Commit Graph

215 Commits (96a89889a2ce28e90dd6afe30d4e1789b6853494)

Author SHA1 Message Date
Christian Boltz 129a65b8c5 functions.inc.php:
- gen_show_status(): escape mail addresses in query.
  Fixes https://sourceforge.net/p/postfixadmin/bugs/356/
  (mostly - the edit/delete/... links in list-virtual are double-escaped)
  In theory this could allow SQL injection, in practise the mail address
  regex limits this issue to a DOS (creating a mail address with ' caused
  an invalid query that broke list-virtual)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 9636fe9de3 3.0 beta3 (= 2.93) release - update $version and changelog
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1799 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 5307cfe48a functions.inc.php check_domain():
Measure time needed for the nameserver queries, and error_log a warning
if the queries need more than 2 seconds in total.

Inspired by a question from t-ask on IRC, who suffered from a slow
nameserver and had some "fun" to debug it ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1790 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3a72203de4 AliasHandler:
- initStruct(): replace (wrong) 'editable' with '_can_edit' and '_can_delete'
- read_from_db_postprocess(): disable _can_edit and _can_delete for
  default aliases if special_alias_control is off and not superadmin

list.tpl:
- use $item._can_edit instead of $check_alias_owner

list-virtual.php:
- drop $check_alias_owner variable and check_alias_owner() call
  (replaced by the code added in AliasHandler)
- drop unused $sql_domain

functions.inc.php:
- delete no longer used check_alias_owner() function



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1774 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc598d0f3f PFAHandler:
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 5605561ca8 functions.inc.php:
- better formatting in db_quota_text() and db_quota_percent() results
  (for example, infinity sign instead of / 0 for unlimited)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1744 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 13f1a28b6e PFAHandler:
- read_from_db(), getList(): 
  - add $searchmode parameter (_before_ $limit and $offset!) to be able to 
    use query different query modes, not only "="
  - add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
  to avoid information leaks by using search parameters
  (filter is only applied if $condition is an array!)

functions.inc.php: 
- db_where_clause():
  - add $additional_raw_where parameter for additional query parameters
  - add $searchmode parameter to be able to use query different
    query modes, not only "=" (see $allowed_operators)
  - check for allowed operators in $searchmode
  - split query into WHERE and HAVING (if a parameter has
    $struct[select] set, HAVING is used)

list-virtual.php:
- adopt getList() call to the new syntax

AliasHandler:
- adopt getList() definition and call to the new syntax

 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 786a7d665e functions.inc.php:
- pacol():
  - add $linkto parameter (if list mode should link to something)
  - replace $not_in_db with $multiopt - the remaining parameters can
    now be specified as associated array (backwards-compatible)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1719 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 9093a946b4 functions.inc.php:
- add functions db_quota_text() and db_quota_percent() to generate
  queries for used quota ("x/y" and percentage)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1712 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz e8b0198512 2.92 (aka 3.0 beta2) release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1706 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz d3964f600e functions.inc.php
- db_get_boolean: error_log invalid values


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1672 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 0b116c1605 version 2.91 aka 3.0 beta1
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1670 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 8e04104b20 functions.inc.php:
- db_log():
  - replace $action_list with $LANG["pViewlog_action_$action"]
  - drop unused $table_log variable


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1658 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
David Goodwin b3074644ff alias can contain a ' - as in email.o'connor - need to therefore escape this...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1639 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz e7fe6e16ef functions.inc.php:
- check_domains(): raise TLD limit to 13 chars - even if I seriously
  doubt someone wants to use such a long TLD ;-)
  ( https://sourceforge.net/p/postfixadmin/bugs/310/ again)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1637 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 9bcc57cd88 functions.inc.php
- check_domain(): update regex for new, longer TLDs like .photography
  https://sourceforge.net/p/postfixadmin/bugs/310/
 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1635 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 252ae047d5 various files:
- get rid of global $table_* variables, use table_by_key() instead



