From a46720c8c85965d3261d8fbc86d15e2211ed1415 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 11 Apr 2016 23:54:34 +0000 Subject: [PATCH 1/7] config.inc.php: - add more detailed notes about unsupported dovecot:* encryption types (after hunting them down with r00t^2 on IRC) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1833 a1433add-5e2c-0410-b055-b7f2511e0802 --- config.inc.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config.inc.php b/config.inc.php index 827a9a8e..b95851e1 100644 --- a/config.inc.php +++ b/config.inc.php @@ -139,7 +139,10 @@ $CONF['smtp_client'] = ''; // mysql_encrypt = useful for PAM integration // authlib = support for courier-authlib style passwords // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 -// (WARNING: don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case) +// IMPORTANT: +// - don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case +// - you'll need at least dovecot 2.1 for salted passwords ('doveadm pw' 2.0.x doesn't support the '-t' option) +// - dovecot 2.0.0 - 2.0.7 is not supported $CONF['encrypt'] = 'md5crypt'; // In what flavor should courier-authlib style passwords be encrypted? From 9335232024a49f76bf3edb392823a6d174374aa1 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Apr 2016 11:23:35 +0000 Subject: [PATCH 2/7] functions.inc.php: - fix db_quota_text() for postgresql (concat() vs. ||) https://sourceforge.net/p/postfixadmin/bugs/370/ git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1834 a1433add-5e2c-0410-b055-b7f2511e0802 --- functions.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/functions.inc.php b/functions.inc.php index 5dd7a389..7053696c 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -1345,8 +1345,8 @@ function db_get_boolean($bool) { * @return string */ function db_quota_text($count, $quota, $fieldname) { - if (db_sqlite()) { - // SQLite uses || to concatenate strings + if (db_pgsql() || db_sqlite()) { + // SQLite and PostgreSQL use || to concatenate strings return " CASE $quota WHEN '-1' THEN (coalesce($count,0) || ' / -') WHEN '0' THEN (coalesce($count,0) || ' / " . escape_string(html_entity_decode('∞')) . "') From 336d7a8e2852d99bd3f1144259534c482ce5b644 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Apr 2016 21:20:25 +0000 Subject: [PATCH 3/7] upgrade.php: - change default date for 'created' and 'updated' columns from 0000-00-00 (which causes problems with MySQL strict mode) to 2000-01-01. This is done with a new {DATETIME} marker to reduce code duplication. - add upgrade_1835_mysql() to apply the same change to existing databases This fixes https://sourceforge.net/p/postfixadmin/bugs/5/ and https://sourceforge.net/p/postfixadmin/bugs/373/ (which are effectively duplicates) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1835 a1433add-5e2c-0410-b055-b7f2511e0802 --- upgrade.php | 87 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 54 insertions(+), 33 deletions(-) diff --git a/upgrade.php b/upgrade.php index 741e24f6..ddaefa80 100644 --- a/upgrade.php +++ b/upgrade.php @@ -251,6 +251,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { '{INNODB}' => 'ENGINE=InnoDB', '{INT}' => 'integer NOT NULL DEFAULT 0', '{BIGINT}' => 'bigint NOT NULL DEFAULT 0', + '{DATETIME}' => "datetime NOT NULL default '2000-01-01 00:00:00'", # different from {DATE} only for MySQL '{DATE}' => "timestamp NOT NULL default '2000-01-01'", # MySQL needs a sane default (no default is interpreted as CURRENT_TIMESTAMP, which is ... '{DATECURRENT}' => 'timestamp NOT NULL default CURRENT_TIMESTAMP', # only allowed once per table in MySQL ); @@ -272,6 +273,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { '{INNODB}' => '', '{INT}' => 'int(11) NOT NULL DEFAULT 0', '{BIGINT}' => 'bigint(20) NOT NULL DEFAULT 0', + '{DATETIME}' => "datetime NOT NULL default '2000-01-01'", '{DATE}' => "datetime NOT NULL default '2000-01-01'", '{DATECURRENT}' => 'datetime NOT NULL default CURRENT_TIMESTAMP', ); @@ -294,6 +296,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { 'int(10)' => 'int', 'int(11)' => 'int', 'int(4)' => 'int', + '{DATETIME}' => "timestamp with time zone default '2000-01-01'", # stay in sync with MySQL '{DATE}' => "timestamp with time zone default '2000-01-01'", # stay in sync with MySQL '{DATECURRENT}' => 'timestamp with time zone default now()', ); @@ -364,8 +367,8 @@ function upgrade_1_mysql() { CREATE TABLE {IF_NOT_EXISTS} $admin ( `username` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Admins';"; @@ -375,8 +378,8 @@ function upgrade_1_mysql() { `address` varchar(255) NOT NULL default '', `goto` text NOT NULL, `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`address`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Aliases'; "; @@ -391,8 +394,8 @@ function upgrade_1_mysql() { `quota` bigint(20) NOT NULL default '0', `transport` varchar(255) default NULL, `backupmx` tinyint(1) NOT NULL default '0', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`domain`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Domains'; "; @@ -401,14 +404,14 @@ function upgrade_1_mysql() { CREATE TABLE {IF_NOT_EXISTS} $domain_admins ( `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, `active` tinyint(1) NOT NULL default '1', KEY username (`username`) ) {MYISAM} COMMENT='Postfix Admin - Domain Admins';"; $sql[] = " CREATE TABLE {IF_NOT_EXISTS} $log ( - `timestamp` datetime NOT NULL default '0000-00-00 00:00:00', + `timestamp` {DATETIME}, `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', `action` varchar(255) NOT NULL default '', @@ -424,8 +427,8 @@ function upgrade_1_mysql() { `maildir` varchar(255) NOT NULL default '', `quota` bigint(20) NOT NULL default '0', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`) ) {MYISAM} COMMENT='Postfix Admin - Virtual Mailboxes';"; @@ -437,7 +440,7 @@ function upgrade_1_mysql() { body text NOT NULL, cache text NOT NULL, domain varchar(255) NOT NULL , - created datetime NOT NULL default '0000-00-00 00:00:00', + created {DATETIME}, active tinyint(4) NOT NULL default '1', PRIMARY KEY (email), KEY email (email) @@ -596,22 +599,22 @@ function upgrade_3_mysql() { $table_vacation = table_by_key ('vacation'); if(!_mysql_field_exists($table_admin, 'created')) { - db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_admin, 'modified')) { - db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_admin {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_alias, 'created')) { - db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_alias, 'modified')) { - db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_alias {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_domain, 'created')) { - db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_domain, 'modified')) { - db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_domain {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_domain, 'aliases')) { db_query_parsed("ALTER TABLE $table_domain ADD COLUMN aliases INT(10) DEFAULT '-1' NOT NULL AFTER description;"); @@ -629,10 +632,10 @@ function upgrade_3_mysql() { db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx TINYINT(1) DEFAULT '0' NOT NULL AFTER transport;"); } if(!_mysql_field_exists($table_mailbox, 'created')) { - db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} create_date created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} create_date created {DATETIME};"); } if(!_mysql_field_exists($table_mailbox, 'modified')) { - db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} change_date modified DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL;"); + db_query_parsed("ALTER TABLE $table_mailbox {RENAME_COLUMN} change_date modified {DATETIME};"); } if(!_mysql_field_exists($table_mailbox, 'quota')) { db_query_parsed("ALTER TABLE $table_mailbox ADD COLUMN quota INT(10) DEFAULT '-1' NOT NULL AFTER maildir;"); @@ -641,7 +644,7 @@ function upgrade_3_mysql() { db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN domain VARCHAR(255) DEFAULT '' NOT NULL AFTER cache;"); } if(!_mysql_field_exists($table_vacation, 'created')) { - db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN created DATETIME DEFAULT '0000-00-00 00:00:00' NOT NULL AFTER domain;"); + db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN created {DATETIME} AFTER domain;"); } if(!_mysql_field_exists($table_vacation, 'active')) { db_query_parsed("ALTER TABLE $table_vacation ADD COLUMN active TINYINT(1) DEFAULT '1' NOT NULL AFTER created;"); @@ -763,8 +766,8 @@ function upgrade_5_mysql() { CREATE TABLE {IF_NOT_EXISTS} `" . table_by_key('admin') . "` ( `username` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`), KEY username (`username`) @@ -775,8 +778,8 @@ function upgrade_5_mysql() { `address` varchar(255) NOT NULL default '', `goto` text NOT NULL, `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`address`), KEY address (`address`) @@ -793,8 +796,8 @@ function upgrade_5_mysql() { `quota` int(10) NOT NULL default '0', `transport` varchar(255) default NULL, `backupmx` tinyint(1) NOT NULL default '0', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`domain`), KEY domain (`domain`) @@ -805,7 +808,7 @@ function upgrade_5_mysql() { CREATE TABLE {IF_NOT_EXISTS} `" . table_by_key('domain_admins') . "` ( `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, `active` tinyint(1) NOT NULL default '1', KEY username (`username`) ) {MYISAM} DEFAULT {LATIN1} COMMENT='Postfix Admin - Domain Admins'; @@ -813,7 +816,7 @@ function upgrade_5_mysql() { $result = db_query_parsed(" CREATE TABLE {IF_NOT_EXISTS} `" . table_by_key('log') . "` ( - `timestamp` datetime NOT NULL default '0000-00-00 00:00:00', + `timestamp` {DATETIME}, `username` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '', `action` varchar(255) NOT NULL default '', @@ -830,8 +833,8 @@ function upgrade_5_mysql() { `maildir` varchar(255) NOT NULL default '', `quota` int(10) NOT NULL default '0', `domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`username`), KEY username (`username`) @@ -845,7 +848,7 @@ function upgrade_5_mysql() { `body` text NOT NULL, `cache` text NOT NULL, `domain` varchar(255) NOT NULL, - `created` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`email`), KEY email (`email`) @@ -1022,8 +1025,8 @@ function upgrade_438_mysql() { CREATE TABLE IF NOT EXISTS $table_alias_domain ( `alias_domain` varchar(255) NOT NULL default '', `target_domain` varchar(255) NOT NULL default '', - `created` datetime NOT NULL default '0000-00-00 00:00:00', - `modified` datetime NOT NULL default '0000-00-00 00:00:00', + `created` {DATETIME}, + `modified` {DATETIME}, `active` tinyint(1) NOT NULL default '1', PRIMARY KEY (`alias_domain`), KEY `active` (`active`), @@ -1626,6 +1629,24 @@ function upgrade_1824_sqlite() { } + +function upgrade_1835_mysql() { + # change default values for existing datetime fields with a 0000-00-00 default to {DATETIME} + + foreach (array('admin', 'alias', 'alias_domain', 'domain', 'mailbox', 'domain_admins', 'vacation') as $table_to_change) { + $table = table_by_key($table_to_change); + db_query_parsed("ALTER TABLE `$table` CHANGE `created` `created` {DATETIME}"); + } + + foreach (array('admin', 'alias', 'alias_domain', 'domain', 'mailbox') as $table_to_change) { + $table = table_by_key($table_to_change); + db_query_parsed("ALTER TABLE `$table` CHANGE `modified` `modified` {DATETIME}"); + } + + $table = table_by_key('log'); + db_query_parsed("ALTER TABLE `$table` CHANGE `timestamp` `timestamp` {DATETIME}"); +} + # TODO MySQL: # - various varchar fields do not have a default value # https://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/3419725 From 8ad849e7b6e8dbfd29a809a72d2443799acd12f5 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 15 May 2016 19:20:59 +0000 Subject: [PATCH 4/7] default.css: - set z-index 101 for submenus to ensure quota usage bars don't hide them git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1836 a1433add-5e2c-0410-b055-b7f2511e0802 --- css/default.css | 1 + 1 file changed, 1 insertion(+) diff --git a/css/default.css b/css/default.css index 4786e701..248e7874 100644 --- a/css/default.css +++ b/css/default.css @@ -170,6 +170,7 @@ ul.flash-error { color: #999999; border:2px solid white; border-top:none; + z-index:101; } #menu li:hover ul, #menu li.sfhover ul, #tabbar li:hover ul, #tabbar li.sfhover ul { From 5dac4295a4f1b5caa2aa9291162689bdc6fc5be1 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 15 May 2016 20:04:21 +0000 Subject: [PATCH 5/7] postfixadmin-cli.php: - whitelist '-1' as valid value instead of misinterpreting it as option https://sourceforge.net/p/postfixadmin/bugs/369/ - don't remove quote chars (") from parameter values git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1837 a1433add-5e2c-0410-b055-b7f2511e0802 --- scripts/postfixadmin-cli.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/postfixadmin-cli.php b/scripts/postfixadmin-cli.php index 6170ca4f..a583dfd8 100644 --- a/scripts/postfixadmin-cli.php +++ b/scripts/postfixadmin-cli.php @@ -413,8 +413,9 @@ class PostfixAdmin { $this->params[$key] = true; unset($params[$i]); if (isset($params[++$i])) { - if ($params[$i]{0} !== '-') { - $this->params[$key] = str_replace('"', '', $params[$i]); + # TODO: ideally we should know if a parameter can / must have a value instead of whitelisting known valid values starting with '-' (probably only bool doesn't need a value) + if ($params[$i]{0} !== '-' or $params[$i] != '-1') { + $this->params[$key] = $params[$i]; unset($params[$i]); } else { $i--; From a0151bd5a1f252c434f73e5585c2e0d3e2b0bbb9 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 15 May 2016 21:14:01 +0000 Subject: [PATCH 6/7] functions.inc.php: - pacrypt(): don't stripslashes($pw) because this breaks passwords with backslashes. This stripslashes() existed since forever, but probably became harmful with all the rewrites in the last years. https://sourceforge.net/p/postfixadmin/bugs/349/ git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1838 a1433add-5e2c-0410-b055-b7f2511e0802 --- functions.inc.php | 1 - 1 file changed, 1 deletion(-) diff --git a/functions.inc.php b/functions.inc.php index 7053696c..db74f1cc 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -866,7 +866,6 @@ function validate_password($password) { */ function pacrypt ($pw, $pw_db="") { global $CONF; - $pw = stripslashes($pw); $password = ""; $salt = ""; From a00e8a811ddec789dd166fa0b9c3dacd9226b305 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 16 May 2016 09:27:36 +0000 Subject: [PATCH 7/7] functions.inc.php: - check_domain(): someone had the great idea to allow punicode even in TLDs, so we better allow it. https://sourceforge.net/p/postfixadmin/feature-requests/93/ git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1839 a1433add-5e2c-0410-b055-b7f2511e0802 --- functions.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.inc.php b/functions.inc.php index db74f1cc..3f88915f 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -198,7 +198,7 @@ function language_selector() { * TODO: skip DNS check if the domain exists in PostfixAdmin? */ function check_domain ($domain) { - if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,13}$/i', ($domain))) { + if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([-0-9A-Z]){2,13}$/i', ($domain))) { return sprintf(Config::lang('pInvalidDomainRegex'), htmlentities($domain)); }