banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

psalm fixes

Browse Source
pull/229/head
David Goodwin 5 years ago
parent 8d2a592aa9
commit 74002bbf57
26 changed files with 1391 additions and 529 deletions
Show Stats Download Patch File Download Diff File

1513
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

1
config.inc.php
Unescape Escape View File

@ -31,6 +31,7 @@
################################################################################
global $CONF;
/*****************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

24
functions.inc.php
Unescape Escape View File

@ -319,11 +319,12 @@ function check_email($email) {
* Clean a string, escaping any meta characters that could be
* used to disrupt an SQL string. i.e. "'" => "\'" etc.
*
* @param string|array $string parameters to escape
* @return string|array of cleaned data, suitable for use within an SQL statement.
* @param string $string parameters to escape
* @return string cleaned data, suitable for use within an SQL statement.
*/
function escape_string($string) {
global $CONF;
// if the string is actually an array, do a recursive cleaning.
// Note, the array keys are not cleaned.
if (is_array($string)) {
@ -846,13 +847,13 @@ function encode_header($string, $default_charset = "utf-8") {
return $string;
}
/*
if (!function_exists('random_int')) { // PHP version < 7.0
function random_int() { // someone might not be using php_crypt or ask for password generation, in which case random_int() won't be called
die(__FILE__ . " Postfixadmin security: Please install https://github.com/paragonie/random_compat OR enable the 'Phar' extension.");
}
}
*/
/**
* Generate a random password of $length characters.
@ -1315,19 +1316,6 @@ function create_salt() {
return $salt;
}
/**/ if (!function_exists('hex2bin')) { # PHP around 5.3.8 includes hex2bin as native function - http://php.net/hex2bin
function hex2bin($str) {
$len = strlen($str);
$nstr = "";
for ($i=0;$i<$len;$i+=2) {
$num = sscanf(substr($str, $i, 2), "%x");
$nstr.=chr($num[0]);
}
return $nstr;
}
/**/
}
/*
* remove item $item from array $array
*/
@ -1829,7 +1817,7 @@ function db_array($result) {
*/
function db_assoc($result) {
global $CONF;
$row = "";
$row = [];
if ($CONF['database_type'] == "mysql") {
/* @var resource $result */
$row = mysql_fetch_assoc($result);

8
model/AdminHandler.php
Unescape Escape View File

@ -34,7 +34,7 @@ class AdminHandler extends PFAHandler {
$domains_grouped = 'group_concat(domain)';
}
$passwordReset = Config::read('forgotten_admin_password_reset');
$passwordReset = (int) Config::bool('forgotten_admin_password_reset');
$reset_by_sms = 0;
if ($passwordReset && Config::read('sms_send_function')) {
@ -44,10 +44,10 @@ class AdminHandler extends PFAHandler {
$this->struct=array(
# field name allow display in... type $PALANG label $PALANG description default / options / ...
# editing? form list
'username' => pacol($this->new, 1, 1, 'text', 'admin' , 'email_address' , '', '',
'username' => pacol($this->new, 1, 1, 'text', 'admin' , 'email_address' , '', array(),
array('linkto' => 'list.php?table=domain&username=%s') ),
'password' => pacol(1, 1, 0, 'pass', 'password' , '' ),
'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '', '',
'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'password as password2'
@ -69,7 +69,7 @@ class AdminHandler extends PFAHandler {
/*extrafrom set in domain_count*/
),
'domain_count' => pacol(0, 0, 1, 'vnum', 'pAdminList_admin_count', '' , '', '',
'domain_count' => pacol(0, 0, 1, 'vnum', 'pAdminList_admin_count', '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__domain_count,0) as domain_count',

4
model/AdminpasswordHandler.php
Unescape Escape View File

@ -24,10 +24,10 @@ class AdminpasswordHandler extends PFAHandler {
# field name allow display in... type $PALANG label $PALANG description default / options / ...
# editing? form list
'username' => pacol(0, 1, 1, 'text', 'admin' , '' ),
'oldpass' => pacol(1, 1, 0, 'pass', 'pPassword_password_current' , '', '', '',
'oldpass' => pacol(1, 1, 0, 'pass', 'pPassword_password_current' , '', '', array(),
/*not_in_db*/ 1 ),
'password' => pacol(1, 1, 0, 'pass', 'pPassword_password' , '' ),
'password2' => pacol(1, 1, 0, 'pass', 'pPassword_password2' , '' , '', '',
'password2' => pacol(1, 1, 0, 'pass', 'pPassword_password2' , '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'password as password2'

20
model/AliasHandler.php
Unescape Escape View File

@ -26,11 +26,11 @@ class AliasHandler extends PFAHandler {
$this->struct=array(
# field name allow display in... type $PALANG label $PALANG description default / ...
# editing? form list
'status' => pacol(0, 0, 0, 'html', '' , '' , '', '',
'status' => pacol(0, 0, 0, 'html', '' , '' , '', array(),
array('not_in_db' => 1) ),
'address' => pacol($this->new, 1, 1, 'mail', 'alias' , 'pCreate_alias_catchall_text' ),
'localpart' => pacol($this->new, 0, 0, 'text', 'alias' , 'pCreate_alias_catchall_text' , '',
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 1 ),
'domain' => pacol($this->new, 0, 1, 'enum', '' , '' , '',
/*options*/ $this->allowed_domains ),
@ -38,24 +38,24 @@ class AliasHandler extends PFAHandler {
'is_mailbox' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
# technically 'is_mailbox' is bool, but the automatic bool conversion breaks the query. Flagging it as int avoids this problem.
# Maybe having a vbool type (without the automatic conversion) would be cleaner - we'll see if we need it.
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__is_mailbox,0) as is_mailbox' ),
/*extrafrom set via set_is_mailbox_extrafrom() */
'__mailbox_username' => pacol( 0, 0, 1, 'vtxt', '' , '' , 0), # filled via is_mailbox
'goto_mailbox' => pacol($mbgoto, $mbgoto,$mbgoto,'bool', 'pEdit_alias_forward_and_store' , '' , 0,
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 1 ), # read_from_db_postprocess() sets the value
'on_vacation' => pacol(1, 0, 1, 'bool', 'pUsersMenu_vacation' , '' , 0 ,
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 1 ), # read_from_db_postprocess() sets the value - TODO: read active flag from vacation table instead?
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
'modified' => pacol(0, 0, 1, 'ts', 'last_modified' , '' ),
'active' => pacol(1, 1, 1, 'bool', 'active' , '' , 1 ),
'_can_edit' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , '',
'_can_edit' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , array(),
array('select' => '1 as _can_edit') ),
'_can_delete' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , '',
'_can_delete' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , array(),
array('select' => '1 as _can_delete') ), # read_from_db_postprocess() updates the value
# aliases listed in $CONF[default_aliases] are read-only for domain admins if $CONF[special_alias_control] is NO.
);
@ -326,12 +326,12 @@ class AliasHandler extends PFAHandler {
# editing a default alias (postmaster@ etc.) is only allowed if special_alias_control is allowed or if the user is a superadmin
$tmp = preg_split('/\@/', $db_result[$key]['address']);
if (!$this->is_superadmin && !Config::bool('special_alias_control') && array_key_exists($tmp[0], Config::Read('default_aliases'))) {
if (!$this->is_superadmin && !Config::bool('special_alias_control') && array_key_exists($tmp[0], Config::read_array('default_aliases'))) {
$db_result[$key]['_can_edit'] = 0;
$db_result[$key]['_can_delete'] = 0;
}
if ($this->struct['status']['display_in_list'] && Config::Bool('show_status')) {
if ($this->struct['status']['display_in_list'] && Config::bool('show_status')) {
$db_result[$key]['status'] = gen_show_status($db_result[$key]['address']);
}
}
@ -440,7 +440,7 @@ class AliasHandler extends PFAHandler {
*/
protected function getVacationAlias() {
$vacation_goto = str_replace('@', '#', $this->id);
return $vacation_goto . '@' . Config::read('vacation_domain');
return $vacation_goto . '@' . Config::read_string('vacation_domain');
}
/**

2
model/CliDelete.php
Unescape Escape View File

@ -6,6 +6,8 @@
class CliDelete extends Shell {
protected $handler_to_use = '';
/**
* Execution method always used for tasks
*/

3
model/CliEdit.php
Unescape Escape View File

@ -77,7 +77,8 @@ class CliEdit extends Shell {
$form_fields = $handler->getStruct();
$id_field = $handler->getId_field();
$values[$id_field] = '';
$values = array($id_field => '');
while ($form_fields[$id_field]['editable'] != 0) { # endlees loop - except if input is valid or id_field is not editable (like auto_increment)
$question = $form_fields[$id_field]['label'] . ":";
if ($form_fields[$id_field]['desc'] != '') {

2
model/CliView.php
Unescape Escape View File

@ -6,6 +6,8 @@
class CliView extends Shell {
protected $handler_to_use = 'invalid';
/**
* Execution method always used for tasks
*/

72
model/Config.php
Unescape Escape View File

@ -68,6 +68,39 @@ final class Config {
$_this->setAll($newConfig);
}
/**
* @return array
* @param string $var
*/
public static function read_array($var) {
$stuff = self::read($var);
if(!is_array($stuff)) {
trigger_error('In '.__FUNCTION__.": expected config $var to be a boolean, but received a " . gettype($stuff), E_USER_ERROR);
}
return $stuff;
}
/**
* @param string $var
* @return string
*/
public static function read_string($var) {
$stuff = self::read($var);
if($stuff === null) {
return '';
}
if(!is_string($stuff)) {
trigger_error('In '.__FUNCTION__.": expected config $var to be a string, but received a " . gettype($stuff), E_USER_ERROR);
return '';
}
return $stuff;
}
/**
* Used to read Configure::$var
*
@ -76,7 +109,7 @@ final class Config {
* Configure::read('Name.key'); will return only the value of Configure::Name[key]
*
* @param string $var Variable to obtain
* @return array|string string value of Configure::$var
* @return array|string|null string value of Configure::$var
* @access public
*/
public static function read($var) {
@ -131,7 +164,7 @@ final class Config {
* @access public
*/
public static function read_f($var, $value) {
$text = self::read($var);
$text = self::read_string($var);
$newtext = sprintf($text, $value);
@ -148,19 +181,28 @@ final class Config {
/**
* Used to read Config::$var, converted to boolean
* (obviously only useful for settings that can be YES or NO)
* (obviously only useful for settings that can be YES or NO, or boolean like values)
*
* Usage
* Configure::read('Name'); will return the value for Name, converted to boolean
*
* @param string $var Variable to obtain
* @return bool value of Configure::$var (TRUE (on YES/yes) or FALSE (on NO/no/not set/unknown value)
* @access public
*/
public static function bool($var) {
$value = self::read($var);
if(is_bool($value)) {
return $value;
}
if(!is_string($value)) {
trigger_error('In '.__FUNCTION__.": expected config $var to be a string, but received a " . gettype($value), E_USER_ERROR);
error_log("config $var should be a string, found: " . json_encode($value));
return false;
}
if (strtoupper($value) == 'YES') { # YES
return true;
} elseif (strtoupper($value) == 'NO') { # NO
@ -185,15 +227,19 @@ final class Config {
/**
* Get translated text from $PALANG
* (wrapper for self::read(), see also the comments there)
*
* @param string $var Variable to obtain
* @return string value of $PALANG[$var]
* @access public
*/
* Get translated text from $PALANG
* (wrapper for self::read(), see also the comments there)
*
* @param string $var Variable to obtain
* @return string value of $PALANG[$var]
* @access public
*/
public static function lang($var) {
return self::read(array('__LANG', $var));
$value = self::read("__LANG.{$var}");
if(!is_string($value)) {
throw new InvalidArgumentException("Expected string value for $var ");
}
return $value;
}
/**
@ -206,7 +252,7 @@ final class Config {
* @access public
*/
public static function lang_f($var, $value) {
return self::read_f(array('__LANG', $var), $value);
return self::read_f('__LANG'. $var, $value);
}
/**

34
model/DomainHandler.php
Unescape Escape View File

@ -46,62 +46,62 @@ class DomainHandler extends PFAHandler {
$this->struct=array(
# field name allow display in... type $PALANG label $PALANG description default / options / ...
# editing? form list
'domain' => pacol($this->new, 1, 1, 'text', 'domain' , '' , '', '',
'domain' => pacol($this->new, 1, 1, 'text', 'domain' , '' , '', array(),
array('linkto' => 'list-virtual.php?domain=%s') ),
'description' => pacol($super, $super, $super, 'text', 'description' , '' ),
# Aliases
'aliases' => pacol($super, $super, 0, 'num' , 'aliases' , 'pAdminEdit_domain_aliases_text' , Config::read('aliases') ),
'alias_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', '',
'alias_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__alias_count,0) - coalesce(__mailbox_count,0) as alias_count',
/*extrafrom*/ 'left join ( select count(*) as __alias_count, domain as __alias_domain from ' . table_by_key('alias') .
' group by domain) as __alias on domain = __alias_domain'),
'aliases_quot' => pacol(0, 0, 1, 'quot', 'aliases' , '' , 0, '',
'aliases_quot' => pacol(0, 0, 1, 'quot', 'aliases' , '' , 0, array(),
array('select' => db_quota_text( '__alias_count - coalesce(__mailbox_count,0)', 'aliases', 'aliases_quot')) ),
'_aliases_quot_percent' => pacol( 0, 0, 1, 'vnum', '' ,'' , 0, '',
'_aliases_quot_percent' => pacol( 0, 0, 1, 'vnum', '' ,'' , 0, array(),
array('select' => db_quota_percent('__alias_count - coalesce(__mailbox_count,0)', 'aliases', '_aliases_quot_percent')) ),
# Mailboxes
'mailboxes' => pacol($super, $super, 0, 'num' , 'mailboxes' , 'pAdminEdit_domain_aliases_text' , Config::read('mailboxes') ),
'mailbox_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', '',
'mailbox_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__mailbox_count,0) as mailbox_count',
/*extrafrom*/ 'left join ( select count(*) as __mailbox_count, sum(quota) as __total_quota, domain as __mailbox_domain from ' . table_by_key('mailbox') .
' group by domain) as __mailbox on domain = __mailbox_domain'),
'mailboxes_quot' => pacol(0, 0, 1, 'quot', 'mailboxes' , '' , 0, '',
'mailboxes_quot' => pacol(0, 0, 1, 'quot', 'mailboxes' , '' , 0, array(),
array('select' => db_quota_text( '__mailbox_count', 'mailboxes', 'mailboxes_quot')) ),
'_mailboxes_quot_percent' => pacol( 0, 0, 1, 'vnum', '' , '' , 0, '',
'_mailboxes_quot_percent' => pacol( 0, 0, 1, 'vnum', '' , '' , 0, array(),
array('select' => db_quota_percent('__mailbox_count', 'mailboxes', '_mailboxes_quot_percent')) ),
'maxquota' => pacol($editquota,$editquota,$quota, 'num', 'pOverview_get_quota' , 'pAdminEdit_domain_maxquota_text' , Config::read('maxquota') ),
# Domain quota
'quota' => pacol($edit_dom_q,$edit_dom_q, 0, 'num', 'pAdminEdit_domain_quota' , 'pAdminEdit_domain_maxquota_text' , Config::read('domain_quota_default') ),
'total_quota' => pacol(0, 0, 1, 'vnum', '' , '' , '', '',
'total_quota' => pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
array('select' => "$query_used_domainquota AS total_quota") /*extrafrom*//* already in mailbox_count */ ),
'total_quot' => pacol( 0, 0, $dom_q, 'quot', 'pAdminEdit_domain_quota' , '' , 0, '',
'total_quot' => pacol( 0, 0, $dom_q, 'quot', 'pAdminEdit_domain_quota' , '' , 0, array(),
array('select' => db_quota_text( $query_used_domainquota, 'quota', 'total_quot')) ),
'_total_quot_percent'=> pacol( 0, 0, $dom_q, 'vnum', '' , '' , 0, '',
'_total_quot_percent'=> pacol( 0, 0, $dom_q, 'vnum', '' , '' , 0, array(),
array('select' => db_quota_percent($query_used_domainquota, 'quota', '_total_quot_percent')) ),
'transport' => pacol($transp, $transp,$transp,'enum', 'transport' , 'pAdminEdit_domain_transport_text' , Config::read('transport_default') ,
/*options*/ Config::read('transport_options') ),
/*options*/ Config::read_array('transport_options') ),
'backupmx' => pacol($super, $super, 1, 'bool', 'pAdminEdit_domain_backupmx' , '' , 0),
'active' => pacol($super, $super, 1, 'bool', 'active' , '' , 1 ),
'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,'', /*not in db*/ 1 ),
'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,array(), /*not in db*/ 1 ),
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ),
'password_expiry' => pacol($super, $super, $super, 'num', 'password_expiration' , 'password_expiration_desc', ''),
'_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ $this->is_superadmin . ' as _can_edit' ),
'_can_delete' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ $this->is_superadmin . ' as _can_delete' ),
@ -146,7 +146,7 @@ class DomainHandler extends PFAHandler {
return true;
}
$this->errormsg[] = Config::Lang('edit_not_allowed', $this->id);
$this->errormsg[] = Config::Lang_f('edit_not_allowed', $this->id);
return false;
}
@ -156,7 +156,7 @@ class DomainHandler extends PFAHandler {
*/
protected function storemore() {
if ($this->new && $this->values['default_aliases']) {
foreach (Config::read('default_aliases') as $address=>$goto) {
foreach (Config::read_array('default_aliases') as $address=>$goto) {
$address = $address . "@" . $this->id;
# if $goto doesn't contain @, let the alias point to the same domain
if (!strstr($goto, '@')) {
@ -233,7 +233,7 @@ class DomainHandler extends PFAHandler {
db_delete($this->db_table, $this->id_field, $this->id);
if (!$this->domain_postdeletion()) {
$this->error_msg[] = Config::Lang('domain_postdel_failed');
$this->errormsg[] = Config::Lang('domain_postdel_failed');
}
db_log($this->id, 'delete_domain', $this->id); # TODO delete_domain is not a valid db_log keyword yet

3
model/FetchmailHandler.php
Unescape Escape View File

@ -83,9 +83,6 @@ class FetchmailHandler extends PFAHandler {
);
}
protected function domain_from_id() {
# do nothing, setmore() does the work
}
protected function setmore($values) {
# set domain based on the target mailbox

24
model/MailboxHandler.php
Unescape Escape View File

@ -12,9 +12,9 @@ class MailboxHandler extends PFAHandler {
# init $this->struct, $this->db_table and $this->id_field
protected function initStruct() {
$passwordReset = Config::read('forgotten_user_password_reset');
$passwordReset = (int) Config::bool('forgotten_user_password_reset');
$reset_by_sms = 0;
if ($passwordReset && Config::read('sms_send_function')) {
if ($passwordReset && Config::read_string('sms_send_function')) {
$reset_by_sms = 1;
}
@ -30,7 +30,7 @@ class MailboxHandler extends PFAHandler {
'maildir' => pacol($this->new, 0, 1, 'text', '' , '' , '' ),
'password' => pacol(1, 1, 0, 'pass', 'password' , 'pCreate_mailbox_password_text' , '' ),
'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '',
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ 'password as password2'
@ -41,7 +41,7 @@ class MailboxHandler extends PFAHandler {
# TODO: read used quota from quota/quota2 table
'active' => pacol(1, 1, 1, 'bool', 'active' , '' , 1 ),
'welcome_mail' => pacol($this->new, $this->new, 0, 'bool', 'pCreate_mailbox_mail' , '' , 1,
/*options*/ '',
/*options*/ array(),
/*not_in_db*/ 1 ),
'phone' => pacol(1, $reset_by_sms, 0, 'text', 'pCreate_mailbox_phone' , 'pCreate_mailbox_phone_desc' , ''),
'email_other' => pacol(1, $passwordReset, 0, 'mail', 'pCreate_mailbox_email' , 'pCreate_mailbox_email_desc' , ''),
@ -97,7 +97,7 @@ class MailboxHandler extends PFAHandler {
# } elseif ($maxquota < 0) {
# TODO: show 'disabled' - at the moment, just shows '-1'
} else {
$this->struct['quota']['desc'] = Config::lang_f('mb_max', $maxquota);
$this->struct['quota']['desc'] = Config::lang_f('mb_max', "" . $maxquota);
}
}
@ -219,7 +219,7 @@ class MailboxHandler extends PFAHandler {
protected function beforestore() {
if (isset($this->values['quota']) && $this->values['quota'] != -1) {
$this->values['quota'] = $this->values['quota'] * Config::read('quota_multiplier'); # convert quota from MB to bytes
$this->values['quota'] = $this->values['quota'] * Config::read_string('quota_multiplier'); # convert quota from MB to bytes
}
$ah = new AliasHandler($this->new, $this->admin_username);
@ -320,7 +320,7 @@ class MailboxHandler extends PFAHandler {
db_delete($this->db_table, $this->id_field, $this->id); # finally delete the mailbox
if (!$this->mailbox_postdeletion()) {
$this->error_msg[] = Config::Lang('mailbox_postdel_failed');
$this->errormsg[] = Config::Lang('mailbox_postdel_failed');
}
list(/*NULL*/, $domain) = explode('@', $this->id);
@ -408,9 +408,9 @@ class MailboxHandler extends PFAHandler {
protected function _missing_maildir($field) {
list($local_part, $domain) = explode('@', $this->id);
$maildir_name_hook = Config::read('maildir_name_hook');
$maildir_name_hook = Config::read_string('maildir_name_hook');
if ($maildir_name_hook != 'NO' && function_exists($maildir_name_hook)) {
if (is_string($maildir_name_hook) && $maildir_name_hook != 'NO' && function_exists($maildir_name_hook)) {
$maildir = $maildir_name_hook($domain, $this->id);
} elseif (Config::bool('domain_path')) {
if (Config::bool('domain_in_mailbox')) {
@ -650,7 +650,7 @@ class MailboxHandler extends PFAHandler {
return false;
}
$s_host = Config::read('create_mailbox_subdirs_host');
$s_host = Config::read_string('create_mailbox_subdirs_host');
if (empty($s_host)) {
trigger_error('An IMAP/POP server host ($CONF["create_mailbox_subdirs_host"]) must be configured, if sub-folders are to be created', E_USER_ERROR);
return false;
@ -670,7 +670,7 @@ class MailboxHandler extends PFAHandler {
}
$s_port='';
$create_mailbox_subdirs_hostport = Config::read('create_mailbox_subdirs_hostport');
$create_mailbox_subdirs_hostport = Config::read_string('create_mailbox_subdirs_hostport');
if (!empty($create_mailbox_subdirs_hostport)) {
$s_port = $create_mailbox_subdirs_hostport;
if (intval($s_port)!=$s_port) {
@ -690,7 +690,7 @@ class MailboxHandler extends PFAHandler {
return false;
}
$s_prefix = Config::read('create_mailbox_subdirs_prefix');
$s_prefix = Config::read_string('create_mailbox_subdirs_prefix');
foreach ($create_mailbox_subdirs as $f) {
$f='{'.$s_host.'}'.$s_prefix.$f;
$res=imap_createmailbox($i, $f);

28
model/PFAHandler.php
Unescape Escape View File

@ -97,7 +97,10 @@ abstract class PFAHandler {
# will be set to 0 if $admin_username is set and is not a superadmin
protected $is_superadmin = 1;
# if set, switch to user (non-admin) mode
/**
* @var string $username
* if set, switch to user (non-admin) mode
*/
protected $username = '';
# will be set to 0 if a user (non-admin) is logged in
@ -159,9 +162,9 @@ abstract class PFAHandler {
/**
* Constructor: fill $struct etc.
* @param integer - 0 is edit mode, set to 1 to switch to create mode
* @param string - if an admin_username is specified, permissions will be restricted to the domains this admin may manage
* @param integer - 0 if logged in as user, 1 if logged in as admin or superadmin
* @param int $new - 0 is edit mode, set to 1 to switch to create mode
* @param string $username - if an admin_username is specified, permissions will be restricted to the domains this admin may manage
* @param int $is_admin - 0 if logged in as user, 1 if logged in as admin or superadmin
*/
public function __construct($new = 0, $username = "", $is_admin = 1) {
# set label_field if not explicitely set
@ -207,7 +210,7 @@ abstract class PFAHandler {
$this->initStruct();
if (!isset($this->struct['_can_edit'])) {
$this->struct['_can_edit'] = pacol(0, 0, 1, 'vnum', '' , '' , '', '',
$this->struct['_can_edit'] = pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ '1 as _can_edit'
@ -215,7 +218,7 @@ abstract class PFAHandler {
}
if (!isset($this->struct['_can_delete'])) {
$this->struct['_can_delete'] = pacol(0, 0, 1, 'vnum', '' , '' , '', '',
$this->struct['_can_delete'] = pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0,
/*dont_write_to_db*/ 1,
/*select*/ '1 as _can_delete'
@ -223,7 +226,7 @@ abstract class PFAHandler {
}
$struct_hook = Config::read($this->db_table . '_struct_hook');
if ($struct_hook != 'NO' && function_exists($struct_hook)) {
if (!empty($struct_hook) && is_string($struct_hook) && $struct_hook != 'NO' && function_exists($struct_hook)) {
$this->struct = $struct_hook($this->struct);
}
@ -727,7 +730,9 @@ abstract class PFAHandler {
$db_result = array();
if ($result['rows'] != 0) {
while ($row = db_assoc($result['result'])) {
$db_result[$row[$this->id_field]] = $row;
if(is_array($row)) {
$db_result[$row[$this->id_field]] = $row;
}
}
}
@ -822,6 +827,9 @@ abstract class PFAHandler {
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_assoc($result['result']);
if(!is_array($row)) {
return false;
}
$crypt_password = pacrypt($password, $row['password']);
if ($row['password'] == $crypt_password) {
@ -867,6 +875,10 @@ abstract class PFAHandler {
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_assoc($result['result']);
if(!is_array($row)) {
return false;
}
$crypt_token = pacrypt($token, $row['token']);
if ($row['token'] == $crypt_token) {

2
model/Shell.php
Unescape Escape View File

@ -141,7 +141,7 @@ class Shell {
* @param string $default Default input value.
* @return string either the default value, or the user-provided input.
*/
public function in($prompt, $options = null, $default = null) {
public function in($prompt, $options = null, $default = '') {
if (!$this->interactive) {
return $default;
}

4
model/VacationHandler.php
Unescape Escape View File

@ -196,6 +196,10 @@ class VacationHandler extends PFAHandler {
}
$row = db_assoc($result['result']);
if(!is_array($row)) {
return false;
}
$boolean = ($row['active'] == db_get_boolean(true));
# TODO: only return true and store the db result array in $this->whatever for consistency with the other classes
return array(

2
public/backup.php
Unescape Escape View File

@ -108,7 +108,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
while ($row = db_assoc($result['result'])) {
$fields = array_keys($row);
$values = array_values($row);
$values = array_map('escape_string', $values);
$values = array_map(function($str) { return escape_string($str); }, $values);
fwrite($fh, "INSERT INTO ". $tables[$i] . " (". implode(',', $fields) . ") VALUES ('" . implode('\',\'', $values) . "');\n");
$fields = "";

4
public/broadcast-message.php
Unescape Escape View File

@ -66,7 +66,9 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$result = db_query($q);
if ($result['rows'] > 0) {
while ($row = db_assoc($result['result'])) {
$recipients[] = $row['username'];
if(is_array($row)) {
$recipients[] = $row['username'];
}
}
}

4
public/index.php
Unescape Escape View File

@ -22,11 +22,13 @@
$CONF = array('configured' => false);
clearstatcache();
if (file_exists(dirname(__FILE__) . '/../config.inc.php')) {
require_once(dirname(__FILE__) . '/../config.inc.php');
}
if ($CONF['configured'] === true) {
if ($CONF['configured']) {
header("Location: login.php");
exit;
}

7
public/list-virtual.php
Unescape Escape View File

@ -59,6 +59,10 @@ if ((is_array($list_domains) and sizeof($list_domains) > 0)) {
}
}
if (!is_string($fDomain)) {
die(Config::Lang('invalid_parameter'));
}
if (!in_array($fDomain, $list_domains)) {
flash_error($PALANG['invalid_parameter']);
unset($_SESSION['list-virtual:domain']);
@ -226,6 +230,9 @@ if ($result['rows'] > 0) {
$goto_single_rec_del = "";
while ($row = db_assoc($result['result'])) {
if(!is_array($row)) {
continue;
}
if ($display_mailbox_aliases) {
$goto_split = explode(",", $row['goto']);
$row['goto_mailbox'] = 0;

2
public/login.php
Unescape Escape View File

@ -88,7 +88,7 @@ $_SESSION['PFA_token'] = md5(uniqid(rand(), true));
$smarty->assign('language_selector', language_selector(), false);
$smarty->assign('smarty_template', 'login');
$smarty->assign('logintype', 'admin');
$smarty->assign('forgotten_password_reset', Config::read('forgotten_admin_password_reset'));
$smarty->assign('forgotten_password_reset', Config::bool('forgotten_admin_password_reset'));
$smarty->display('index.tpl');
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

124
public/upgrade.php
Unescape Escape View File

@ -3,6 +3,9 @@ if (!defined('POSTFIXADMIN')) {
require_once('common.php');
}
if(!isset($CONF) || !is_array($CONF)) {
die("config.inc.php seems invalid");
}
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
# @version $Id$
@ -12,7 +15,7 @@ if (!defined('POSTFIXADMIN')) {
/**
* Use this to check whether an object (Table, index etc) exists within a
* PostgreSQL database.
* @param String the object name
* @param string the object name
* @return boolean true if it exists
*/
function _pgsql_object_exists($name) {
@ -24,6 +27,11 @@ function _pgsql_object_exists($name) {
return false;
}
/**
* @param string $table
* @param string $field
* @return bool
*/
function _pgsql_field_exists($table, $field) {
# $table = table_by_key($table); # _pgsql_field_exists is always called with the expanded table name - don't expand it twice
$sql = '
@ -97,7 +105,7 @@ function _db_add_field($table, $field, $fieldtype, $after = '') {
}
if (! _db_field_exists(table_by_key($table), $field)) {
$result = db_query_parsed($query);
db_query_parsed($query);
} else {
printdebug("field already exists: $table.$field");
}
@ -218,7 +226,6 @@ function _do_upgrade($current_version) {
}
}
// Update config table so we don't run the same query twice in the future.
$i = (int) $i;
$table = table_by_key('config');
$sql = "UPDATE $table SET value = $i WHERE name = 'version'";
db_query($sql);
@ -227,10 +234,10 @@ function _do_upgrade($current_version) {
/**
* Replaces database specific parts in a query
* @param String sql query with placeholders
* @param string sql query with placeholders
* @param int (optional) whether errors should be ignored (0=false)
* @param String (optional) MySQL specific code to attach, useful for COMMENT= on CREATE TABLE
* @return String sql query
* @param string (optional) MySQL specific code to attach, useful for COMMENT= on CREATE TABLE
* @return void
*/
function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
@ -303,7 +310,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
'{DATECURRENT}' => 'timestamp with time zone default now()',
);
} else {
echo "Sorry, unsupported database type " . $conf['database_type'];
echo "Sorry, unsupported database type " . $CONF['database_type'];
exit;
}
@ -312,14 +319,15 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
$query = trim(str_replace(array_keys($replace), $replace, $sql));
if (safeget('debug') != "") {
$debug = safeget('debug', '') != '';
if ($debug) {
printdebug($query);
}
$result = db_query($query, $ignore_errors);
if (safeget('debug') != "") {
if ($debug) {
print "<div style='color:#f00'>" . $result['error'] . "</div>";
}
return $result;
}
function _drop_index($table, $index) {
@ -331,7 +339,7 @@ function _drop_index($table, $index) {
} elseif ($CONF['database_type'] == 'pgsql' || db_sqlite()) {
return "DROP INDEX $index"; # Index names are unique with a DB for PostgreSQL
} else {
echo "Sorry, unsupported database type " . $conf['database_type'];
echo "Sorry, unsupported database type " . $CONF['database_type'];
exit;
}
}
@ -347,7 +355,7 @@ function _add_index($table, $indexname, $fieldlist) {
$pgindexname = $table . "_" . $indexname . '_idx';
return "CREATE INDEX $pgindexname ON $table($fieldlist);"; # Index names are unique with a DB for PostgreSQL
} else {
echo "Sorry, unsupported database type " . $conf['database_type'];
echo "Sorry, unsupported database type " . $CONF['database_type'];
exit;
}
}
@ -472,10 +480,10 @@ function upgrade_2_mysql() {
# from TABLE_BACKUP_MX.TXT
$table_domain = table_by_key('domain');
if (!_mysql_field_exists($table_domain, 'transport')) {
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255) AFTER maxquota;", true);
db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255) AFTER maxquota;", true);
}
if (!_mysql_field_exists($table_domain, 'backupmx')) {
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx {BOOLEAN} AFTER transport;", true);
db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx {BOOLEAN} AFTER transport;", true);
}
}
@ -600,8 +608,8 @@ function upgrade_2_pgsql() {
// this handles anyone who is upgrading... (and should have no impact on new installees)
$table_domain = table_by_key('domain');
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255)", true);
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx BOOLEAN DEFAULT false", true);
db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255)", true);
db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx BOOLEAN DEFAULT false", true);
}
function upgrade_3_mysql() {
@ -680,7 +688,7 @@ function upgrade_3_mysql() {
function upgrade_4_mysql() { # MySQL only
# changes between 2.1 and moving to sourceforge
$table_domain = table_by_key('domain');
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int(10) NOT NULL default '0' AFTER maxquota", true);
db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int(10) NOT NULL default '0' AFTER maxquota", true);
# Possible errors that can be ignored:
# - Invalid query: Table 'postfix.domain' doesn't exist
}
@ -699,25 +707,25 @@ function upgrade_4_pgsql() {
$table_vacation_notification = table_by_key('vacation_notification');
if (!_pgsql_field_exists($table_domain, 'quota')) {
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int NOT NULL default '0'");
db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int NOT NULL default '0'");
}
$result = db_query_parsed("ALTER TABLE $table_domain ALTER COLUMN domain DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_domain ALTER COLUMN domain DROP DEFAULT");
if (!_pgsql_object_exists('domain_domain_active')) {
$result = db_query_parsed("CREATE INDEX domain_domain_active ON $table_domain(domain,active)");
db_query_parsed("CREATE INDEX domain_domain_active ON $table_domain(domain,active)");
}
$result = db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN address DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN domain DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN address DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN domain DROP DEFAULT");
if (!_pgsql_object_exists('alias_address_active')) {
$result = db_query_parsed("CREATE INDEX alias_address_active ON $table_alias(address,active)");
db_query_parsed("CREATE INDEX alias_address_active ON $table_alias(address,active)");
}
$result = db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN username DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN username DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT");
$result = db_query_parsed("
db_query_parsed("
BEGIN;
ALTER TABLE $table_log RENAME COLUMN data TO data_old;
ALTER TABLE $table_log ADD COLUMN data text NOT NULL default '';
@ -725,10 +733,10 @@ function upgrade_4_pgsql() {
ALTER TABLE $table_log DROP COLUMN data_old;
COMMIT;");
$result = db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN username DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN domain DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN username DROP DEFAULT");
db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN domain DROP DEFAULT");
$result = db_query_parsed(
db_query_parsed(
"
BEGIN;
ALTER TABLE $table_mailbox RENAME COLUMN domain TO domain_old;
@ -742,12 +750,12 @@ function upgrade_4_pgsql() {
}
$result = db_query_parsed("ALTER TABLE $table_vacation ALTER COLUMN body SET DEFAULT ''");
db_query_parsed("ALTER TABLE $table_vacation ALTER COLUMN body SET DEFAULT ''");
if (_pgsql_field_exists($table_vacation, 'cache')) {
$result = db_query_parsed("ALTER TABLE $table_vacation DROP COLUMN cache");
db_query_parsed("ALTER TABLE $table_vacation DROP COLUMN cache");
}
$result = db_query_parsed("
db_query_parsed("
BEGIN;
ALTER TABLE $table_vacation RENAME COLUMN domain to domain_old;
ALTER TABLE $table_vacation ADD COLUMN domain varchar(255) REFERENCES $table_domain;
@ -757,11 +765,11 @@ function upgrade_4_pgsql() {
");
if (!_pgsql_object_exists('vacation_email_active')) {
$result = db_query_parsed("CREATE INDEX vacation_email_active ON $table_vacation(email,active)");
db_query_parsed("CREATE INDEX vacation_email_active ON $table_vacation(email,active)");
}
if (!_pgsql_object_exists($table_vacation_notification)) {
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE $table_vacation_notification (
on_vacation character varying(255) NOT NULL REFERENCES $table_vacation(email) ON DELETE CASCADE,
notified character varying(255) NOT NULL,
@ -785,7 +793,7 @@ function upgrade_4_pgsql() {
* - removed creation of default superadmin
*/
function upgrade_5_mysql() {
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('admin') . " (
`username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
@ -796,7 +804,7 @@ function upgrade_5_mysql() {
KEY username (`username`)
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Admins'; ");
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('alias') . " (
`address` varchar(255) NOT NULL default '',
`goto` text NOT NULL,
@ -809,7 +817,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Aliases';
");
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('domain') . " (
`domain` varchar(255) NOT NULL default '',
`description` varchar(255) NOT NULL default '',
@ -827,7 +835,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Domains';
");
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('domain_admins') . " (
`username` varchar(255) NOT NULL default '',
`domain` varchar(255) NOT NULL default '',
@ -837,7 +845,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Domain Admins';
");
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('log') . " (
`timestamp` {DATETIME},
`username` varchar(255) NOT NULL default '',
@ -848,7 +856,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Log';
");
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('mailbox') . " (
`username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
@ -864,7 +872,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Mailboxes';
");
$result = db_query_parsed("
db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('vacation') . " (
`email` varchar(255) NOT NULL ,
`subject` varchar(255) NOT NULL,
@ -883,10 +891,10 @@ function upgrade_5_mysql() {
* drop useless indicies (already available as primary key)
*/
function upgrade_79_mysql() { # MySQL only
$result = db_query_parsed(_drop_index('admin', 'username'), true);
$result = db_query_parsed(_drop_index('alias', 'address'), true);
$result = db_query_parsed(_drop_index('domain', 'domain'), true);
$result = db_query_parsed(_drop_index('mailbox', 'username'), true);
db_query_parsed(_drop_index('admin', 'username'), true);
db_query_parsed(_drop_index('alias', 'address'), true);
db_query_parsed(_drop_index('domain', 'domain'), true);
db_query_parsed(_drop_index('mailbox', 'username'), true);
}
function upgrade_81_mysql() { # MySQL only
@ -905,7 +913,7 @@ function upgrade_81_mysql() { # MySQL only
"));
foreach ($all_sql as $sql) {
$result = db_query_parsed($sql, true);
db_query_parsed($sql, true);
}
}
@ -913,9 +921,9 @@ function upgrade_81_mysql() { # MySQL only
* Make logging translatable - i.e. create alias => create_alias
*/
function upgrade_90_mysql_pgsql() {
$result = db_query_parsed("UPDATE " . table_by_key('log') . " SET action = REPLACE(action,' ','_')", true);
db_query_parsed("UPDATE " . table_by_key('log') . " SET action = REPLACE(action,' ','_')", true);
# change edit_alias_state to edit_alias_active
$result = db_query_parsed("UPDATE " . table_by_key('log') . " SET action = 'edit_alias_state' WHERE action = 'edit_alias_active'", true);
db_query_parsed("UPDATE " . table_by_key('log') . " SET action = 'edit_alias_state' WHERE action = 'edit_alias_active'", true);
}
/**
@ -924,9 +932,9 @@ function upgrade_90_mysql_pgsql() {
function upgrade_169_mysql() {
$table_domain = table_by_key('domain');
$table_mailbox = table_by_key('mailbox');
$result = db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true);
$result = db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `maxquota` bigint(20) NOT NULL default '0'", true);
$result = db_query_parsed("ALTER TABLE $table_mailbox MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true);
db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true);
db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `maxquota` bigint(20) NOT NULL default '0'", true);
db_query_parsed("ALTER TABLE $table_mailbox MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true);
}
@ -963,7 +971,7 @@ function upgrade_318_mysql() {
# (not a great loss) and re-create it using this function.
foreach ($all_sql as $sql) {
$result = db_query_parsed($sql);
db_query_parsed($sql);
}
}
@ -1090,7 +1098,7 @@ function upgrade_373_mysql() { # MySQL only
"));
foreach ($all_sql as $sql) {
$result = db_query_parsed($sql);
db_query_parsed($sql);
}
}
@ -1162,7 +1170,7 @@ function upgrade_473_mysql() {
"));
foreach ($all_sql as $sql) {
$result = db_query_parsed($sql);
db_query_parsed($sql);
}
}
@ -1408,6 +1416,10 @@ function upgrade_1284_mysql_pgsql() {
if ($result['rows'] > 0) {
while ($row = db_assoc($result['result'])) {
if(!is_array($row)) {
break;
}
printdebug("Setting superadmin flag for " . $row['username']);
db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
}
@ -1676,7 +1688,7 @@ function upgrade_1836_mysql() {
"));
foreach ($all_sql as $sql) {
$result = db_query_parsed($sql, true);
db_query_parsed($sql, true);
}
}

9
public/users/password-recover.php
Unescape Escape View File

@ -58,6 +58,11 @@ function sendCodebySMS($to, $username, $code) {
if ($_SERVER['REQUEST_METHOD'] === "POST") {
$start_time = microtime(true);
$tUsername = escape_string(safepost('fUsername'));
if(empty($tUsername) || !is_string($tUsername)) {
die("fUsername field required");
}
$handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;
$token = $handler->getPasswordRecoveryCode($tUsername);
if ($token !== false) {
@ -65,8 +70,8 @@ if ($_SERVER['REQUEST_METHOD'] === "POST") {
$result = db_query("SELECT * FROM $table WHERE username='$tUsername'");
$row = db_assoc($result['result']);
$email_other = trim($row['email_other']);
$phone = trim($row['phone']);
$email_other = isset($row['email_other']) ? trim($row['email_other']) : null;
$phone = isset($row['phone']) ? trim($row['phone']) : null;
if ($email_other) {
sendCodeByEmail($email_other, $tUsername, $token);

14
public/viewlog.php
Unescape Escape View File

@ -55,7 +55,6 @@ if (! (check_owner($SESSID_USERNAME, $fDomain) || authentication_has_role('globa
flash_error($PALANG['pViewlog_result_error']);
}
// we need to initialize $tLog as an array!
$tLog = array();
if ($error != 1) {
@ -66,19 +65,22 @@ if ($error != 1) {
if (db_pgsql()) {
$query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain='$fDomain' ORDER BY timestamp DESC LIMIT $page_size";
}
$result=db_query($query);
$result = db_query($query);
if ($result['rows'] > 0) {
while ($row = db_assoc($result['result'])) {
if (db_pgsql()) {
$row['timestamp']=gmstrftime('%c %Z', $row['timestamp']);
if (is_array($row) && db_pgsql()) {
$row['timestamp'] = gmstrftime('%c %Z', $row['timestamp']);
}
$tLog[] = $row;
}
}
}
for ($i = 0; $i < count($tLog); $i++) {
$tLog[$i]['action'] = $PALANG ['pViewlog_action_'.$tLog [$i]['action']];
foreach($tLog as $k => $v) {
if(isset($v['action'])) {
$v['action'] = $PALANG['pViewlog_action_' . $v['action']];
$tLog[$k] = $v;
}
}
$smarty->assign('domain_list', $list_domains);

2
public/xmlrpc.php
Unescape Escape View File

@ -162,7 +162,7 @@ class AliasProxy {
$ah = new AliasHandler();
$ah->init($_SESSION['sessid']['username']);
$values['goto'] = $addresses;
$values = ['goto' => $addresses];
if ($flags == 'forward_and_store') {
$values['goto_mailbox'] = 1;

8
templates/header.php
Unescape Escape View File

@ -1,5 +1,9 @@
<?php if( !defined('POSTFIXADMIN') ) die( "This file cannot be used standalone." ); ?>
<?php
<?php
if( !defined('POSTFIXADMIN') ) die( "This file cannot be used standalone." );
if( !isset($CONF) || !is_array($CONF) ) {
die("Configuration not loaded. Check " . __FILE__);
}
@header ("Expires: Sun, 16 Mar 2003 05:00:00 GMT");
@header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
@header ("Cache-Control: no-store, no-cache, must-revalidate");

Write Preview
Loading…
Cancel
Save