diff --git a/config.inc.php b/config.inc.php index ecd89298..ce37328a 100644 --- a/config.inc.php +++ b/config.inc.php @@ -139,7 +139,10 @@ $CONF['smtp_client'] = ''; // mysql_encrypt = useful for PAM integration // authlib = support for courier-authlib style passwords // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 -// (WARNING: don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case) +// IMPORTANT: +// - don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case +// - you'll need at least dovecot 2.1 for salted passwords ('doveadm pw' 2.0.x doesn't support the '-t' option) +// - dovecot 2.0.0 - 2.0.7 is not supported $CONF['encrypt'] = 'md5crypt'; // In what flavor should courier-authlib style passwords be encrypted? diff --git a/css/default.css b/css/default.css index 4786e701..248e7874 100644 --- a/css/default.css +++ b/css/default.css @@ -170,6 +170,7 @@ ul.flash-error { color: #999999; border:2px solid white; border-top:none; + z-index:101; } #menu li:hover ul, #menu li.sfhover ul, #tabbar li:hover ul, #tabbar li.sfhover ul { diff --git a/functions.inc.php b/functions.inc.php index 5dd7a389..3f88915f 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -198,7 +198,7 @@ function language_selector() { * TODO: skip DNS check if the domain exists in PostfixAdmin? */ function check_domain ($domain) { - if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,13}$/i', ($domain))) { + if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([-0-9A-Z]){2,13}$/i', ($domain))) { return sprintf(Config::lang('pInvalidDomainRegex'), htmlentities($domain)); } @@ -866,7 +866,6 @@ function validate_password($password) { */ function pacrypt ($pw, $pw_db="") { global $CONF; - $pw = stripslashes($pw); $password = ""; $salt = ""; @@ -1345,8 +1344,8 @@ function db_get_boolean($bool) { * @return string */ function db_quota_text($count, $quota, $fieldname) { - if (db_sqlite()) { - // SQLite uses || to concatenate strings + if (db_pgsql() || db_sqlite()) { + // SQLite and PostgreSQL use || to concatenate strings return " CASE $quota WHEN '-1' THEN (coalesce($count,0) || ' / -') WHEN '0' THEN (coalesce($count,0) || ' / " . escape_string(html_entity_decode('∞')) . "') diff --git a/scripts/postfixadmin-cli.php b/scripts/postfixadmin-cli.php index 6170ca4f..a583dfd8 100644 --- a/scripts/postfixadmin-cli.php +++ b/scripts/postfixadmin-cli.php @@ -413,8 +413,9 @@ class PostfixAdmin { $this->params[$key] = true; unset($params[$i]); if (isset($params[++$i])) { - if ($params[$i]{0} !== '-') { - $this->params[$key] = str_replace('"', '', $params[$i]); + # TODO: ideally we should know if a parameter can / must have a value instead of whitelisting known valid values starting with '-' (probably only bool doesn't need a value) + if ($params[$i]{0} !== '-' or $params[$i] != '-1') { + $this->params[$key] = $params[$i]; unset($params[$i]); } else { $i--; diff --git a/upgrade.php b/upgrade.php index 741e24f6..ddaefa80 100644 --- a/upgrade.php +++ b/upgrade.php @@ -251,6 +251,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { '{INNODB}' => 'ENGINE=InnoDB', '{INT}' => 'integer NOT NULL DEFAULT 0', '{BIGINT}' => 'bigint NOT NULL DEFAULT 0', + '{DATETIME}' => "datetime NOT NULL default '2000-01-01 00:00:00'", # different from {DATE} only for MySQL '{DATE}' => "timestamp NOT NULL default '2000-01-01'", # MySQL needs a sane default (no default is interpreted as CURRENT_TIMESTAMP, which is ... '{DATECURRENT}' => 'timestamp NOT NULL default CURRENT_TIMESTAMP', # only allowed once per table in MySQL ); @@ -272,6 +273,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { '{INNODB}' => '', '{INT}' => 'int(11) NOT NULL DEFAULT 0', '{BIGINT}' => 'bigint(20) NOT NULL DEFAULT 0', + '{DATETIME}' => "datetime NOT NULL default '2000-01-01'", '{DATE}' => "datetime NOT NULL default '2000-01-01'", '{DATECURRENT}' => 'datetime NOT NULL default CURRENT_TIMESTAMP', ); @@ -294,6 +296,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { 'int(10)' => 'int', 'int(11)' => 'int', 'int(4)' => 'int', + '{DATETIME}' => "timestamp with time zone default '2000-01-01'", # stay in sync with MySQL '{DATE}' => "timestamp with time zone default '2000-01-01'", # stay in sync with MySQL '{DATECURRENT}' => 'timestamp with time zone default now()', ); @@ -364,8 +367,8 @@ function upgrade_1_mysql() { CREATE TABLE {IF_NOT_EXISTS} $admin ( `username` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Admins';"; @@ -375,8 +378,8 @@ function upgrade_1_mysql() { `address` varchar(255) NOT NULL default '', `goto` text NOT NULL, `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`address`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Aliases'; "; @@ -391,8 +394,8 @@ function upgrade_1_mysql() { `quota` bigint(20) NOT NULL default '0', `transport` varchar(255) default NULL, `backupmx` tinyint(1) NOT NULL default '0', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`domain`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Domains'; "; @@ -401,14 +404,14 @@ function upgrade_1_mysql() { CREATE TABLE {IF_NOT_EXISTS} $domain_admins ( `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, `active` tinyint(1) NOT NULL default '1', KEY username (`username`) ) {MYISAM} COMMENT='Postfix Admin - Domain Admins';"; $sql[] = " CREATE TABLE {IF_NOT_EXISTS} $log ( - `timestamp` datetime NOT NULL default '0000-00-00 00:00:00', + `timestamp` {DATETIME}, `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', `action` varchar(255) NOT NULL default '', @@ -424,8 +427,8 @@ function upgrade_1_mysql() { `maildir` varchar(255) NOT NULL default '', `quota` bigint(20) NOT NULL default '0', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Mailboxes';"; @@ -437,7 +440,7 @@ function upgrade_1_mysql() { body text NOT NULL, cache text NOT NULL, domain varchar(255) NOT NULL , - created datetime NOT NULL default '0000-00-00 00:00:00', + created {DATETIME}, active tinyint(4) NOT NULL default '1', PRIMARY KEY (email), KEY email (email) @@ -596,22 +599,22 @@ function upgrade_3_mysql() { $table_vacation = table_by_key ('vacation'); if(!_mysql_field_exists($table_admin, 'created')) { - db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_admin, 'modified')) { - db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_alias, 'created')) { - db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_alias, 'modified')) { - db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_domain, 'created')) { - db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_domain, 'modified')) { - db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_domain, 'aliases')) { db_query_parsed("ALTER TABLE $table_domain ADD COLUMN aliases INT(10) DEFAULT '-1' NOT NULL AFTER description;"); @@ -629,10 +632,10 @@ function upgrade_3_mysql() { db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx TINYINT(1) DEFAULT '0' NOT NULL AFTER transport;"); } if(!_mysql_field_exists($table_mailbox, 'created')) { - db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_mailbox, 'modified')) { - db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_mailbox, 'quota')) { db_query_parsed("ALTER TABLE $table_mailbox ADD COLUMN quota INT(10) DEFAULT '-1' NOT NULL AFTER maildir;"); @@ -641,7 +644,7 @@ function upgrade_3_mysql() { db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN domain VARCHAR(255) DEFAULT '' NOT NULL AFTER cache;"); } if(!_mysql_field_exists($table_vacation, 'created')) { - db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL AFTER domain;"); + db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN created {DATETIME} AFTER domain;"); } if(!_mysql_field_exists($table_vacation, 'active')) { db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN active TINYINT(1) DEFAULT '1' NOT NULL AFTER created;"); @@ -763,8 +766,8 @@ function upgrade_5_mysql() { CREATE TABLE {IF_NOT_EXISTS} `" . table_by_key('admin') . "` ( `username` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`), KEY username (`username`) @@ -775,8 +778,8 @@ function upgrade_5_mysql() { `address` varchar(255) NOT NULL default '', `goto` text NOT NULL, `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`address`), KEY address (`address`) @@ -793,8 +796,8 @@ function upgrade_5_mysql() { `quota` int(10) NOT NULL default '0', `transport` varchar(255) default NULL, `backupmx` tinyint(1) NOT NULL default '0', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`domain`), KEY domain (`domain`) @@ -805,7 +808,7 @@ function upgrade_5_mysql() { CREATE TABLE {IF_NOT_EXISTS} `" . table_by_key('domain_admins') . "` ( `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, `active` tinyint(1) NOT NULL default '1', KEY username (`username`) ) {MYISAM} DEFAULT {LATIN1} COMMENT='Postfix Admin - Domain Admins'; @@ -813,7 +816,7 @@ function upgrade_5_mysql() { $result = db_query_parsed(" CREATE TABLE {IF_NOT_EXISTS} `" . table_by_key('log') . "` ( - `timestamp` datetime NOT NULL default '0000-00-00 00:00:00', + `timestamp` {DATETIME}, `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', `action` varchar(255) NOT NULL default '', @@ -830,8 +833,8 @@ function upgrade_5_mysql() { `maildir` varchar(255) NOT NULL default '', `quota` int(10) NOT NULL default '0', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`), KEY username (`username`) @@ -845,7 +848,7 @@ function upgrade_5_mysql() { `body` text NOT NULL, `cache` text NOT NULL, `domain` varchar(255) NOT NULL, - `created` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`email`), KEY email (`email`) @@ -1022,8 +1025,8 @@ function upgrade_438_mysql() { CREATE TABLE IF NOT EXISTS $table_alias_domain ( `alias_domain` varchar(255) NOT NULL default '', `target_domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`alias_domain`), KEY `active` (`active`), @@ -1626,6 +1629,24 @@ function upgrade_1824_sqlite() { } + +function upgrade_1835_mysql() { + # change default values for existing datetime fields with a 0000-00-00 default to {DATETIME} + + foreach (array('admin', 'alias', 'alias_domain', 'domain', 'mailbox', 'domain_admins', 'vacation') as $table_to_change) { + $table = table_by_key($table_to_change); + db_query_parsed("ALTER TABLE `$table` CHANGE `created` `created` {DATETIME}"); + } + + foreach (array('admin', 'alias', 'alias_domain', 'domain', 'mailbox') as $table_to_change) { + $table = table_by_key($table_to_change); + db_query_parsed("ALTER TABLE `$table` CHANGE `modified` `modified` {DATETIME}"); + } + + $table = table_by_key('log'); + db_query_parsed("ALTER TABLE `$table` CHANGE `timestamp` `timestamp` {DATETIME}"); +} + # TODO MySQL: # - various varchar fields do not have a default value # https://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/3419725