- html-escape flash_info() / flash_error() messages to fix XSS if the
message contains user-supplied input
(thanks to Filippo Cavallarin for the report)
Note: This will cause ugly output for some german error messages which
contain ü etc., and the warning message in backup.php (with some
HTML tags included) will also look totally ugly.
Nevertheless, that's still better than XSS attacks ;-)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1331 a1433add-5e2c-0410-b055-b7f2511e0802
- deleted, obsoleted by edit.php?table=alias
functions.inc.php:
- drop function check_alias() - it was only used by create-alias.php
(AliasHandler has a similar function create_allowed(), which is a
copy of check_alias() with superfluous {...} removed)
configs/menu.conf
- replace create-alias.php with edit.php?table=alias
- append "?" to url_create_mailbox to avoid temporary change in menu.tpl
(create-mailbox is the only one which still needs ? instead of &)
templates/list-virtual.tpl:
- use {#url_create_alias#} instead of hardcoded create-alias.php
templates/menu.tpl:
- $url_domain: url-escape domain, use & instead of ?
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1317 a1433add-5e2c-0410-b055-b7f2511e0802
(TODO: catchall handling, mailbox and vacation aliases)
AliasHandler.php
- drop unused $username
- set $domain_field
- initStruct():
- use correct labels
- set 'domain' field options to allowed domains
- add (virtual) 'localpart' field
- add comments for more virtual fields
- add webformConfig() (note: modifies $struct on $new - otherwise we
couldn't use the domain dropdown in the web interface)
- add mergeId to merge localpart and domain to address (called by
edit.php _before_ ->init)
- add validate_new_id() (doesn't work for catchall yet)
- add setmore() to
- fill 'domain' based on 'address'
- convert $values[goto] from array to comma-separated string
- add read_from_db_postprocess to split goto to an array
(TODO: handling of mailbox and vacation aliases)
- add _field_goto() validator
- add empty, commented dummy delete() that will replace the "old"
delete function one day
- make hasAliasRecord() private (only used internally)
- mark all "old" functions as obsolete
edit.php:
- add handling of txtl field (convert textarea to array)
- call $handler->mergeId if $id_field is editable, but not displayed
in form (usecase: merge localpart + domain to address)
editform.tpl:
- add handling of txtl fields (textarea, filled by array)
PFAHandler.php:
- add setmore() hook function - runs at the end of set()
AdminHandler.php:
- add a comment for 'txtl' (array of one line texts, like alias goto)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1311 a1433add-5e2c-0410-b055-b7f2511e0802
- use edit.php to switch active status for alias domains
edit-active.php:
- remove now superfluous handling of alias domains
configs/menu.conf:
- remove now superfluous url_edit_active (templates for list-mailbox
and list-alias use hardcoded 'edit-active.php')
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1308 a1433add-5e2c-0410-b055-b7f2511e0802
- use edit.php to switch active status for domains
edit-active-admin.php:
- deleted, obsoleted by using edit.php
configs/menu.conf:
- remove now superfluous url_edit_active_admin
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1307 a1433add-5e2c-0410-b055-b7f2511e0802
- use edit.php to switch active status for domains
- display backupmx and active status as yes/no instead of 1/0
edit-active-domain.php
- deleted, obsoleted by using edit.php
configs/menu.conf
- remove now superfluous url_edit_active_domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1306 a1433add-5e2c-0410-b055-b7f2511e0802
- implement handling of 'list' fields (<select> with multiple choices
allowed)
- also include alternative implementation with checkboxes (commented out)
- change {$value_{$key}} to $value_{$key} for 'enum' to stay in sync
with 'list' ('list' fails with the additional {...} because it converts
the array to the string "Array") (seems to be new behaviour in Smarty
3.1.5 - IIRC 3.0.7 required the additional {...})
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1290 a1433add-5e2c-0410-b055-b7f2511e0802
- use AdminHandler
- move displaying the superadmin flag to the template
templates/adminlistadmin.tpl:
- update to the fieldnames provided by AdminHandler (name->username)
- move displaying the superadmin flag to the template
functions.inc.php:
- delete function get_admin_properties() (was only used by list-admin
and is not needed anymore) -> 48 lines less :-)
- add TODO to list_admins() to use AdminHandler
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1282 a1433add-5e2c-0410-b055-b7f2511e0802
(yes, we get edit mode "for free")
model/AliasdomainHandler.php:
- add webformConfig()
configs/menu.conf:
- change url_create_alias_domain to edit.php?table=aliasdomain
templates/list-virtual_alias_domain.tpl
- change ?target_domain to &target_domain
(TODO: this is currently ignored by edit.php)
- add edit link (TODO: add log action to avoid the error message)
create-alias-domain.php:
- deleted :-)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1275 a1433add-5e2c-0410-b055-b7f2511e0802
edit.php:
- use ?table= parameter to decide what will be edited
- generate (and validate) Handler classname based on ?table=
- read handler-specific configuration from $handler->webformConfig()
and use it at various places
- add option to run $handler->init() early. Useful for $new in case
of AliasdomainHandler which might fail if all domains are already
aliased.