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1601 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 57f4ad0b75 functions.inc.php pacrypt():
- for 'system' encryption, use full hashed password as salt 
  https://sourceforge.net/p/postfixadmin/bugs/2/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1595 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 1a35cccf5e list-virtual.php:
- remember domain and page browser offset in $_SESSION
  (fixes 50% of http://sourceforge.net/p/postfixadmin/bugs/298/ )
- various cleanups

functions.inc.php:
- add safesession() (like safeget(), but for $_SESSION)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1593 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz c349420210 functions.inc.php
- db_query(): do not print out the failed query, error_log() it instead
  to avoid information leaks.
- update SF forum URL


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1592 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 20d1ffcafc functions.inc.php:
- new function db_pgsql() to replace lots of
  "if ($CONF[database_type] == 'pgsql')) checks
- delete unused function boolconf()

several files:
- use db_pgsql() instead of checking $CONF[database_type]



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1582 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 2bf5df92ea functions.inc.php, DomainHandler, MailboxHandler:
- move mailbox_postdeletion() to MailboxHandler
- move domain_postcreation() and domain_postdeletion() to
  DomainHandler
- adopt those functions for usage inside the *Handler (replace
  print with $this->errormsg etc.)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1579 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 6e2e132bac remove "postfixadmin.com" in comments in lots of files
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1558 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz d900835997 functions.inc.php:
- pacrypt(): fix dovecot:* to work with "old" passwords that don't have 
  the {method} prefix


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1554 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz b137e774f6 functions.inc.php:
- check_language(): remove things like ";q=0.8" before checking if 
  a language exists


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1547 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 4d9a338eb2 After hunting an "undefined index transport" error in list-domain, I
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class. 

This caused a conflict because we have $CONF[transport] and 
$PALANG[transport], and Config::read('transport') returned the $PALANG 
text.

To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.


model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the 
  "too static" problem again.
- bool(): display and log an error message if a $CONF option does not
  contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects

model/Lang.php:
- deleted

common.php:
- store $PALANG as $CONF[__LANG]

lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
  and Config::lang_f()




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz f2c2b554ac model/PFAHandler.php:
- getList: change return value to be always true (even if the database 
  result is an empty array), and die() if the database result is not an 
  array.
  This avoids some if blocks in various files to implement a fallback
  to array() on empty results.

functions.inc.php:
- list_admins(): simplify after the *Handler->getList() change
- get_domain_properties(): change a forgotten $handler->return to 
  $handler->result() (follow-up for r1534)

list-domain, list-virtual.php:
- simplify after the *Handler->getList() change



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1535 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 43f2591d93 functions.inc.php:
- smtp_get_admin_email(), domain_postcreation(), domain_postdeletion(): 
  use Config::read instead of $CONF
- smtp_get_response(): whitespace fixes



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1532 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz f444de402b functions.inc.php:
- pacrypt(), dovecot:* method:
  - allow "." in dovecot method (to allow a suffix like ".b64")
  - blacklist SCRAM-SHA-1 (needs -u)
  - check against list of non-salted methods to be backward compatible
    with dovecot < 2.1 again
  Thanks to Szilagyi Jozsef <szjozsef AT yahoo DOT com> for providing
  the list of non-salted methods etc.

functions.inc.php, scripts/postfixadmin-cli.php:
- drop unused global variables $table_admin and $table_alias_domain



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1529 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 5d4240ce52 functions.inc.php:
- pacrypt: digest-md5 hashes include the username - until someone 
  implements it, let's declare it as unsupported and error out


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1525 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 0d6f9ff99f functions.inc.php:
- pacrypt(): some small changes after Szilagyi Jozsef's patch:
  - comment out unused $crypt_method
  - change $dovecotpw default to "doveadm pw" (unrelated to the patch)
  - set $dovepasstest to "-t $pw_db" instead of having two similar
    command lines, and also shellescapearg() $pw_db
  - use "if (empty($dovepasstest))" instead of "if (empty($pw_db))"



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1524 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 161d387485 - pacrypt(): add support for dovecot *-CRYPT passwords
doveadmin pw now has an option "-t $hash" which allows to verify 
  salted passwords (added in dovecot 2.1 AFAIK)
  Also, the {METHOD} part is no longer removed.

  Patch by Szilagyi Jozsef <szjozsef [at] yahoo.com> - thanks!

  (The schemes which requires also the username -u option is still not supported)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1523 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz c2ccffb76c functions.inc.php:
- mailbox_postdeletion(): use Config::read instead of global $CONF


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1522 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 73a793433e moved the following functions from functions.inc.php to MailboxHandler.php:
- check_quota ()
- allowed_quota()
- mailbox_postcreation()
- mailbox_postedit()
- create_mailbox_subfolders()

The code was moved without any changes, except
- added leading whitespace
- removed "TODO: move to MailboxHandler" ;-)


MailboxHandler:
- change function calls for moved functions


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1515 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz ecc84a1486 functions.inc.php:
check_quota()
  mailbox_postcreation()
  mailbox_postedit()
  create_mailbox_subfolders()
  - use Config::read() / Config::bool() instead of $CONF
  - update comment header
  - some minor changes to make the code better readable



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1514 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 414c05e678 functions.inc.php:
- db_where_clause(): wrap condition in "(...)"


model/PFAHandler.php:
- read_from_db(): wrap condition in "(...)"


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1493 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz a07b822906 functions.inc.php:
- remove unused functions:
  - authentication_is_admin()
  - authentication_is_user()
  - check_string()
  - admin_exist()
  - domain_exist()
- add various TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1482 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 79403ad709 functions.inc.php:
- delete unused function get_mailbox_properties()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1481 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 2cbbac134f functions.inc.php:
- replace boolconf() calls with Config::bool()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1474 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 71200c1049 functions.inc.php:
- check_email: mention the invalid mail address in errormessage
  (needs text change)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1470 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz b15319c21a functions.inc.php, model/Config.php:
- move boolconf() to Config::bool()
  boolconf() will stay for backwards compability, but new code
  should use Config::bool()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1467 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 66ab8fb290 functions.inc.php:
- db_log(): allow delete_admin action


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1455 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 9c92eef2ff functions.inc.php:
- remove some unused "global $CONF"
- replace some $CONF usage with Config::read() or boolconf()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1453 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 70978e09a4 functions.inc.php:
- check_domain(), check_email(): 
  use Lang::read and Config::read instead of global variables 
  (global variables, at least $PALANG, don't seem to work with CLI)
- boolconf(): 
  - use Config::read instead of global $CONF
  - drop isset() check - doesn't make sense when using Config::read


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1452 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 871bcbbe2f functions.inc.php:
- check_domain(), check_email(): instead of calling flash_error(),
  return string with error message - or empty string if everything is ok

model/AdminHandler.php, model/AliasHandler.php,
model/DomainHandler.php, model/MailboxHandler.php,
sendmail.php, users/edit-alias.php:
- adopt to changed check_domain() and check_email() return value


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1451 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 68390b0201 functions.inc.php
- allowed_quota: if $CONF[quota] == NO, just return 0 (unlimited)

list-virtual.php:
- only eval_size($limit['maxquota']) if $CONF[quota] == YES
  ($limit['maxquota'] is not set if $CONF[quota] == NO)

Both issues (which caused PHP warnings) were found by TigerP on IRC


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1445 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 74deef8221 functions.inc.php:
- validate_password(): use Config::read and Lang::read instead of 
  $CONF and $PALANG


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1439 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz b4823b9e04 Finally replace create-mailbox.php with edit.php?table=mailbox :-)
configs/menu.conf:
- change url_create_mailbox to edit.php?table=mailbox

templates/list-virtual.tpl:
- replace hardcoded create-mailbox.php with {#url_create_mailbox#}

functions.inc.php:
- delete functions that are now part of MailboxHandler:
  - check_mailbox()
  - multiply_quota()
- add some TODO notes

config.inc.php:
- rewrite a comment that referenced create-mailbox.php

create-mailbox.php:
- delete - no longer needed


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1433 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 8d2e570c03 functions.inc.php:
- _flash_string(): move return outside the foreach so that multiple
  messages can be displayed


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1430 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 7a7403aa76 functions.inc.php:
- check_quota(): first check if enforcing quotas is disabled via $CONF[quota]


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1413 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago