = $PALANG['pDelete_delete_error'] . "<b>$fDelete</b> (alias)!</span>";
      }
      else
      {
         $url = "list-virtual.php?domain=$fDomain";
         db_log ($SESSID_USERNAME , $fDomain, 'delete_alias', $fDelete);
      }
      if (!$error)
      {
         $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fDelete' AND domain='$fDomain'");
         if ($result['rows'] == 1)
         {
            $result = db_query ("DELETE FROM $table_mailbox WHERE username='$fDelete' AND domain='$fDomain'");
            $postdel_res=mailbox_postdeletion($fDelete,$fDomain);
            if ($result['rows'] != 1 || !$postdel_res)
            {
               $error = 1;
               $tMessage = $PALANG['pDelete_delete_error'] . "<b>$fDelete</b> (";
               if ($result['rows']!=1)
               {
                  $tMessage.='mailbox';
                  if (!$postdel_res) $tMessage.=', ';
               }
               if (!$postdel_res)
               {
                  $tMessage.='post-deletion';
               }
               $tMessage.=')</span>';
            }
            else
            {
               $url = "list-virtual.php?domain=$fDomain";
               db_query ("DELETE FROM $table_vacation WHERE email='$fDelete' AND domain='$fDomain'");
               db_log ($SESSID_USERNAME, $fDomain, 'delete_mailbox', $fDelete);
            }
         }
      }
   }
   if ($error == 1)
   {
      if ($CONF['database_type']=='pgsql') { db_query('ROLLBACK'); }
   } else {
      if ($CONF['database_type']=='pgsql') { db_query('COMMIT'); }
      header ("Location: $url");
      exit;
   }
   include ("../templates/header.tpl");
   include ("../templates/admin_menu.tpl");
   include ("../templates/message.tpl");
   include ("../templates/footer.tpl");
 }
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
   include ("../templates/header.tpl");
   include ("../templates/menu.tpl");
   include ("../templates/message.tpl");
   include ("../templates/footer.tpl");
 }
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
 ?>
--- a/delete.php
+++ b/delete.php
@ -13,14 +13,9 @@
 * @license GNU GPL v2 or later. 
 * 
 * File: delete.php
- * Responsible for allowing for the deletion of domains; note if 
+ * Used to delete admins, domains, mailboxes and aliases.
- * a domain is deleted, all mailboxes and aliases belonging to the 
+ * Note: if a domain is deleted, all mailboxes and aliases belonging 
- * domain are also removed.
+ * to the domain are also removed.
 *
 * @version $Id$
 * @license GNU GPL v2 or later.
 *
 * Template Variables:
 *
 * Template File: message.tpl
 *
@ -30,6 +25,7 @@
 *
 * Form POST \ GET Variables:
 *
 * fTable
 * fDelete
 * fDomain
 */
@ -39,11 +35,61 @@ require_once('common.php');
 authentication_require_role('admin');
 $SESSID_USERNAME = authentication_get_username();
 $error = 0;
 $fTable  = escape_string (safeget('table') ); # see the if blocks below for valid values
 $fDelete = escape_string (safeget('delete'));
 $fDomain = escape_string (safeget('domain'));
 $error=0;
 if ($fTable == "admin")
 {
   authentication_require_role('global-admin');
   $fWhere = 'username';
   $result_admin = db_delete ($table_admin,$fWhere,$fDelete);
   $result_domain_admins = db_delete ($table_domain_admins,$fWhere,$fDelete);
   if (!($result_admin == 1) and ($result_domain_admins >= 0))
   {
      $error = 1;
      $tMessage = $PALANG['pAdminDelete_admin_error'];
   }
   else
   {
      $url = "list-admin.php";
      header ("Location: $url");
   }
 } # ($fTable == "admin")
 elseif ($fTable == "domain")
 {
   authentication_require_role('global-admin');
   $fWhere = 'domain';
   $result_domain_admins = db_delete ($table_domain_admins,$fWhere,$fDelete);
   $result_alias = db_delete ($table_alias,$fWhere,$fDelete);
   $result_mailbox = db_delete ($table_mailbox,$fWhere,$fDelete);
   $result_log = db_delete ($table_log,$fWhere,$fDelete);
   if ($CONF['vacation'] == "YES")
   {
      $result_vacation = db_delete ($table_vacation,$fWhere,$fDelete);
   }
   $result_domain = db_delete ($table_domain,$fWhere,$fDelete);
-if ($_SERVER['REQUEST_METHOD'] == "GET")
+   if (!$result_domain || !domain_postdeletion($fDelete))
   {
      $error = 1;
      $tMessage = $PALANG['pAdminDelete_domain_error'];
   }
   else
   {
      $url = "list-domain.php";
      header ("Location: $url");
   }
 } # ($fTable == "domain")
 elseif ($fTable == "alias" or $fTable == "mailbox")
 {
   if (isset ($_GET['delete'])) $fDelete = escape_string ($_GET['delete']);
   if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
   if (!check_owner ($SESSID_USERNAME, $fDomain))
   {
@ -58,7 +104,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
   else
   {
      if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
      $result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
      if ($result['rows'] != 1)
      {
@ -70,6 +115,8 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
         db_log ($SESSID_USERNAME, $fDomain, 'delete_alias', $fDelete);
      }
      if (!$error)
      {
         $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fDelete' AND domain='$fDomain'");
         if ($result['rows'] == 1)
         {
@ -84,7 +131,10 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
                  $tMessage.='mailbox';
                  if (!$postdel_res) $tMessage.=', ';
               }
-            if (!$postdel_res) $tMessage.='post-deletion';
+               if (!$postdel_res)
               {
                  $tMessage.='post-deletion';
               }
               $tMessage.=')</span>';
            }
            else
@ -94,22 +144,38 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
            }
         }
      }
   }
   if ($error != 1)
   {
      if ($CONF['database_type'] == "pgsql") db_query('COMMIT');
-      header ("Location: overview.php?domain=$fDomain");
+      $url = "overview.php";
      if (authentication_has_role('global-admin')) $url = "list-virtual.php";
      header ("Location: $url?domain=$fDomain");
      exit;
   } else {
      $tMessage = $PALANG['pDelete_delete_error'] . "<b>$fDelete</b> (physical mail)!</span>";
      if ($CONF['database_type'] == "pgsql") db_query('ROLLBACK');
   }
 } # ($fTable == "alias" or $fTable == "mailbox")
 else
 {
   # unknown $fTable value
   flash_error($PALANG['invalid_parameter']);
 }
 include ("$incpath/templates/header.tpl");
 if (authentication_has_role('global-admin')) {
   include ("$incpath/templates/admin_menu.tpl");
 } else {
   include ("$incpath/templates/menu.tpl");
 }
-include ("./templates/header.tpl");
+include ("$incpath/templates/message.tpl");
-include ("./templates/menu.tpl");
+include ("$incpath/templates/footer.tpl");
 include ("./templates/message.tpl");
 include ("./templates/footer.tpl");
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
 ?>
--- a/templates/admin_list-admin.tpl
+++ b/templates/admin_list-admin.tpl
@ -22,7 +22,7 @@ if (sizeof ($list_admins) > 0)
         $active = ($admin_properties[$i]['active'] == 1) ? $PALANG['YES'] : $PALANG['NO'];
   		print "      <td><a href=\"edit-active-admin.php?username=" . $list_admins[$i] . "\">" . $active . "</a></td>";
   		print "      <td><a href=\"edit-admin.php?username=" . $list_admins[$i] . "\">" . $PALANG['edit'] . "</a></td>";
-   		print "      <td><a href=\"delete.php?table=admin&where=username&delete=" . $list_admins[$i] . "\" onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pAdminList_admin_username'] . ": " . $list_admins[$i] . "')\">" . $PALANG['del'] . "</a></td>";
+   		print "      <td><a href=\"delete.php?table=admin&delete=" . $list_admins[$i] . "\" onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pAdminList_admin_username'] . ": " . $list_admins[$i] . "')\">" . $PALANG['del'] . "</a></td>";
   		print "   </tr>\n";
 		}
   }
--- a/templates/admin_list-domain.tpl
+++ b/templates/admin_list-domain.tpl
@ -75,7 +75,7 @@ if (sizeof ($list_domains) > 0)
         $active = ($domain_properties[$i]['active'] == 1) ? $PALANG['YES'] : $PALANG['NO'];
         print "<td><a href=\"edit-active-domain.php?domain=" . $list_domains[$i] . "\">" . $active . "</a></td>";
         print "<td><a href=\"edit-domain.php?domain=" . $list_domains[$i] . "\">" . $PALANG['edit'] . "</a></td>";
-         print "<td><a href=\"delete.php?table=domain&where=domain&delete=" . $list_domains[$i] . "\" onclick=\"return confirm ('" . $PALANG['confirm_domain'] . $PALANG['pAdminList_admin_domain'] . ": " . $list_domains[$i] . "')\">" . $PALANG['del'] . "</a></td>";
+         print "<td><a href=\"delete.php?table=domain&delete=" . $list_domains[$i] . "\" onclick=\"return confirm ('" . $PALANG['confirm_domain'] . $PALANG['pAdminList_admin_domain'] . ": " . $list_domains[$i] . "')\">" . $PALANG['del'] . "</a></td>";
         print "</tr>\n";
 		}
   }
--- a/templates/overview.tpl
+++ b/templates/overview.tpl
@ -125,7 +125,7 @@ if (sizeof ($tAlias) > 0)
            $active = ($tAlias[$i]['active'] == 1) ? $PALANG['YES'] : $PALANG['NO'];
            print "      <td><a href=\"edit-active.php?alias=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\">" . $active . "</a></td>\n";
            print "      <td><a href=\"edit-alias.php?address=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\">" . $PALANG['edit'] . "</a></td>\n";
-            print "      <td><a href=\"delete.php?delete=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\"onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pOverview_get_aliases'] . ": ". $tAlias[$i]['address'] . "')\">" . $PALANG['del'] . "</a></td>\n";
+            print "      <td><a href=\"delete.php?table=alias&delete=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\"onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pOverview_get_aliases'] . ": ". $tAlias[$i]['address'] . "')\">" . $PALANG['del'] . "</a></td>\n";
         }
         else
         {
@ -134,7 +134,7 @@ if (sizeof ($tAlias) > 0)
               $active = ($tAlias[$i]['active'] == 1) ? $PALANG['YES'] : $PALANG['NO'];
               print "      <td><a href=\"edit-active.php?alias=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\">" . $active . "</a></td>\n";
               print "      <td><a href=\"edit-alias.php?address=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\">" . $PALANG['edit'] . "</a></td>\n";
-               print "      <td><a href=\"delete.php?delete=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\"onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pOverview_get_aliases'] . ": ". $tAlias[$i]['address'] . "')\">" . $PALANG['del'] . "</a></td>\n";
+               print "      <td><a href=\"delete.php?table=mailbox&delete=" . urlencode ($tAlias[$i]['address']) . "&domain=$fDomain" . "\"onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pOverview_get_aliases'] . ": ". $tAlias[$i]['address'] . "')\">" . $PALANG['del'] . "</a></td>\n";
            }
            else
            {