Commit Graph

29 Commits (7bb36d0bbc8fb37377924f902cf038505e82e807)

Author SHA1 Message Date
Christian Boltz 52a7df2b3a Add CSRF protection for POST requests
Add the CSRF token to all forms, and validate it when those forms are
submitted.

https://sourceforge.net/p/postfixadmin/bugs/372/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1842 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 0bba68e1bc edit.php:
- for not-set bool values, set $values instead of the (wrong) $inp_values


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1760 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 56b3f11d35 edit.php:
Newer PHP versions (noticed with 5.6.6) don't include empty fields in
$_POST, which means changing a field to empty was broken.

Change edit.php to make sure all !isset() fields are set to ''.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1759 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 1edc38a798 edit.php:
- add user (non-admin) mode


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1717 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz a22fe1c4be edit.php:
- check for $new instead of $edit == '' / != '' to make the code
  easier to understand


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1677 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz ad64560a43 edit.php:
- if the id_field is not displayed in form and not editable,
  it's probably an auto_increment. Set it to '' in this case.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1633 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 4bbc223804 edit.php:
- if values[$key] is not set, use the field's default value for smarty->assign
  (also avoids an "undefined" warning with read-only fields)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1631 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz bf170f043b edit.php:
- add error message if $handler->init() fails without error message
  (indicates a bug in $handler->init())


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1630 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 0cf9d7e53c templates/editform.tpl:
- change all field names to "value[$key]" instead of just "$key"
  to keep the main "namespace" clean

edit.php:
- adjust POST handling code to changed form field names ("value[$key]")



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1629 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz bafd2f1f58 edit.php:
- use prefill values from $_SESSION (if not provided in GET/POST)
- remember prefill values for next usage of the form

list-virtual.php
- set prefill values for edit.php

PFAHandler.php:
- let prefill() store the value in $struct if no prefill_$field()
  function exists

This fixes the remaining parts of
http://sourceforge.net/p/postfixadmin/bugs/298/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1594 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz e079e85461 editactive.php:
- new, small script to change the 'active' status
- also include CSRF protection token

edit.php:
- remove handling of 'active' to make it more readable

*list*.tpl:
- change links to use editactive.php, add CSRF token

configs/menu.conf
- add url_editactive


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1566 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 6e2e132bac remove "postfixadmin.com" in comments in lots of files
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1558 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz ff5dbe0099 edit.php:
- fix "undefined index hardcoded_edit" message
  (only set in AdminpasswordHandler)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1537 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 4d9a338eb2 After hunting an "undefined index transport" error in list-domain, I
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class. 

This caused a conflict because we have $CONF[transport] and 
$PALANG[transport], and Config::read('transport') returned the $PALANG 
text.

To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.


model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the 
  "too static" problem again.
- bool(): display and log an error message if a $CONF option does not
  contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects

model/Lang.php:
- deleted

common.php:
- store $PALANG as $CONF[__LANG]

lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
  and Config::lang_f()




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz bb7a3ff04d model/*Handler.php and various other files
- rename $this->return to $this->result


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1534 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz a2e2a832e3 edit.php:
- handle hardcoded values for 'edit' parameter
  (needed for handling "change password")


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1489 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz b197e148b3 edit.php:
- refresh $form_fields after ->set(). This fixes a wrong "allowed quota"
  if creating a mailbox ends up with an error message because of invalid
  values.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1468 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 227eca6faf PFAHandler.php:
- introduce public array $infomsg[] (for success messages)
- store(): write successmessage to $this->infomsg[]

edit.php:
- display $handler->infomsg instead of hardcoded success message

AdminHandler.php, AliasHandler.php, AliasdomainHandler.php,
DomainHandler.php, MailboxHandler.php:
- move successmsg from webformConfig() to initMsg()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1428 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 268dd5372d edit.php:
- add comment about prefill GET parameters


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1427 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 5a8ee27af3 displaying the available quota on $new is harder than it looks...
edit.php:
- call $handler->prefill for all prefill fields
- refresh $form_fields after handling prefill fields

model/PFAHandler.php:
- add prefill() to handle prefill fields. If $this->_prefill_$field()
  exists, it will be called

model/MailboxHandler.php:
- init(): error out early if parent::init fails (no need to check the
  available quota if $this->id is invalid ;-)
- move updating the allowed quota to updateMaxquota()
- update the available quota based on the prefill domain. If no prefill
  domain is given, default to the first domain.
- new method _prefill_domain()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1426 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz a46bcc955c edit.php:
- prefill all $formconf['prefill'] fields from URL parameters (typically
  used for the domain)

model/AliasdomainHandler.php:
- allow to prefill alias_domain and target_domain from URL parameters
 
model/AliasHandler.php:
- allow to prefill domain from URL parameters
- some whitespace changes
- add storemore() with a TODO note

model/MailboxHandler.php:
- allow to prefill domain from URL parameters
- some whitespace changes
- add some TODO notes



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1422 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz ebc3536a2e edit.php:
- hand over $handler->errormsg to flash_error() as array (avoids 
  various foreach or join calls)
- drop variable $mode, instead set smarty $mode directly based on $new
- comment updates


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1379 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz e4d5d4574e VacationHandler:
- use new *Handler syntax to add/remove vacation alias
  (implemented as function updateAlias() to avoid code duplication)

AliasHandler:
- setmore(): only use $oldvalues if no new on_vacation value is given
- setmore(): fix "undefined index" warning

edit.php:
- only set $values if a field is editable and displayed in the form
- do not set default values in $values
  (without those changes, the vacation alias was always removed when
  editing an alias)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1356 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 9b2da37d84 AliasHandler:
- setmore(): keep/(re-)add vacation and mailbox alias to goto
- hide 'goto_mailbox' if the alias does not belong to a mailbox
  (done in initStruct for $new, otherwise in init())

edit.php:
- set $form_fields and $id_field later (after $hander->init()) - needed
  for AliasHandler to decide if goto_mailbox should be displayed

With this commit, AliasHandler is feature-complete for usage with 
edit.php. We even get a "deliver to local mailbox" checkbox :-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1348 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz d39a802d00 AliasHandler now works with edit.php in many cases
(TODO: catchall handling, mailbox and vacation aliases)

AliasHandler.php
- drop unused $username
- set $domain_field
- initStruct():
  - use correct labels
  - set 'domain' field options to allowed domains
  - add (virtual) 'localpart' field
  - add comments for more virtual fields
- add webformConfig() (note: modifies $struct on $new - otherwise we 
  couldn't use the domain dropdown in the web interface)
- add mergeId to merge localpart and domain to address (called by 
  edit.php _before_ ->init)
- add validate_new_id() (doesn't work for catchall yet)
- add setmore() to 
  - fill 'domain' based on 'address'
  - convert $values[goto] from array to comma-separated string
- add read_from_db_postprocess to split goto to an array
  (TODO: handling of mailbox and vacation aliases)
- add _field_goto() validator
- add empty, commented dummy delete() that will replace the "old" 
  delete function one day
- make hasAliasRecord() private (only used internally)
- mark all "old" functions as obsolete

edit.php:
- add handling of txtl field (convert textarea to array)
- call $handler->mergeId if $id_field is editable, but not displayed 
  in form (usecase: merge localpart + domain to address)

editform.tpl:
- add handling of txtl fields (textarea, filled by array)

PFAHandler.php:
- add setmore() hook function - runs at the end of set()

AdminHandler.php:
- add a comment for 'txtl' (array of one line texts, like alias goto)




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1311 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 2beac12971 edit.php:
- implement switching active status using *Handler
  (uses additional 'active' url parameter, which must be 0 or 1)
- document GET parameters


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1305 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 24d9d695ad edit.php:
- whitespace fixes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1279 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 7ed5f7e471 Several changes to make edit.php a generic edit form
edit.php:
- use ?table= parameter to decide what will be edited
- generate (and validate) Handler classname based on ?table=
- read handler-specific configuration from $handler->webformConfig()
  and use it at various places
- add option to run $handler->init() early. Useful for $new in case
  of AliasdomainHandler which might fail if all domains are already
  aliased.
- always redirect to edit.php?table=$table after adding an item to
  ensure correct initialization for next item

templates/editform.tpl:
- add hidden field "table"


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1274 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 0730cdfc6f copy edit-domain.php to edit.php (exact copy, no changes)
edit.php will be used as generic edit page for everything
(admins, domains, mailboxes, aliases, ...)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1272 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago