- require token for CSRF protection, see
https://sourceforge.net/p/postfixadmin/bugs/269/
login.php, users/login.php:
- create token and store it in $_SESSION
templates/*:
- add token to all delete.php links
templates/list-virtual_alias_domain.tpl:
- change delete confirmation dialog to contain "from->target"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1564 a1433add-5e2c-0410-b055-b7f2511e0802
- use *Handler for deletion
(which also means delete.php only has 17 lines of code now - 130 lines
less than before :-)
templates/list-virtual_*.tpl:
- remove now superfluous "domain" parameter in delete.php link
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1563 a1433add-5e2c-0410-b055-b7f2511e0802
delete.php:
- replace various $tMessage=... with flash_error()
- always redirect to the relevant page, even if an error happened
- fix error check in delete admin
- removed HTML formatting (<b>, <span>) from some error messages
- replaced check for pgsql + BEGIN/COMMIT/ROLLBACK with db_begin(),
db_commit() and db_rollback()
- the smarty message.tpl is most probably superfluous
languages/*.lang:
- removed HTML (<span>) from messages used by delete.php
fetchmail.php, scripts/snippets/baseclass.php
- remove superfluous </span>
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1036 a1433add-5e2c-0410-b055-b7f2511e0802
- hand over $search to smarty templates
templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl:
- add search result highlighting
templates/list-virtual_mailbox.tpl:
- add search result highlighting
- move output of "Mailbox" / "Forward only" outside the foreach loop
(was displayed once per mailbox alias target)
css/default.css:
- add style for ".searchresult"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
https://sourceforge.net/tracker/index.php?func=detail&aid=2567466&group_id=191583&atid=937966
because
- it undermines the $CONF[*alias_control*] settings more or less -
mailbox aliases with non-default targets are always shown in
the "Aliases" section - see comment from 2009-05-04 on
https://sourceforge.net/tracker/?func=detail&aid=1902476&group_id=191583&atid=937964
- it introduced some "funny" bugs - a nice example is
http://sourceforge.net/tracker/?func=detail&aid=2786284&group_id=191583&atid=937964
Files / sections affected by the revert:
- list-virtual.php: all numbers (alias count etc.) correct?
(the changes in this file are the largest ones)
- functions.inc.php: SQL queries in get_domain_properties()
- delete.php: the only change since r572 affected code that was inserted
in r572 (and is now deleted again) - nothing should break here
- create-alias.php: had no changes since r572 - therefore nothing should
break here
Exceptions (not reverted):
- edit-alias: this change looks useful (hide mailbox alias target from
admins if they don't have permissions to change it). The actual code
has changed in the meantime, but the functionality stays.
Additionally, reverting this would be very hard or throw useful later
changes away.
BUT: shouldn't the page completely forbid to edit a mailbox alias if
the admin doesn't have permissions for it?
- functions.inc.php: comment for pacrypt() ;-)
- linebreaks in long SQL queries
Please check if everything is still working as expected (especially the domain
list and the virtual list) - I did only some quick tests.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@652 a1433add-5e2c-0410-b055-b7f2511e0802
list-domain.php:
- added several admin/superadmin switches and permission checks
- merged GET and POST code
- Note: still different templates for superadmins (admin_list-domain.tpl)
and admins (overview-get.tpl) because of large layout difference
list-virtual.php:
- added several admin/superadmin switches and permission checks
- added check for admins without any domains (redirects to domain list,
which can handle this situation)
- migrated FIXME from overview.php
-> David, please review the query and remove the FIXME afterwards
overview.php:
- DELETED - no longer needed
overview.tpl:
- RENAMED overview.tpl to list-virtual.tpl
- removed admin/superadmin filename switch
- removed $incpath switch for images
menu.tpl:
- menu for domain admins now has "domain list" and "virtual list"
instead of "overview"
delete.php, edit-active.php, edit-alias.php, edit-mailbox.php, search.php:
- changed redirect to list-virtual.php
overview-get.tpl:
- changed link to list-virtual.php
main.tpl:
- changed overview link to list-domain.php
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@181 a1433add-5e2c-0410-b055-b7f2511e0802
- moved admin-only scripts from admin/ to /
- removed all merged files ("require('../$file')") from admin/
- changed include paths - no more admin/superadmin switching needed
- admin_menu.tpl is also gone
- removed all menu.tpl / admin_menu.tpl switches - no more needed
- admin/index.php still exists and redirects to /
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@168 a1433add-5e2c-0410-b055-b7f2511e0802
- the WHERE fieldname is now hardcoded instead of being a $_GET parameter
This fixes a possible security hole in admin/delete.php (only vulnerabe
when logged in as global-admin)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@166 a1433add-5e2c-0410-b055-b7f2511e0802
Christian Boltz