From 2dea9fadd439dcff6940072e79f2316fb7d82f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Schr=C3=B6tter?= Date: Tue, 21 Mar 2017 17:43:27 +0100 Subject: [PATCH 1/3] Remove whitespace --- functions.inc.php | 107 +++++++++++++++++++++++----------------------- 1 file changed, 53 insertions(+), 54 deletions(-) diff --git a/functions.inc.php b/functions.inc.php index 3f3a9772..7d72f60b 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -1,16 +1,16 @@ use it instead of default flavor $result = preg_split('/[{}]/', $pw_db, 3); # split at { and/or } - $flavor = $result[1]; + $flavor = $result[1]; $salt = substr($result[2], 0, 2); } - + if(stripos($flavor, 'md5raw') === 0) { $password = '{' . $flavor . '}' . md5($pw); } elseif(stripos($flavor, 'md5') === 0) { @@ -937,14 +937,14 @@ function pacrypt ($pw, $pw_db="") { die("authlib_default_flavor '" . $flavor . "' unknown. Valid flavors are 'md5raw', 'md5', 'SHA' and 'crypt'"); } } - + elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) { $split_method = preg_split ('/:/', $CONF['encrypt']); $method = strtoupper($split_method[1]); # If $pw_db starts with {method}, change $method accordingly if (!empty($pw_db) && preg_match('/^\{([A-Z0-9.-]+)\}.+/', $pw_db, $method_matches)) { $method = $method_matches[1]; } if (! preg_match("/^[A-Z0-9.-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list? - # if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); + # if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); # $crypt_method = preg_match ("/.*-CRYPT$/", $method); # digest-md5 and SCRAM-SHA-1 hashes include the username - until someone implements it, let's declare it as unsupported @@ -1154,7 +1154,7 @@ function smtp_mail ($to, $from, $data, $body = "") { $timeout = "30"; if ($body != "") { - $maildata = + $maildata = "To: " . $to . "\n" . "From: " . $from . "\n" . "Subject: " . encode_header ($data) . "\n" @@ -1253,7 +1253,6 @@ function db_connect ($ignore_errors = false) { global $DEBUG_TEXT; if ($ignore_errors != 0) $DEBUG_TEXT = ''; $error_text = ''; - $link = 0; if ($CONF['database_type'] == "mysql") { if (function_exists ("mysql_connect")) { @@ -1336,12 +1335,12 @@ function db_get_boolean($bool) { // return either true or false (unquoted strings) if($bool) { return 't'; - } + } return 'f'; } elseif(Config::Read('database_type') == 'mysql' || Config::Read('database_type') == 'mysqli' || db_sqlite()) { if($bool) { - return 1; - } + return 1; + } return 0; } else { die('Unknown value in $CONF[database_type]'); @@ -1428,14 +1427,14 @@ function db_query ($query, $ignore_errors = 0) { # mysql and pgsql $link are resources, mysqli $link is an object if (! (is_resource($link) || is_object($link) ) ) $link = db_connect (); - if ($CONF['database_type'] == "mysql") $result = @mysql_query ($query, $link) + if ($CONF['database_type'] == "mysql") $result = @mysql_query ($query, $link) or $error_text = "Invalid query: " . mysql_error($link); - if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query) + if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query) or $error_text = "Invalid query: " . mysqli_error($link); if (db_sqlite()) $result = @$link->query($query) or $error_text = "Invalid query: " . $link->lastErrorMsg(); if (db_pgsql()) { - $result = @pg_query ($link, $query) + $result = @pg_query ($link, $query) or $error_text = "Invalid query: " . pg_last_error(); } if ($error_text != "" && $ignore_errors == 0) { @@ -1700,7 +1699,7 @@ function db_in_clause($field, $values) { * param array $condition: array('field' => 'value', 'field2' => 'value2, ...) * param array $struct - field structure, used for automatic bool conversion * param string $additional_raw_where - raw sniplet to include in the WHERE part - typically needs to start with AND - * param array $searchmode - operators to use (=, <, > etc.) - defaults to = if not specified for a field (see + * param array $searchmode - operators to use (=, <, > etc.) - defaults to = if not specified for a field (see * $allowed_operators for available operators) * Note: the $searchmode operator will only be used if a $condition for that field is set. * This also means you'll need to set a (dummy) condition for NULL and NOTNULL. @@ -1711,7 +1710,7 @@ function db_where_clause($condition, $struct, $additional_raw_where = '', $searc } elseif(!is_array($searchmode)) { die('db_where_cond: parameter $searchmode is not an array!'); } elseif (count($condition) == 0 && trim($additional_raw_where) == '') { - die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks + die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks } elseif(!is_array($struct)) { die('db_where_cond: parameter $struct is not an array!'); } @@ -1840,9 +1839,9 @@ function alias_domain_postdeletion($alias_domain) { // // gen_show_status -// Action: Return a string of colored  's that indicate +// Action: Return a string of colored  's that indicate // the if an alias goto has an error or is sent to -// addresses list in show_custom_domains +// addresses list in show_custom_domains // Call: gen_show_status (string alias_address) // function gen_show_status ($show_alias) { @@ -1893,7 +1892,7 @@ function gen_show_status ($show_alias) { "'>" . $CONF['show_status_text'] . " "; } else { $stat_string .= $CONF['show_status_text'] . " "; - } + } } // POP/IMAP CHECK @@ -1910,7 +1909,7 @@ function gen_show_status ($show_alias) { "'>" . $CONF['show_status_text'] . " "; } else { $stat_string .= $CONF['show_status_text'] . " "; - } + } } // CUSTOM DESTINATION CHECK @@ -1921,11 +1920,11 @@ function gen_show_status ($show_alias) { "'>" . $CONF['show_status_text'] . " "; } else { $stat_string .= $CONF['show_status_text'] . " "; - } - } + } + } } else { $stat_string .= "; "; - } + } // $stat_string .= "    " . // "    "; @@ -1934,7 +1933,7 @@ function gen_show_status ($show_alias) { function getRemoteAddr() { $REMOTE_ADDR = 'localhost'; - if (isset($_SERVER['REMOTE_ADDR'])) + if (isset($_SERVER['REMOTE_ADDR'])) $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; return $REMOTE_ADDR; } From e28f3f5959e67cb0be04ff0dd36c71fc8331ebed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Schr=C3=B6tter?= Date: Tue, 21 Mar 2017 17:44:26 +0100 Subject: [PATCH 2/3] Fix for mysqli_connect() --- functions.inc.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/functions.inc.php b/functions.inc.php index 7d72f60b..e167486e 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -1254,6 +1254,15 @@ function db_connect ($ignore_errors = false) { if ($ignore_errors != 0) $DEBUG_TEXT = ''; $error_text = ''; + static $link; + if (isset($link) && $link) { + if ($ignore_errors) { + return array($link, $error_text); + } + return $link; + } + $link = 0; + if ($CONF['database_type'] == "mysql") { if (function_exists ("mysql_connect")) { $link = @mysql_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or $error_text .= ("

DEBUG INFORMATION:
Connect: " . mysql_error () . "$DEBUG_TEXT"); From 846dcb756cf22d325180c5d885dbf700ae316cf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Schr=C3=B6tter?= Date: Mon, 27 Mar 2017 18:15:11 +0200 Subject: [PATCH 3/3] Remove unnecessary code --- functions.inc.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/functions.inc.php b/functions.inc.php index e167486e..fc94f8b6 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -1429,13 +1429,10 @@ function db_query ($query, $ignore_errors = 0) { global $DEBUG_TEXT; $result = ""; $number_rows = ""; - static $link; + $link = db_connect (); $error_text = ""; if ($ignore_errors) $DEBUG_TEXT = ""; - # mysql and pgsql $link are resources, mysqli $link is an object - if (! (is_resource($link) || is_object($link) ) ) $link = db_connect (); - if ($CONF['database_type'] == "mysql") $result = @mysql_query ($query, $link) or $error_text = "Invalid query: " . mysql_error($link); if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query)