Commit Graph

8 Commits (1fc6f3b03e164c7b3314d06408334b5b233dd478)

Author SHA1 Message Date
Christian Boltz 52a7df2b3a Add CSRF protection for POST requests
Add the CSRF token to all forms, and validate it when those forms are
submitted.

https://sourceforge.net/p/postfixadmin/bugs/372/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1842 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 8c139c95d6 vacation:
restrict reply type to a list of options ($CONF[vacation_choice_of_reply]),
remove input field for custom interval


config.inc.php:
- change $CONF['vacation_choice_of_reply'] to [seconds] => [$PALANG label]
  (note: reply to every mail is commented by default because it can be
  annoying. Admins will have to explicitely add/enable it in their config.)
- remove $CONF[vacation_replytype_default]
- update comment about dovecot:* for $CONF[encrypt]

*.lang:
- add texts for reply types

VacationHandler.php:
- remove reply_type at various places
- set_away(): remove reply_type from list of function parameters

templates/vacation.tpl:
- update reply type dropdown for the changed $CONF['vacation_choice_of_reply']
- remove the input fields for custom reply delay

vacation.php:
- restrict reply type to a list of options ($CONF[vacation_choice_of_reply])
- if vacation is disabled, but old values are stored in the database,
  change the activeFrom and activeUntil date to today to avoid users
  have to scroll through the calendar a lot

xmlrpc.php:
- update set_away() call to match the removed parameter

upgrade.php:
- comment out upgrade_1345_mysql() which created the reply_type and 
  interval_time fields in the vacation table in mysql
- add upgrade_1610() to add the vacation.interval_time field


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1610 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 61c5920c46 *.lang:
- rename $PALANG['pUsersVacation_body'] to $PALANG['message']
- remove duplicate $PALANG['pBroadcast_message']

templates/*:
- use $PALANG['message'] everywhere


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1509 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 2c96ba8827 *.lang:
- rename -$PALANG['pSendmail_subject'] to +$PALANG['subject']
- remove duplicate -$PALANG['pUsersVacation_subject'] and
  -$PALANG['pBroadcast_subject'] = 'Subject';

templates/*:
- use $PALANG['subject']


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1508 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 1d94a89424 templates/vacation.tpl:
- replace $PALANG.pUsersLogin_username with $PALANG.pLogin_username

languages/*.lang:
- remove obsolete pUsersLogin_username
- add translator notes in some languages


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1496 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
David Goodwin ef80736445 Merge jan-kruis's vacation interval reply behaviour - see SF patch 3508083 - https://sourceforge.net/tracker/?func=detail&aid=3508083&group_id=191583&atid=937966 ; Thank you
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1373 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 9bee8d89c1 Merge users/vacation.php and edit-vacation.php into vacation.php
vacation.php
- result of merging edit-vacation.php and users/vacation.php
- vacation.php comes with the svn history of edit-vacation.php
- display "vacation already active" (only) in user mode if vacation is active
  (would be useful in admin mode too, but needs a text change)
- various comment updates
- add username in $PALANG[pVacation_result_removed] and
  $PALANG[pVacation_result_added] using sprintf
- change compared to Jan Kruis' patch:
  - set return url for users to main.php instead of users/main.php
  - set return url for admins after setting $fDomain. Otherwise the return url
    does not contain the domain.
  - removed unused variable $tDomain

users/vacation.php:
- require(../vacation.php)
- remove everything else
- whitespace changes in the license header
- note: this is completely different from Jan Kruis' patch - his intention was
  to remove this file and use ../vacation.php. However, with his way all links
  in the users menu would point to the wrong place/directory

edit-vacation.php:
- deleted

templates/vacation.tpl
- display username only in admin mode

templates/list-virtual_mailbox.tpl
- link changed to merged vacation.php

languages/en.lang
- add username in $PALANG[pVacation_result_removed] and
  $PALANG[pVacation_result_added] as sprintf variable
- (comments added by Jan Kruis' patch are not part of this commit)

languages/nl.lang
- translation updates
- already contains the sprintf variable in $PALANG[pVacation_result_removed]
  and $PALANG[pVacation_result_added]

(updates for other *.lang files follow in another commit)

The following parts of Jan Kruis' patch are not part of this commit:
- rejected:
  - variables.inc.php: don't add $Admin_role and $Return_url
    If we initialize them, it should be done directly in (edit-)vacation.php,
    but the current code always sets them already in all cases.
  - templates/users_main.tpl: do not change url for vacation.php
- postponed:
  - added comments in en.lang about obsolete texts


Most parts of this commit (see exceptions above) were provided as patch 
by Jan Kruis (jan-kruis@SF), see
https://sourceforge.net/tracker/?func=detail&aid=3383236&group_id=191583&atid=937966



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1169 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 1695f1a7b2 Merged edit-vacation.tpl and users_vacation.tpl.
Prepare merging of edit-vacation.php and users/vacation.php

users/vacation.php, edit-vacation.php:
- first step of merging
- renamed some variables to fit vacation.tpl
- some code sorting and cleanup
- replaced JS redirect on cancel with handling in PHP

users_vacation.tpl, edit-vacation.tpl:
- deleted (merged to vacation.tpl)

vacation.tpl:
- new file, result of merging edit-vacation.tpl and users_vacation.tpl
- display mail address to users also (to be discussed)

Thanks to J.Kruis (jan-kruis@SF) for the patch,
https://sourceforge.net/tracker/?func=detail&aid=3383236&group_id=191583&atid=937966


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1163 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago