psalm fixes

pull/229/head
David Goodwin 6 years ago
parent 8d2a592aa9
commit 74002bbf57

1513
composer.lock generated

File diff suppressed because it is too large Load Diff

@ -31,6 +31,7 @@
################################################################################ ################################################################################
global $CONF;
/***************************************************************** /*****************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

@ -319,11 +319,12 @@ function check_email($email) {
* Clean a string, escaping any meta characters that could be * Clean a string, escaping any meta characters that could be
* used to disrupt an SQL string. i.e. "'" => "\'" etc. * used to disrupt an SQL string. i.e. "'" => "\'" etc.
* *
* @param string|array $string parameters to escape * @param string $string parameters to escape
* @return string|array of cleaned data, suitable for use within an SQL statement. * @return string cleaned data, suitable for use within an SQL statement.
*/ */
function escape_string($string) { function escape_string($string) {
global $CONF; global $CONF;
// if the string is actually an array, do a recursive cleaning. // if the string is actually an array, do a recursive cleaning.
// Note, the array keys are not cleaned. // Note, the array keys are not cleaned.
if (is_array($string)) { if (is_array($string)) {
@ -846,13 +847,13 @@ function encode_header($string, $default_charset = "utf-8") {
return $string; return $string;
} }
/*
if (!function_exists('random_int')) { // PHP version < 7.0 if (!function_exists('random_int')) { // PHP version < 7.0
function random_int() { // someone might not be using php_crypt or ask for password generation, in which case random_int() won't be called function random_int() { // someone might not be using php_crypt or ask for password generation, in which case random_int() won't be called
die(__FILE__ . " Postfixadmin security: Please install https://github.com/paragonie/random_compat OR enable the 'Phar' extension."); die(__FILE__ . " Postfixadmin security: Please install https://github.com/paragonie/random_compat OR enable the 'Phar' extension.");
} }
} }
*/
/** /**
* Generate a random password of $length characters. * Generate a random password of $length characters.
@ -1315,19 +1316,6 @@ function create_salt() {
return $salt; return $salt;
} }
/**/ if (!function_exists('hex2bin')) { # PHP around 5.3.8 includes hex2bin as native function - http://php.net/hex2bin
function hex2bin($str) {
$len = strlen($str);
$nstr = "";
for ($i=0;$i<$len;$i+=2) {
$num = sscanf(substr($str, $i, 2), "%x");
$nstr.=chr($num[0]);
}
return $nstr;
}
/**/
}
/* /*
* remove item $item from array $array * remove item $item from array $array
*/ */
@ -1829,7 +1817,7 @@ function db_array($result) {
*/ */
function db_assoc($result) { function db_assoc($result) {
global $CONF; global $CONF;
$row = ""; $row = [];
if ($CONF['database_type'] == "mysql") { if ($CONF['database_type'] == "mysql") {
/* @var resource $result */ /* @var resource $result */
$row = mysql_fetch_assoc($result); $row = mysql_fetch_assoc($result);

@ -34,7 +34,7 @@ class AdminHandler extends PFAHandler {
$domains_grouped = 'group_concat(domain)'; $domains_grouped = 'group_concat(domain)';
} }
$passwordReset = Config::read('forgotten_admin_password_reset'); $passwordReset = (int) Config::bool('forgotten_admin_password_reset');
$reset_by_sms = 0; $reset_by_sms = 0;
if ($passwordReset && Config::read('sms_send_function')) { if ($passwordReset && Config::read('sms_send_function')) {
@ -44,10 +44,10 @@ class AdminHandler extends PFAHandler {
$this->struct=array( $this->struct=array(
# field name allow display in... type $PALANG label $PALANG description default / options / ... # field name allow display in... type $PALANG label $PALANG description default / options / ...
# editing? form list # editing? form list
'username' => pacol($this->new, 1, 1, 'text', 'admin' , 'email_address' , '', '', 'username' => pacol($this->new, 1, 1, 'text', 'admin' , 'email_address' , '', array(),
array('linkto' => 'list.php?table=domain&username=%s') ), array('linkto' => 'list.php?table=domain&username=%s') ),
'password' => pacol(1, 1, 0, 'pass', 'password' , '' ), 'password' => pacol(1, 1, 0, 'pass', 'password' , '' ),
'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '', '', 'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'password as password2' /*select*/ 'password as password2'
@ -69,7 +69,7 @@ class AdminHandler extends PFAHandler {
/*extrafrom set in domain_count*/ /*extrafrom set in domain_count*/
), ),
'domain_count' => pacol(0, 0, 1, 'vnum', 'pAdminList_admin_count', '' , '', '', 'domain_count' => pacol(0, 0, 1, 'vnum', 'pAdminList_admin_count', '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__domain_count,0) as domain_count', /*select*/ 'coalesce(__domain_count,0) as domain_count',

@ -24,10 +24,10 @@ class AdminpasswordHandler extends PFAHandler {
# field name allow display in... type $PALANG label $PALANG description default / options / ... # field name allow display in... type $PALANG label $PALANG description default / options / ...
# editing? form list # editing? form list
'username' => pacol(0, 1, 1, 'text', 'admin' , '' ), 'username' => pacol(0, 1, 1, 'text', 'admin' , '' ),
'oldpass' => pacol(1, 1, 0, 'pass', 'pPassword_password_current' , '', '', '', 'oldpass' => pacol(1, 1, 0, 'pass', 'pPassword_password_current' , '', '', array(),
/*not_in_db*/ 1 ), /*not_in_db*/ 1 ),
'password' => pacol(1, 1, 0, 'pass', 'pPassword_password' , '' ), 'password' => pacol(1, 1, 0, 'pass', 'pPassword_password' , '' ),
'password2' => pacol(1, 1, 0, 'pass', 'pPassword_password2' , '' , '', '', 'password2' => pacol(1, 1, 0, 'pass', 'pPassword_password2' , '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'password as password2' /*select*/ 'password as password2'

@ -26,11 +26,11 @@ class AliasHandler extends PFAHandler {
$this->struct=array( $this->struct=array(
# field name allow display in... type $PALANG label $PALANG description default / ... # field name allow display in... type $PALANG label $PALANG description default / ...
# editing? form list # editing? form list
'status' => pacol(0, 0, 0, 'html', '' , '' , '', '', 'status' => pacol(0, 0, 0, 'html', '' , '' , '', array(),
array('not_in_db' => 1) ), array('not_in_db' => 1) ),
'address' => pacol($this->new, 1, 1, 'mail', 'alias' , 'pCreate_alias_catchall_text' ), 'address' => pacol($this->new, 1, 1, 'mail', 'alias' , 'pCreate_alias_catchall_text' ),
'localpart' => pacol($this->new, 0, 0, 'text', 'alias' , 'pCreate_alias_catchall_text' , '', 'localpart' => pacol($this->new, 0, 0, 'text', 'alias' , 'pCreate_alias_catchall_text' , '',
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 1 ), /*not_in_db*/ 1 ),
'domain' => pacol($this->new, 0, 1, 'enum', '' , '' , '', 'domain' => pacol($this->new, 0, 1, 'enum', '' , '' , '',
/*options*/ $this->allowed_domains ), /*options*/ $this->allowed_domains ),
@ -38,24 +38,24 @@ class AliasHandler extends PFAHandler {
'is_mailbox' => pacol(0, 0, 1, 'int', '' , '' , 0 , 'is_mailbox' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
# technically 'is_mailbox' is bool, but the automatic bool conversion breaks the query. Flagging it as int avoids this problem. # technically 'is_mailbox' is bool, but the automatic bool conversion breaks the query. Flagging it as int avoids this problem.
# Maybe having a vbool type (without the automatic conversion) would be cleaner - we'll see if we need it. # Maybe having a vbool type (without the automatic conversion) would be cleaner - we'll see if we need it.
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__is_mailbox,0) as is_mailbox' ), /*select*/ 'coalesce(__is_mailbox,0) as is_mailbox' ),
/*extrafrom set via set_is_mailbox_extrafrom() */ /*extrafrom set via set_is_mailbox_extrafrom() */
'__mailbox_username' => pacol( 0, 0, 1, 'vtxt', '' , '' , 0), # filled via is_mailbox '__mailbox_username' => pacol( 0, 0, 1, 'vtxt', '' , '' , 0), # filled via is_mailbox
'goto_mailbox' => pacol($mbgoto, $mbgoto,$mbgoto,'bool', 'pEdit_alias_forward_and_store' , '' , 0, 'goto_mailbox' => pacol($mbgoto, $mbgoto,$mbgoto,'bool', 'pEdit_alias_forward_and_store' , '' , 0,
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 1 ), # read_from_db_postprocess() sets the value /*not_in_db*/ 1 ), # read_from_db_postprocess() sets the value
'on_vacation' => pacol(1, 0, 1, 'bool', 'pUsersMenu_vacation' , '' , 0 , 'on_vacation' => pacol(1, 0, 1, 'bool', 'pUsersMenu_vacation' , '' , 0 ,
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 1 ), # read_from_db_postprocess() sets the value - TODO: read active flag from vacation table instead? /*not_in_db*/ 1 ), # read_from_db_postprocess() sets the value - TODO: read active flag from vacation table instead?
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ), 'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
'modified' => pacol(0, 0, 1, 'ts', 'last_modified' , '' ), 'modified' => pacol(0, 0, 1, 'ts', 'last_modified' , '' ),
'active' => pacol(1, 1, 1, 'bool', 'active' , '' , 1 ), 'active' => pacol(1, 1, 1, 'bool', 'active' , '' , 1 ),
'_can_edit' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , '', '_can_edit' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , array(),
array('select' => '1 as _can_edit') ), array('select' => '1 as _can_edit') ),
'_can_delete' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , '', '_can_delete' => pacol(0, 0, 1, 'vnum', '' , '' , 0 , array(),
array('select' => '1 as _can_delete') ), # read_from_db_postprocess() updates the value array('select' => '1 as _can_delete') ), # read_from_db_postprocess() updates the value
# aliases listed in $CONF[default_aliases] are read-only for domain admins if $CONF[special_alias_control] is NO. # aliases listed in $CONF[default_aliases] are read-only for domain admins if $CONF[special_alias_control] is NO.
); );
@ -326,12 +326,12 @@ class AliasHandler extends PFAHandler {
# editing a default alias (postmaster@ etc.) is only allowed if special_alias_control is allowed or if the user is a superadmin # editing a default alias (postmaster@ etc.) is only allowed if special_alias_control is allowed or if the user is a superadmin
$tmp = preg_split('/\@/', $db_result[$key]['address']); $tmp = preg_split('/\@/', $db_result[$key]['address']);
if (!$this->is_superadmin && !Config::bool('special_alias_control') && array_key_exists($tmp[0], Config::Read('default_aliases'))) { if (!$this->is_superadmin && !Config::bool('special_alias_control') && array_key_exists($tmp[0], Config::read_array('default_aliases'))) {
$db_result[$key]['_can_edit'] = 0; $db_result[$key]['_can_edit'] = 0;
$db_result[$key]['_can_delete'] = 0; $db_result[$key]['_can_delete'] = 0;
} }
if ($this->struct['status']['display_in_list'] && Config::Bool('show_status')) { if ($this->struct['status']['display_in_list'] && Config::bool('show_status')) {
$db_result[$key]['status'] = gen_show_status($db_result[$key]['address']); $db_result[$key]['status'] = gen_show_status($db_result[$key]['address']);
} }
} }
@ -440,7 +440,7 @@ class AliasHandler extends PFAHandler {
*/ */
protected function getVacationAlias() { protected function getVacationAlias() {
$vacation_goto = str_replace('@', '#', $this->id); $vacation_goto = str_replace('@', '#', $this->id);
return $vacation_goto . '@' . Config::read('vacation_domain'); return $vacation_goto . '@' . Config::read_string('vacation_domain');
} }
/** /**

@ -6,6 +6,8 @@
class CliDelete extends Shell { class CliDelete extends Shell {
protected $handler_to_use = '';
/** /**
* Execution method always used for tasks * Execution method always used for tasks
*/ */

@ -77,7 +77,8 @@ class CliEdit extends Shell {
$form_fields = $handler->getStruct(); $form_fields = $handler->getStruct();
$id_field = $handler->getId_field(); $id_field = $handler->getId_field();
$values[$id_field] = '';
$values = array($id_field => '');
while ($form_fields[$id_field]['editable'] != 0) { # endlees loop - except if input is valid or id_field is not editable (like auto_increment) while ($form_fields[$id_field]['editable'] != 0) { # endlees loop - except if input is valid or id_field is not editable (like auto_increment)
$question = $form_fields[$id_field]['label'] . ":"; $question = $form_fields[$id_field]['label'] . ":";
if ($form_fields[$id_field]['desc'] != '') { if ($form_fields[$id_field]['desc'] != '') {

@ -6,6 +6,8 @@
class CliView extends Shell { class CliView extends Shell {
protected $handler_to_use = 'invalid';
/** /**
* Execution method always used for tasks * Execution method always used for tasks
*/ */

@ -68,6 +68,39 @@ final class Config {
$_this->setAll($newConfig); $_this->setAll($newConfig);
} }
/**
* @return array
* @param string $var
*/
public static function read_array($var) {
$stuff = self::read($var);
if(!is_array($stuff)) {
trigger_error('In '.__FUNCTION__.": expected config $var to be a boolean, but received a " . gettype($stuff), E_USER_ERROR);
}
return $stuff;
}
/**
* @param string $var
* @return string
*/
public static function read_string($var) {
$stuff = self::read($var);
if($stuff === null) {
return '';
}
if(!is_string($stuff)) {
trigger_error('In '.__FUNCTION__.": expected config $var to be a string, but received a " . gettype($stuff), E_USER_ERROR);
return '';
}
return $stuff;
}
/** /**
* Used to read Configure::$var * Used to read Configure::$var
* *
@ -76,7 +109,7 @@ final class Config {
* Configure::read('Name.key'); will return only the value of Configure::Name[key] * Configure::read('Name.key'); will return only the value of Configure::Name[key]
* *
* @param string $var Variable to obtain * @param string $var Variable to obtain
* @return array|string string value of Configure::$var * @return array|string|null string value of Configure::$var
* @access public * @access public
*/ */
public static function read($var) { public static function read($var) {
@ -131,7 +164,7 @@ final class Config {
* @access public * @access public
*/ */
public static function read_f($var, $value) { public static function read_f($var, $value) {
$text = self::read($var); $text = self::read_string($var);
$newtext = sprintf($text, $value); $newtext = sprintf($text, $value);
@ -148,19 +181,28 @@ final class Config {
/** /**
* Used to read Config::$var, converted to boolean * Used to read Config::$var, converted to boolean
* (obviously only useful for settings that can be YES or NO) * (obviously only useful for settings that can be YES or NO, or boolean like values)
* *
* Usage * Usage
* Configure::read('Name'); will return the value for Name, converted to boolean * Configure::read('Name'); will return the value for Name, converted to boolean
* *
* @param string $var Variable to obtain * @param string $var Variable to obtain
* @return bool value of Configure::$var (TRUE (on YES/yes) or FALSE (on NO/no/not set/unknown value) * @return bool value of Configure::$var (TRUE (on YES/yes) or FALSE (on NO/no/not set/unknown value)
* @access public
*/ */
public static function bool($var) { public static function bool($var) {
$value = self::read($var); $value = self::read($var);
if(is_bool($value)) {
return $value;
}
if(!is_string($value)) {
trigger_error('In '.__FUNCTION__.": expected config $var to be a string, but received a " . gettype($value), E_USER_ERROR);
error_log("config $var should be a string, found: " . json_encode($value));
return false;
}
if (strtoupper($value) == 'YES') { # YES if (strtoupper($value) == 'YES') { # YES
return true; return true;
} elseif (strtoupper($value) == 'NO') { # NO } elseif (strtoupper($value) == 'NO') { # NO
@ -193,7 +235,11 @@ final class Config {
* @access public * @access public
*/ */
public static function lang($var) { public static function lang($var) {
return self::read(array('__LANG', $var)); $value = self::read("__LANG.{$var}");
if(!is_string($value)) {
throw new InvalidArgumentException("Expected string value for $var ");
}
return $value;
} }
/** /**
@ -206,7 +252,7 @@ final class Config {
* @access public * @access public
*/ */
public static function lang_f($var, $value) { public static function lang_f($var, $value) {
return self::read_f(array('__LANG', $var), $value); return self::read_f('__LANG'. $var, $value);
} }
/** /**

@ -46,62 +46,62 @@ class DomainHandler extends PFAHandler {
$this->struct=array( $this->struct=array(
# field name allow display in... type $PALANG label $PALANG description default / options / ... # field name allow display in... type $PALANG label $PALANG description default / options / ...
# editing? form list # editing? form list
'domain' => pacol($this->new, 1, 1, 'text', 'domain' , '' , '', '', 'domain' => pacol($this->new, 1, 1, 'text', 'domain' , '' , '', array(),
array('linkto' => 'list-virtual.php?domain=%s') ), array('linkto' => 'list-virtual.php?domain=%s') ),
'description' => pacol($super, $super, $super, 'text', 'description' , '' ), 'description' => pacol($super, $super, $super, 'text', 'description' , '' ),
# Aliases # Aliases
'aliases' => pacol($super, $super, 0, 'num' , 'aliases' , 'pAdminEdit_domain_aliases_text' , Config::read('aliases') ), 'aliases' => pacol($super, $super, 0, 'num' , 'aliases' , 'pAdminEdit_domain_aliases_text' , Config::read('aliases') ),
'alias_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', '', 'alias_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__alias_count,0) - coalesce(__mailbox_count,0) as alias_count', /*select*/ 'coalesce(__alias_count,0) - coalesce(__mailbox_count,0) as alias_count',
/*extrafrom*/ 'left join ( select count(*) as __alias_count, domain as __alias_domain from ' . table_by_key('alias') . /*extrafrom*/ 'left join ( select count(*) as __alias_count, domain as __alias_domain from ' . table_by_key('alias') .
' group by domain) as __alias on domain = __alias_domain'), ' group by domain) as __alias on domain = __alias_domain'),
'aliases_quot' => pacol(0, 0, 1, 'quot', 'aliases' , '' , 0, '', 'aliases_quot' => pacol(0, 0, 1, 'quot', 'aliases' , '' , 0, array(),
array('select' => db_quota_text( '__alias_count - coalesce(__mailbox_count,0)', 'aliases', 'aliases_quot')) ), array('select' => db_quota_text( '__alias_count - coalesce(__mailbox_count,0)', 'aliases', 'aliases_quot')) ),
'_aliases_quot_percent' => pacol( 0, 0, 1, 'vnum', '' ,'' , 0, '', '_aliases_quot_percent' => pacol( 0, 0, 1, 'vnum', '' ,'' , 0, array(),
array('select' => db_quota_percent('__alias_count - coalesce(__mailbox_count,0)', 'aliases', '_aliases_quot_percent')) ), array('select' => db_quota_percent('__alias_count - coalesce(__mailbox_count,0)', 'aliases', '_aliases_quot_percent')) ),
# Mailboxes # Mailboxes
'mailboxes' => pacol($super, $super, 0, 'num' , 'mailboxes' , 'pAdminEdit_domain_aliases_text' , Config::read('mailboxes') ), 'mailboxes' => pacol($super, $super, 0, 'num' , 'mailboxes' , 'pAdminEdit_domain_aliases_text' , Config::read('mailboxes') ),
'mailbox_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', '', 'mailbox_count' => pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'coalesce(__mailbox_count,0) as mailbox_count', /*select*/ 'coalesce(__mailbox_count,0) as mailbox_count',
/*extrafrom*/ 'left join ( select count(*) as __mailbox_count, sum(quota) as __total_quota, domain as __mailbox_domain from ' . table_by_key('mailbox') . /*extrafrom*/ 'left join ( select count(*) as __mailbox_count, sum(quota) as __total_quota, domain as __mailbox_domain from ' . table_by_key('mailbox') .
' group by domain) as __mailbox on domain = __mailbox_domain'), ' group by domain) as __mailbox on domain = __mailbox_domain'),
'mailboxes_quot' => pacol(0, 0, 1, 'quot', 'mailboxes' , '' , 0, '', 'mailboxes_quot' => pacol(0, 0, 1, 'quot', 'mailboxes' , '' , 0, array(),
array('select' => db_quota_text( '__mailbox_count', 'mailboxes', 'mailboxes_quot')) ), array('select' => db_quota_text( '__mailbox_count', 'mailboxes', 'mailboxes_quot')) ),
'_mailboxes_quot_percent' => pacol( 0, 0, 1, 'vnum', '' , '' , 0, '', '_mailboxes_quot_percent' => pacol( 0, 0, 1, 'vnum', '' , '' , 0, array(),
array('select' => db_quota_percent('__mailbox_count', 'mailboxes', '_mailboxes_quot_percent')) ), array('select' => db_quota_percent('__mailbox_count', 'mailboxes', '_mailboxes_quot_percent')) ),
'maxquota' => pacol($editquota,$editquota,$quota, 'num', 'pOverview_get_quota' , 'pAdminEdit_domain_maxquota_text' , Config::read('maxquota') ), 'maxquota' => pacol($editquota,$editquota,$quota, 'num', 'pOverview_get_quota' , 'pAdminEdit_domain_maxquota_text' , Config::read('maxquota') ),
# Domain quota # Domain quota
'quota' => pacol($edit_dom_q,$edit_dom_q, 0, 'num', 'pAdminEdit_domain_quota' , 'pAdminEdit_domain_maxquota_text' , Config::read('domain_quota_default') ), 'quota' => pacol($edit_dom_q,$edit_dom_q, 0, 'num', 'pAdminEdit_domain_quota' , 'pAdminEdit_domain_maxquota_text' , Config::read('domain_quota_default') ),
'total_quota' => pacol(0, 0, 1, 'vnum', '' , '' , '', '', 'total_quota' => pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
array('select' => "$query_used_domainquota AS total_quota") /*extrafrom*//* already in mailbox_count */ ), array('select' => "$query_used_domainquota AS total_quota") /*extrafrom*//* already in mailbox_count */ ),
'total_quot' => pacol( 0, 0, $dom_q, 'quot', 'pAdminEdit_domain_quota' , '' , 0, '', 'total_quot' => pacol( 0, 0, $dom_q, 'quot', 'pAdminEdit_domain_quota' , '' , 0, array(),
array('select' => db_quota_text( $query_used_domainquota, 'quota', 'total_quot')) ), array('select' => db_quota_text( $query_used_domainquota, 'quota', 'total_quot')) ),
'_total_quot_percent'=> pacol( 0, 0, $dom_q, 'vnum', '' , '' , 0, '', '_total_quot_percent'=> pacol( 0, 0, $dom_q, 'vnum', '' , '' , 0, array(),
array('select' => db_quota_percent($query_used_domainquota, 'quota', '_total_quot_percent')) ), array('select' => db_quota_percent($query_used_domainquota, 'quota', '_total_quot_percent')) ),
'transport' => pacol($transp, $transp,$transp,'enum', 'transport' , 'pAdminEdit_domain_transport_text' , Config::read('transport_default') , 'transport' => pacol($transp, $transp,$transp,'enum', 'transport' , 'pAdminEdit_domain_transport_text' , Config::read('transport_default') ,
/*options*/ Config::read('transport_options') ), /*options*/ Config::read_array('transport_options') ),
'backupmx' => pacol($super, $super, 1, 'bool', 'pAdminEdit_domain_backupmx' , '' , 0), 'backupmx' => pacol($super, $super, 1, 'bool', 'pAdminEdit_domain_backupmx' , '' , 0),
'active' => pacol($super, $super, 1, 'bool', 'active' , '' , 1 ), 'active' => pacol($super, $super, 1, 'bool', 'active' , '' , 1 ),
'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,'', /*not in db*/ 1 ), 'default_aliases' => pacol($this->new, $this->new, 0, 'bool', 'pAdminCreate_domain_defaultaliases', '' , 1,array(), /*not in db*/ 1 ),
'created' => pacol(0, 0, 0, 'ts', 'created' , '' ), 'created' => pacol(0, 0, 0, 'ts', 'created' , '' ),
'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ), 'modified' => pacol(0, 0, $super, 'ts', 'last_modified' , '' ),
'password_expiry' => pacol($super, $super, $super, 'num', 'password_expiration' , 'password_expiration_desc', ''), 'password_expiry' => pacol($super, $super, $super, 'num', 'password_expiration' , 'password_expiration_desc', ''),
'_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 , '_can_edit' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ $this->is_superadmin . ' as _can_edit' ), /*select*/ $this->is_superadmin . ' as _can_edit' ),
'_can_delete' => pacol(0, 0, 1, 'int', '' , '' , 0 , '_can_delete' => pacol(0, 0, 1, 'int', '' , '' , 0 ,
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ $this->is_superadmin . ' as _can_delete' ), /*select*/ $this->is_superadmin . ' as _can_delete' ),
@ -146,7 +146,7 @@ class DomainHandler extends PFAHandler {
return true; return true;
} }
$this->errormsg[] = Config::Lang('edit_not_allowed', $this->id); $this->errormsg[] = Config::Lang_f('edit_not_allowed', $this->id);
return false; return false;
} }
@ -156,7 +156,7 @@ class DomainHandler extends PFAHandler {
*/ */
protected function storemore() { protected function storemore() {
if ($this->new && $this->values['default_aliases']) { if ($this->new && $this->values['default_aliases']) {
foreach (Config::read('default_aliases') as $address=>$goto) { foreach (Config::read_array('default_aliases') as $address=>$goto) {
$address = $address . "@" . $this->id; $address = $address . "@" . $this->id;
# if $goto doesn't contain @, let the alias point to the same domain # if $goto doesn't contain @, let the alias point to the same domain
if (!strstr($goto, '@')) { if (!strstr($goto, '@')) {
@ -233,7 +233,7 @@ class DomainHandler extends PFAHandler {
db_delete($this->db_table, $this->id_field, $this->id); db_delete($this->db_table, $this->id_field, $this->id);
if (!$this->domain_postdeletion()) { if (!$this->domain_postdeletion()) {
$this->error_msg[] = Config::Lang('domain_postdel_failed'); $this->errormsg[] = Config::Lang('domain_postdel_failed');
} }
db_log($this->id, 'delete_domain', $this->id); # TODO delete_domain is not a valid db_log keyword yet db_log($this->id, 'delete_domain', $this->id); # TODO delete_domain is not a valid db_log keyword yet

@ -83,9 +83,6 @@ class FetchmailHandler extends PFAHandler {
); );
} }
protected function domain_from_id() {
# do nothing, setmore() does the work
}
protected function setmore($values) { protected function setmore($values) {
# set domain based on the target mailbox # set domain based on the target mailbox

@ -12,9 +12,9 @@ class MailboxHandler extends PFAHandler {
# init $this->struct, $this->db_table and $this->id_field # init $this->struct, $this->db_table and $this->id_field
protected function initStruct() { protected function initStruct() {
$passwordReset = Config::read('forgotten_user_password_reset'); $passwordReset = (int) Config::bool('forgotten_user_password_reset');
$reset_by_sms = 0; $reset_by_sms = 0;
if ($passwordReset && Config::read('sms_send_function')) { if ($passwordReset && Config::read_string('sms_send_function')) {
$reset_by_sms = 1; $reset_by_sms = 1;
} }
@ -30,7 +30,7 @@ class MailboxHandler extends PFAHandler {
'maildir' => pacol($this->new, 0, 1, 'text', '' , '' , '' ), 'maildir' => pacol($this->new, 0, 1, 'text', '' , '' , '' ),
'password' => pacol(1, 1, 0, 'pass', 'password' , 'pCreate_mailbox_password_text' , '' ), 'password' => pacol(1, 1, 0, 'pass', 'password' , 'pCreate_mailbox_password_text' , '' ),
'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '', 'password2' => pacol(1, 1, 0, 'pass', 'password_again' , '' , '',
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ 'password as password2' /*select*/ 'password as password2'
@ -41,7 +41,7 @@ class MailboxHandler extends PFAHandler {
# TODO: read used quota from quota/quota2 table # TODO: read used quota from quota/quota2 table
'active' => pacol(1, 1, 1, 'bool', 'active' , '' , 1 ), 'active' => pacol(1, 1, 1, 'bool', 'active' , '' , 1 ),
'welcome_mail' => pacol($this->new, $this->new, 0, 'bool', 'pCreate_mailbox_mail' , '' , 1, 'welcome_mail' => pacol($this->new, $this->new, 0, 'bool', 'pCreate_mailbox_mail' , '' , 1,
/*options*/ '', /*options*/ array(),
/*not_in_db*/ 1 ), /*not_in_db*/ 1 ),
'phone' => pacol(1, $reset_by_sms, 0, 'text', 'pCreate_mailbox_phone' , 'pCreate_mailbox_phone_desc' , ''), 'phone' => pacol(1, $reset_by_sms, 0, 'text', 'pCreate_mailbox_phone' , 'pCreate_mailbox_phone_desc' , ''),
'email_other' => pacol(1, $passwordReset, 0, 'mail', 'pCreate_mailbox_email' , 'pCreate_mailbox_email_desc' , ''), 'email_other' => pacol(1, $passwordReset, 0, 'mail', 'pCreate_mailbox_email' , 'pCreate_mailbox_email_desc' , ''),
@ -97,7 +97,7 @@ class MailboxHandler extends PFAHandler {
# } elseif ($maxquota < 0) { # } elseif ($maxquota < 0) {
# TODO: show 'disabled' - at the moment, just shows '-1' # TODO: show 'disabled' - at the moment, just shows '-1'
} else { } else {
$this->struct['quota']['desc'] = Config::lang_f('mb_max', $maxquota); $this->struct['quota']['desc'] = Config::lang_f('mb_max', "" . $maxquota);
} }
} }
@ -219,7 +219,7 @@ class MailboxHandler extends PFAHandler {
protected function beforestore() { protected function beforestore() {
if (isset($this->values['quota']) && $this->values['quota'] != -1) { if (isset($this->values['quota']) && $this->values['quota'] != -1) {
$this->values['quota'] = $this->values['quota'] * Config::read('quota_multiplier'); # convert quota from MB to bytes $this->values['quota'] = $this->values['quota'] * Config::read_string('quota_multiplier'); # convert quota from MB to bytes
} }
$ah = new AliasHandler($this->new, $this->admin_username); $ah = new AliasHandler($this->new, $this->admin_username);
@ -320,7 +320,7 @@ class MailboxHandler extends PFAHandler {
db_delete($this->db_table, $this->id_field, $this->id); # finally delete the mailbox db_delete($this->db_table, $this->id_field, $this->id); # finally delete the mailbox
if (!$this->mailbox_postdeletion()) { if (!$this->mailbox_postdeletion()) {
$this->error_msg[] = Config::Lang('mailbox_postdel_failed'); $this->errormsg[] = Config::Lang('mailbox_postdel_failed');
} }
list(/*NULL*/, $domain) = explode('@', $this->id); list(/*NULL*/, $domain) = explode('@', $this->id);
@ -408,9 +408,9 @@ class MailboxHandler extends PFAHandler {
protected function _missing_maildir($field) { protected function _missing_maildir($field) {
list($local_part, $domain) = explode('@', $this->id); list($local_part, $domain) = explode('@', $this->id);
$maildir_name_hook = Config::read('maildir_name_hook'); $maildir_name_hook = Config::read_string('maildir_name_hook');
if ($maildir_name_hook != 'NO' && function_exists($maildir_name_hook)) { if (is_string($maildir_name_hook) && $maildir_name_hook != 'NO' && function_exists($maildir_name_hook)) {
$maildir = $maildir_name_hook($domain, $this->id); $maildir = $maildir_name_hook($domain, $this->id);
} elseif (Config::bool('domain_path')) { } elseif (Config::bool('domain_path')) {
if (Config::bool('domain_in_mailbox')) { if (Config::bool('domain_in_mailbox')) {
@ -650,7 +650,7 @@ class MailboxHandler extends PFAHandler {
return false; return false;
} }
$s_host = Config::read('create_mailbox_subdirs_host'); $s_host = Config::read_string('create_mailbox_subdirs_host');
if (empty($s_host)) { if (empty($s_host)) {
trigger_error('An IMAP/POP server host ($CONF["create_mailbox_subdirs_host"]) must be configured, if sub-folders are to be created', E_USER_ERROR); trigger_error('An IMAP/POP server host ($CONF["create_mailbox_subdirs_host"]) must be configured, if sub-folders are to be created', E_USER_ERROR);
return false; return false;
@ -670,7 +670,7 @@ class MailboxHandler extends PFAHandler {
} }
$s_port=''; $s_port='';
$create_mailbox_subdirs_hostport = Config::read('create_mailbox_subdirs_hostport'); $create_mailbox_subdirs_hostport = Config::read_string('create_mailbox_subdirs_hostport');
if (!empty($create_mailbox_subdirs_hostport)) { if (!empty($create_mailbox_subdirs_hostport)) {
$s_port = $create_mailbox_subdirs_hostport; $s_port = $create_mailbox_subdirs_hostport;
if (intval($s_port)!=$s_port) { if (intval($s_port)!=$s_port) {
@ -690,7 +690,7 @@ class MailboxHandler extends PFAHandler {
return false; return false;
} }
$s_prefix = Config::read('create_mailbox_subdirs_prefix'); $s_prefix = Config::read_string('create_mailbox_subdirs_prefix');
foreach ($create_mailbox_subdirs as $f) { foreach ($create_mailbox_subdirs as $f) {
$f='{'.$s_host.'}'.$s_prefix.$f; $f='{'.$s_host.'}'.$s_prefix.$f;
$res=imap_createmailbox($i, $f); $res=imap_createmailbox($i, $f);

@ -97,7 +97,10 @@ abstract class PFAHandler {
# will be set to 0 if $admin_username is set and is not a superadmin # will be set to 0 if $admin_username is set and is not a superadmin
protected $is_superadmin = 1; protected $is_superadmin = 1;
# if set, switch to user (non-admin) mode /**
* @var string $username
* if set, switch to user (non-admin) mode
*/
protected $username = ''; protected $username = '';
# will be set to 0 if a user (non-admin) is logged in # will be set to 0 if a user (non-admin) is logged in
@ -159,9 +162,9 @@ abstract class PFAHandler {
/** /**
* Constructor: fill $struct etc. * Constructor: fill $struct etc.
* @param integer - 0 is edit mode, set to 1 to switch to create mode * @param int $new - 0 is edit mode, set to 1 to switch to create mode
* @param string - if an admin_username is specified, permissions will be restricted to the domains this admin may manage * @param string $username - if an admin_username is specified, permissions will be restricted to the domains this admin may manage
* @param integer - 0 if logged in as user, 1 if logged in as admin or superadmin * @param int $is_admin - 0 if logged in as user, 1 if logged in as admin or superadmin
*/ */
public function __construct($new = 0, $username = "", $is_admin = 1) { public function __construct($new = 0, $username = "", $is_admin = 1) {
# set label_field if not explicitely set # set label_field if not explicitely set
@ -207,7 +210,7 @@ abstract class PFAHandler {
$this->initStruct(); $this->initStruct();
if (!isset($this->struct['_can_edit'])) { if (!isset($this->struct['_can_edit'])) {
$this->struct['_can_edit'] = pacol(0, 0, 1, 'vnum', '' , '' , '', '', $this->struct['_can_edit'] = pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ '1 as _can_edit' /*select*/ '1 as _can_edit'
@ -215,7 +218,7 @@ abstract class PFAHandler {
} }
if (!isset($this->struct['_can_delete'])) { if (!isset($this->struct['_can_delete'])) {
$this->struct['_can_delete'] = pacol(0, 0, 1, 'vnum', '' , '' , '', '', $this->struct['_can_delete'] = pacol(0, 0, 1, 'vnum', '' , '' , '', array(),
/*not_in_db*/ 0, /*not_in_db*/ 0,
/*dont_write_to_db*/ 1, /*dont_write_to_db*/ 1,
/*select*/ '1 as _can_delete' /*select*/ '1 as _can_delete'
@ -223,7 +226,7 @@ abstract class PFAHandler {
} }
$struct_hook = Config::read($this->db_table . '_struct_hook'); $struct_hook = Config::read($this->db_table . '_struct_hook');
if ($struct_hook != 'NO' && function_exists($struct_hook)) { if (!empty($struct_hook) && is_string($struct_hook) && $struct_hook != 'NO' && function_exists($struct_hook)) {
$this->struct = $struct_hook($this->struct); $this->struct = $struct_hook($this->struct);
} }
@ -727,9 +730,11 @@ abstract class PFAHandler {
$db_result = array(); $db_result = array();
if ($result['rows'] != 0) { if ($result['rows'] != 0) {
while ($row = db_assoc($result['result'])) { while ($row = db_assoc($result['result'])) {
if(is_array($row)) {
$db_result[$row[$this->id_field]] = $row; $db_result[$row[$this->id_field]] = $row;
} }
} }
}
$db_result = $this->read_from_db_postprocess($db_result); $db_result = $this->read_from_db_postprocess($db_result);
return $db_result; return $db_result;
@ -822,6 +827,9 @@ abstract class PFAHandler {
$result = db_query($query); $result = db_query($query);
if ($result['rows'] == 1) { if ($result['rows'] == 1) {
$row = db_assoc($result['result']); $row = db_assoc($result['result']);
if(!is_array($row)) {
return false;
}
$crypt_password = pacrypt($password, $row['password']); $crypt_password = pacrypt($password, $row['password']);
if ($row['password'] == $crypt_password) { if ($row['password'] == $crypt_password) {
@ -867,6 +875,10 @@ abstract class PFAHandler {
$result = db_query($query); $result = db_query($query);
if ($result['rows'] == 1) { if ($result['rows'] == 1) {
$row = db_assoc($result['result']); $row = db_assoc($result['result']);
if(!is_array($row)) {
return false;
}
$crypt_token = pacrypt($token, $row['token']); $crypt_token = pacrypt($token, $row['token']);
if ($row['token'] == $crypt_token) { if ($row['token'] == $crypt_token) {

@ -141,7 +141,7 @@ class Shell {
* @param string $default Default input value. * @param string $default Default input value.
* @return string either the default value, or the user-provided input. * @return string either the default value, or the user-provided input.
*/ */
public function in($prompt, $options = null, $default = null) { public function in($prompt, $options = null, $default = '') {
if (!$this->interactive) { if (!$this->interactive) {
return $default; return $default;
} }

@ -196,6 +196,10 @@ class VacationHandler extends PFAHandler {
} }
$row = db_assoc($result['result']); $row = db_assoc($result['result']);
if(!is_array($row)) {
return false;
}
$boolean = ($row['active'] == db_get_boolean(true)); $boolean = ($row['active'] == db_get_boolean(true));
# TODO: only return true and store the db result array in $this->whatever for consistency with the other classes # TODO: only return true and store the db result array in $this->whatever for consistency with the other classes
return array( return array(

@ -108,7 +108,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
while ($row = db_assoc($result['result'])) { while ($row = db_assoc($result['result'])) {
$fields = array_keys($row); $fields = array_keys($row);
$values = array_values($row); $values = array_values($row);
$values = array_map('escape_string', $values); $values = array_map(function($str) { return escape_string($str); }, $values);
fwrite($fh, "INSERT INTO ". $tables[$i] . " (". implode(',', $fields) . ") VALUES ('" . implode('\',\'', $values) . "');\n"); fwrite($fh, "INSERT INTO ". $tables[$i] . " (". implode(',', $fields) . ") VALUES ('" . implode('\',\'', $values) . "');\n");
$fields = ""; $fields = "";

@ -66,9 +66,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$result = db_query($q); $result = db_query($q);
if ($result['rows'] > 0) { if ($result['rows'] > 0) {
while ($row = db_assoc($result['result'])) { while ($row = db_assoc($result['result'])) {
if(is_array($row)) {
$recipients[] = $row['username']; $recipients[] = $row['username'];
} }
} }
}
$recipients = array_unique($recipients); $recipients = array_unique($recipients);

@ -22,11 +22,13 @@
$CONF = array('configured' => false); $CONF = array('configured' => false);
clearstatcache();
if (file_exists(dirname(__FILE__) . '/../config.inc.php')) { if (file_exists(dirname(__FILE__) . '/../config.inc.php')) {
require_once(dirname(__FILE__) . '/../config.inc.php'); require_once(dirname(__FILE__) . '/../config.inc.php');
} }
if ($CONF['configured'] === true) { if ($CONF['configured']) {
header("Location: login.php"); header("Location: login.php");
exit; exit;
} }

@ -59,6 +59,10 @@ if ((is_array($list_domains) and sizeof($list_domains) > 0)) {
} }
} }
if (!is_string($fDomain)) {
die(Config::Lang('invalid_parameter'));
}
if (!in_array($fDomain, $list_domains)) { if (!in_array($fDomain, $list_domains)) {
flash_error($PALANG['invalid_parameter']); flash_error($PALANG['invalid_parameter']);
unset($_SESSION['list-virtual:domain']); unset($_SESSION['list-virtual:domain']);
@ -226,6 +230,9 @@ if ($result['rows'] > 0) {
$goto_single_rec_del = ""; $goto_single_rec_del = "";
while ($row = db_assoc($result['result'])) { while ($row = db_assoc($result['result'])) {
if(!is_array($row)) {
continue;
}
if ($display_mailbox_aliases) { if ($display_mailbox_aliases) {
$goto_split = explode(",", $row['goto']); $goto_split = explode(",", $row['goto']);
$row['goto_mailbox'] = 0; $row['goto_mailbox'] = 0;

@ -88,7 +88,7 @@ $_SESSION['PFA_token'] = md5(uniqid(rand(), true));
$smarty->assign('language_selector', language_selector(), false); $smarty->assign('language_selector', language_selector(), false);
$smarty->assign('smarty_template', 'login'); $smarty->assign('smarty_template', 'login');
$smarty->assign('logintype', 'admin'); $smarty->assign('logintype', 'admin');
$smarty->assign('forgotten_password_reset', Config::read('forgotten_admin_password_reset')); $smarty->assign('forgotten_password_reset', Config::bool('forgotten_admin_password_reset'));
$smarty->display('index.tpl'); $smarty->display('index.tpl');
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

@ -3,6 +3,9 @@ if (!defined('POSTFIXADMIN')) {
require_once('common.php'); require_once('common.php');
} }
if(!isset($CONF) || !is_array($CONF)) {
die("config.inc.php seems invalid");
}
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
# @version $Id$ # @version $Id$
@ -12,7 +15,7 @@ if (!defined('POSTFIXADMIN')) {
/** /**
* Use this to check whether an object (Table, index etc) exists within a * Use this to check whether an object (Table, index etc) exists within a
* PostgreSQL database. * PostgreSQL database.
* @param String the object name * @param string the object name
* @return boolean true if it exists * @return boolean true if it exists
*/ */
function _pgsql_object_exists($name) { function _pgsql_object_exists($name) {
@ -24,6 +27,11 @@ function _pgsql_object_exists($name) {
return false; return false;
} }
/**
* @param string $table
* @param string $field
* @return bool
*/
function _pgsql_field_exists($table, $field) { function _pgsql_field_exists($table, $field) {
# $table = table_by_key($table); # _pgsql_field_exists is always called with the expanded table name - don't expand it twice # $table = table_by_key($table); # _pgsql_field_exists is always called with the expanded table name - don't expand it twice
$sql = ' $sql = '
@ -97,7 +105,7 @@ function _db_add_field($table, $field, $fieldtype, $after = '') {
} }
if (! _db_field_exists(table_by_key($table), $field)) { if (! _db_field_exists(table_by_key($table), $field)) {
$result = db_query_parsed($query); db_query_parsed($query);
} else { } else {
printdebug("field already exists: $table.$field"); printdebug("field already exists: $table.$field");
} }
@ -218,7 +226,6 @@ function _do_upgrade($current_version) {
} }
} }
// Update config table so we don't run the same query twice in the future. // Update config table so we don't run the same query twice in the future.
$i = (int) $i;
$table = table_by_key('config'); $table = table_by_key('config');
$sql = "UPDATE $table SET value = $i WHERE name = 'version'"; $sql = "UPDATE $table SET value = $i WHERE name = 'version'";
db_query($sql); db_query($sql);
@ -227,10 +234,10 @@ function _do_upgrade($current_version) {
/** /**
* Replaces database specific parts in a query * Replaces database specific parts in a query
* @param String sql query with placeholders * @param string sql query with placeholders
* @param int (optional) whether errors should be ignored (0=false) * @param int (optional) whether errors should be ignored (0=false)
* @param String (optional) MySQL specific code to attach, useful for COMMENT= on CREATE TABLE * @param string (optional) MySQL specific code to attach, useful for COMMENT= on CREATE TABLE
* @return String sql query * @return void
*/ */
function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") { function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
@ -303,7 +310,7 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
'{DATECURRENT}' => 'timestamp with time zone default now()', '{DATECURRENT}' => 'timestamp with time zone default now()',
); );
} else { } else {
echo "Sorry, unsupported database type " . $conf['database_type']; echo "Sorry, unsupported database type " . $CONF['database_type'];
exit; exit;
} }
@ -312,14 +319,15 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
$query = trim(str_replace(array_keys($replace), $replace, $sql)); $query = trim(str_replace(array_keys($replace), $replace, $sql));
if (safeget('debug') != "") { $debug = safeget('debug', '') != '';
if ($debug) {
printdebug($query); printdebug($query);
} }
$result = db_query($query, $ignore_errors); $result = db_query($query, $ignore_errors);
if (safeget('debug') != "") { if ($debug) {
print "<div style='color:#f00'>" . $result['error'] . "</div>"; print "<div style='color:#f00'>" . $result['error'] . "</div>";
} }
return $result;
} }
function _drop_index($table, $index) { function _drop_index($table, $index) {
@ -331,7 +339,7 @@ function _drop_index($table, $index) {
} elseif ($CONF['database_type'] == 'pgsql' || db_sqlite()) { } elseif ($CONF['database_type'] == 'pgsql' || db_sqlite()) {
return "DROP INDEX $index"; # Index names are unique with a DB for PostgreSQL return "DROP INDEX $index"; # Index names are unique with a DB for PostgreSQL
} else { } else {
echo "Sorry, unsupported database type " . $conf['database_type']; echo "Sorry, unsupported database type " . $CONF['database_type'];
exit; exit;
} }
} }
@ -347,7 +355,7 @@ function _add_index($table, $indexname, $fieldlist) {
$pgindexname = $table . "_" . $indexname . '_idx'; $pgindexname = $table . "_" . $indexname . '_idx';
return "CREATE INDEX $pgindexname ON $table($fieldlist);"; # Index names are unique with a DB for PostgreSQL return "CREATE INDEX $pgindexname ON $table($fieldlist);"; # Index names are unique with a DB for PostgreSQL
} else { } else {
echo "Sorry, unsupported database type " . $conf['database_type']; echo "Sorry, unsupported database type " . $CONF['database_type'];
exit; exit;
} }
} }
@ -472,10 +480,10 @@ function upgrade_2_mysql() {
# from TABLE_BACKUP_MX.TXT # from TABLE_BACKUP_MX.TXT
$table_domain = table_by_key('domain'); $table_domain = table_by_key('domain');
if (!_mysql_field_exists($table_domain, 'transport')) { if (!_mysql_field_exists($table_domain, 'transport')) {
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255) AFTER maxquota;", true); db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255) AFTER maxquota;", true);
} }
if (!_mysql_field_exists($table_domain, 'backupmx')) { if (!_mysql_field_exists($table_domain, 'backupmx')) {
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx {BOOLEAN} AFTER transport;", true); db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx {BOOLEAN} AFTER transport;", true);
} }
} }
@ -600,8 +608,8 @@ function upgrade_2_pgsql() {
// this handles anyone who is upgrading... (and should have no impact on new installees) // this handles anyone who is upgrading... (and should have no impact on new installees)
$table_domain = table_by_key('domain'); $table_domain = table_by_key('domain');
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255)", true); db_query_parsed("ALTER TABLE $table_domain ADD COLUMN transport VARCHAR(255)", true);
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx BOOLEAN DEFAULT false", true); db_query_parsed("ALTER TABLE $table_domain ADD COLUMN backupmx BOOLEAN DEFAULT false", true);
} }
function upgrade_3_mysql() { function upgrade_3_mysql() {
@ -680,7 +688,7 @@ function upgrade_3_mysql() {
function upgrade_4_mysql() { # MySQL only function upgrade_4_mysql() { # MySQL only
# changes between 2.1 and moving to sourceforge # changes between 2.1 and moving to sourceforge
$table_domain = table_by_key('domain'); $table_domain = table_by_key('domain');
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int(10) NOT NULL default '0' AFTER maxquota", true); db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int(10) NOT NULL default '0' AFTER maxquota", true);
# Possible errors that can be ignored: # Possible errors that can be ignored:
# - Invalid query: Table 'postfix.domain' doesn't exist # - Invalid query: Table 'postfix.domain' doesn't exist
} }
@ -699,25 +707,25 @@ function upgrade_4_pgsql() {
$table_vacation_notification = table_by_key('vacation_notification'); $table_vacation_notification = table_by_key('vacation_notification');
if (!_pgsql_field_exists($table_domain, 'quota')) { if (!_pgsql_field_exists($table_domain, 'quota')) {
$result = db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int NOT NULL default '0'"); db_query_parsed("ALTER TABLE $table_domain ADD COLUMN quota int NOT NULL default '0'");
} }
$result = db_query_parsed("ALTER TABLE $table_domain ALTER COLUMN domain DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_domain ALTER COLUMN domain DROP DEFAULT");
if (!_pgsql_object_exists('domain_domain_active')) { if (!_pgsql_object_exists('domain_domain_active')) {
$result = db_query_parsed("CREATE INDEX domain_domain_active ON $table_domain(domain,active)"); db_query_parsed("CREATE INDEX domain_domain_active ON $table_domain(domain,active)");
} }
$result = db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN address DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN address DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN domain DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_alias ALTER COLUMN domain DROP DEFAULT");
if (!_pgsql_object_exists('alias_address_active')) { if (!_pgsql_object_exists('alias_address_active')) {
$result = db_query_parsed("CREATE INDEX alias_address_active ON $table_alias(address,active)"); db_query_parsed("CREATE INDEX alias_address_active ON $table_alias(address,active)");
} }
$result = db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN username DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN username DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_domain_admins ALTER COLUMN domain DROP DEFAULT");
$result = db_query_parsed(" db_query_parsed("
BEGIN; BEGIN;
ALTER TABLE $table_log RENAME COLUMN data TO data_old; ALTER TABLE $table_log RENAME COLUMN data TO data_old;
ALTER TABLE $table_log ADD COLUMN data text NOT NULL default ''; ALTER TABLE $table_log ADD COLUMN data text NOT NULL default '';
@ -725,10 +733,10 @@ function upgrade_4_pgsql() {
ALTER TABLE $table_log DROP COLUMN data_old; ALTER TABLE $table_log DROP COLUMN data_old;
COMMIT;"); COMMIT;");
$result = db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN username DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN username DROP DEFAULT");
$result = db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN domain DROP DEFAULT"); db_query_parsed("ALTER TABLE $table_mailbox ALTER COLUMN domain DROP DEFAULT");
$result = db_query_parsed( db_query_parsed(
" "
BEGIN; BEGIN;
ALTER TABLE $table_mailbox RENAME COLUMN domain TO domain_old; ALTER TABLE $table_mailbox RENAME COLUMN domain TO domain_old;
@ -742,12 +750,12 @@ function upgrade_4_pgsql() {
} }
$result = db_query_parsed("ALTER TABLE $table_vacation ALTER COLUMN body SET DEFAULT ''"); db_query_parsed("ALTER TABLE $table_vacation ALTER COLUMN body SET DEFAULT ''");
if (_pgsql_field_exists($table_vacation, 'cache')) { if (_pgsql_field_exists($table_vacation, 'cache')) {
$result = db_query_parsed("ALTER TABLE $table_vacation DROP COLUMN cache"); db_query_parsed("ALTER TABLE $table_vacation DROP COLUMN cache");
} }
$result = db_query_parsed(" db_query_parsed("
BEGIN; BEGIN;
ALTER TABLE $table_vacation RENAME COLUMN domain to domain_old; ALTER TABLE $table_vacation RENAME COLUMN domain to domain_old;
ALTER TABLE $table_vacation ADD COLUMN domain varchar(255) REFERENCES $table_domain; ALTER TABLE $table_vacation ADD COLUMN domain varchar(255) REFERENCES $table_domain;
@ -757,11 +765,11 @@ function upgrade_4_pgsql() {
"); ");
if (!_pgsql_object_exists('vacation_email_active')) { if (!_pgsql_object_exists('vacation_email_active')) {
$result = db_query_parsed("CREATE INDEX vacation_email_active ON $table_vacation(email,active)"); db_query_parsed("CREATE INDEX vacation_email_active ON $table_vacation(email,active)");
} }
if (!_pgsql_object_exists($table_vacation_notification)) { if (!_pgsql_object_exists($table_vacation_notification)) {
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE $table_vacation_notification ( CREATE TABLE $table_vacation_notification (
on_vacation character varying(255) NOT NULL REFERENCES $table_vacation(email) ON DELETE CASCADE, on_vacation character varying(255) NOT NULL REFERENCES $table_vacation(email) ON DELETE CASCADE,
notified character varying(255) NOT NULL, notified character varying(255) NOT NULL,
@ -785,7 +793,7 @@ function upgrade_4_pgsql() {
* - removed creation of default superadmin * - removed creation of default superadmin
*/ */
function upgrade_5_mysql() { function upgrade_5_mysql() {
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('admin') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('admin') . " (
`username` varchar(255) NOT NULL default '', `username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '',
@ -796,7 +804,7 @@ function upgrade_5_mysql() {
KEY username (`username`) KEY username (`username`)
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Admins'; "); ) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Admins'; ");
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('alias') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('alias') . " (
`address` varchar(255) NOT NULL default '', `address` varchar(255) NOT NULL default '',
`goto` text NOT NULL, `goto` text NOT NULL,
@ -809,7 +817,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Aliases'; ) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Aliases';
"); ");
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('domain') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('domain') . " (
`domain` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '',
`description` varchar(255) NOT NULL default '', `description` varchar(255) NOT NULL default '',
@ -827,7 +835,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Domains'; ) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Domains';
"); ");
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('domain_admins') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('domain_admins') . " (
`username` varchar(255) NOT NULL default '', `username` varchar(255) NOT NULL default '',
`domain` varchar(255) NOT NULL default '', `domain` varchar(255) NOT NULL default '',
@ -837,7 +845,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Domain Admins'; ) DEFAULT {LATIN1} COMMENT='Postfix Admin - Domain Admins';
"); ");
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('log') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('log') . " (
`timestamp` {DATETIME}, `timestamp` {DATETIME},
`username` varchar(255) NOT NULL default '', `username` varchar(255) NOT NULL default '',
@ -848,7 +856,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Log'; ) DEFAULT {LATIN1} COMMENT='Postfix Admin - Log';
"); ");
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('mailbox') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('mailbox') . " (
`username` varchar(255) NOT NULL default '', `username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '',
@ -864,7 +872,7 @@ function upgrade_5_mysql() {
) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Mailboxes'; ) DEFAULT {LATIN1} COMMENT='Postfix Admin - Virtual Mailboxes';
"); ");
$result = db_query_parsed(" db_query_parsed("
CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('vacation') . " ( CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('vacation') . " (
`email` varchar(255) NOT NULL , `email` varchar(255) NOT NULL ,
`subject` varchar(255) NOT NULL, `subject` varchar(255) NOT NULL,
@ -883,10 +891,10 @@ function upgrade_5_mysql() {
* drop useless indicies (already available as primary key) * drop useless indicies (already available as primary key)
*/ */
function upgrade_79_mysql() { # MySQL only function upgrade_79_mysql() { # MySQL only
$result = db_query_parsed(_drop_index('admin', 'username'), true); db_query_parsed(_drop_index('admin', 'username'), true);
$result = db_query_parsed(_drop_index('alias', 'address'), true); db_query_parsed(_drop_index('alias', 'address'), true);
$result = db_query_parsed(_drop_index('domain', 'domain'), true); db_query_parsed(_drop_index('domain', 'domain'), true);
$result = db_query_parsed(_drop_index('mailbox', 'username'), true); db_query_parsed(_drop_index('mailbox', 'username'), true);
} }
function upgrade_81_mysql() { # MySQL only function upgrade_81_mysql() { # MySQL only
@ -905,7 +913,7 @@ function upgrade_81_mysql() { # MySQL only
")); "));
foreach ($all_sql as $sql) { foreach ($all_sql as $sql) {
$result = db_query_parsed($sql, true); db_query_parsed($sql, true);
} }
} }
@ -913,9 +921,9 @@ function upgrade_81_mysql() { # MySQL only
* Make logging translatable - i.e. create alias => create_alias * Make logging translatable - i.e. create alias => create_alias
*/ */
function upgrade_90_mysql_pgsql() { function upgrade_90_mysql_pgsql() {
$result = db_query_parsed("UPDATE " . table_by_key('log') . " SET action = REPLACE(action,' ','_')", true); db_query_parsed("UPDATE " . table_by_key('log') . " SET action = REPLACE(action,' ','_')", true);
# change edit_alias_state to edit_alias_active # change edit_alias_state to edit_alias_active
$result = db_query_parsed("UPDATE " . table_by_key('log') . " SET action = 'edit_alias_state' WHERE action = 'edit_alias_active'", true); db_query_parsed("UPDATE " . table_by_key('log') . " SET action = 'edit_alias_state' WHERE action = 'edit_alias_active'", true);
} }
/** /**
@ -924,9 +932,9 @@ function upgrade_90_mysql_pgsql() {
function upgrade_169_mysql() { function upgrade_169_mysql() {
$table_domain = table_by_key('domain'); $table_domain = table_by_key('domain');
$table_mailbox = table_by_key('mailbox'); $table_mailbox = table_by_key('mailbox');
$result = db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true); db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true);
$result = db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `maxquota` bigint(20) NOT NULL default '0'", true); db_query_parsed("ALTER TABLE $table_domain MODIFY COLUMN `maxquota` bigint(20) NOT NULL default '0'", true);
$result = db_query_parsed("ALTER TABLE $table_mailbox MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true); db_query_parsed("ALTER TABLE $table_mailbox MODIFY COLUMN `quota` bigint(20) NOT NULL default '0'", true);
} }
@ -963,7 +971,7 @@ function upgrade_318_mysql() {
# (not a great loss) and re-create it using this function. # (not a great loss) and re-create it using this function.
foreach ($all_sql as $sql) { foreach ($all_sql as $sql) {
$result = db_query_parsed($sql); db_query_parsed($sql);
} }
} }
@ -1090,7 +1098,7 @@ function upgrade_373_mysql() { # MySQL only
")); "));
foreach ($all_sql as $sql) { foreach ($all_sql as $sql) {
$result = db_query_parsed($sql); db_query_parsed($sql);
} }
} }
@ -1162,7 +1170,7 @@ function upgrade_473_mysql() {
")); "));
foreach ($all_sql as $sql) { foreach ($all_sql as $sql) {
$result = db_query_parsed($sql); db_query_parsed($sql);
} }
} }
@ -1408,6 +1416,10 @@ function upgrade_1284_mysql_pgsql() {
if ($result['rows'] > 0) { if ($result['rows'] > 0) {
while ($row = db_assoc($result['result'])) { while ($row = db_assoc($result['result'])) {
if(!is_array($row)) {
break;
}
printdebug("Setting superadmin flag for " . $row['username']); printdebug("Setting superadmin flag for " . $row['username']);
db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true))); db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
} }
@ -1676,7 +1688,7 @@ function upgrade_1836_mysql() {
")); "));
foreach ($all_sql as $sql) { foreach ($all_sql as $sql) {
$result = db_query_parsed($sql, true); db_query_parsed($sql, true);
} }
} }

@ -58,6 +58,11 @@ function sendCodebySMS($to, $username, $code) {
if ($_SERVER['REQUEST_METHOD'] === "POST") { if ($_SERVER['REQUEST_METHOD'] === "POST") {
$start_time = microtime(true); $start_time = microtime(true);
$tUsername = escape_string(safepost('fUsername')); $tUsername = escape_string(safepost('fUsername'));
if(empty($tUsername) || !is_string($tUsername)) {
die("fUsername field required");
}
$handler = $context === 'admin' ? new AdminHandler : new MailboxHandler; $handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;
$token = $handler->getPasswordRecoveryCode($tUsername); $token = $handler->getPasswordRecoveryCode($tUsername);
if ($token !== false) { if ($token !== false) {
@ -65,8 +70,8 @@ if ($_SERVER['REQUEST_METHOD'] === "POST") {
$result = db_query("SELECT * FROM $table WHERE username='$tUsername'"); $result = db_query("SELECT * FROM $table WHERE username='$tUsername'");
$row = db_assoc($result['result']); $row = db_assoc($result['result']);
$email_other = trim($row['email_other']); $email_other = isset($row['email_other']) ? trim($row['email_other']) : null;
$phone = trim($row['phone']); $phone = isset($row['phone']) ? trim($row['phone']) : null;
if ($email_other) { if ($email_other) {
sendCodeByEmail($email_other, $tUsername, $token); sendCodeByEmail($email_other, $tUsername, $token);

@ -55,7 +55,6 @@ if (! (check_owner($SESSID_USERNAME, $fDomain) || authentication_has_role('globa
flash_error($PALANG['pViewlog_result_error']); flash_error($PALANG['pViewlog_result_error']);
} }
// we need to initialize $tLog as an array!
$tLog = array(); $tLog = array();
if ($error != 1) { if ($error != 1) {
@ -66,19 +65,22 @@ if ($error != 1) {
if (db_pgsql()) { if (db_pgsql()) {
$query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain='$fDomain' ORDER BY timestamp DESC LIMIT $page_size"; $query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain='$fDomain' ORDER BY timestamp DESC LIMIT $page_size";
} }
$result=db_query($query); $result = db_query($query);
if ($result['rows'] > 0) { if ($result['rows'] > 0) {
while ($row = db_assoc($result['result'])) { while ($row = db_assoc($result['result'])) {
if (db_pgsql()) { if (is_array($row) && db_pgsql()) {
$row['timestamp']=gmstrftime('%c %Z', $row['timestamp']); $row['timestamp'] = gmstrftime('%c %Z', $row['timestamp']);
} }
$tLog[] = $row; $tLog[] = $row;
} }
} }
} }
for ($i = 0; $i < count($tLog); $i++) { foreach($tLog as $k => $v) {
$tLog[$i]['action'] = $PALANG ['pViewlog_action_'.$tLog [$i]['action']]; if(isset($v['action'])) {
$v['action'] = $PALANG['pViewlog_action_' . $v['action']];
$tLog[$k] = $v;
}
} }
$smarty->assign('domain_list', $list_domains); $smarty->assign('domain_list', $list_domains);

@ -162,7 +162,7 @@ class AliasProxy {
$ah = new AliasHandler(); $ah = new AliasHandler();
$ah->init($_SESSION['sessid']['username']); $ah->init($_SESSION['sessid']['username']);
$values['goto'] = $addresses; $values = ['goto' => $addresses];
if ($flags == 'forward_and_store') { if ($flags == 'forward_and_store') {
$values['goto_mailbox'] = 1; $values['goto_mailbox'] = 1;

@ -1,5 +1,9 @@
<?php if( !defined('POSTFIXADMIN') ) die( "This file cannot be used standalone." ); ?>
<?php <?php
if( !defined('POSTFIXADMIN') ) die( "This file cannot be used standalone." );
if( !isset($CONF) || !is_array($CONF) ) {
die("Configuration not loaded. Check " . __FILE__);
}
@header ("Expires: Sun, 16 Mar 2003 05:00:00 GMT"); @header ("Expires: Sun, 16 Mar 2003 05:00:00 GMT");
@header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT"); @header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
@header ("Cache-Control: no-store, no-cache, must-revalidate"); @header ("Cache-Control: no-store, no-cache, must-revalidate");

Loading…
Cancel
Save