- always redirect to edit.php?table=$table after adding an item to
ensure correct initialization for next item
templates/editform.tpl:
- add hidden field "table"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1274 a1433add-5e2c-0410-b055-b7f2511e0802
- use PALANG.pAdminEdit_domain_active instead of
PALANG.pCreate_alias_domain_active
languages/*.lang
- mark $PALANG['pCreate_alias_domain_active'] as obsolete
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1263 a1433add-5e2c-0410-b055-b7f2511e0802
- move handling of displaying checkboxes to editform.tpl.
This means: One switch block less in create-domain.php
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1262 a1433add-5e2c-0410-b055-b7f2511e0802
- new file
- generic edit form template that uses $struct to render the form
templates/admin_edit-domain.tpl:
- deleted, obsoleted by editform.tpl
create-domain.php
- use new editform.tpl
- use $errormsg array instead of join't $errortext
- store/move errors related to a display_in_form field in $fielderror
(they will be displayed next to the field)
- display remaining error messages (not related to a field) with
flash_error()
- use "value_$key" instead of "t$Key" as smarty variable name for field
values
model/DomainHandler.php
- store error messages in $this->errormsg[$field] (instead of $this->errormsg[])
- fix label for default_aliases
model/PFAHandler.php:
- store error messages in $this->errormsg[$field] (instead of $this->errormsg[])
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1252 a1433add-5e2c-0410-b055-b7f2511e0802
- deleted (obsoleted by create-domain.php)
create-domain.php:
- fixed wrong variable name that broke saving an edited domain
configs/menu.conf, templates/adminlistdomain.tpl
- changed to use create-domain.php?edit= instead of edit-domain?domain=
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1226 a1433add-5e2c-0410-b055-b7f2511e0802
create-domain.php:
- add edit mode (use ?edit=example.com)
- use $id_field instead of hardcoded 'domain'
- redirect to list-domain after saving in edit mode
- rename some variables
edit-domain.php:
- rename some smarty variables
templates/admin_edit-domain.tpl:
- rename some smarty variables
- add two hidden fields "edit" and "domain", both contain $tDomain
(only in edit mode)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1225 a1433add-5e2c-0410-b055-b7f2511e0802
- assign $values to smarty in a foreach loop
edit-domain.php, templates/admin_edit-domain.tpl:
- rename some smarty variables to match column name
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1221 a1433add-5e2c-0410-b055-b7f2511e0802
create-domain.php
- replace old $form_fields with $handler->getStruct()
- rewrite handling POST data to make it easier to understand
- move reading POST input to the section handling POST
- remove condition on POST (we are in the POST block now)
- check if editing of a field is allowed (use default value if not)
- move validation of 'enum' fields to PFAHandler
- allow changing the "active" state (instead of hardcoding it)
model/PFAHandler.php:
- add check for 'enum' fields
model/DomainHandler.php:
- change default for "active" and "default_aliases" to 1
templates/admin_edit-domain.tpl:
- don't hide the "Active" checkbox on new
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1220 a1433add-5e2c-0410-b055-b7f2511e0802
create-domain.php:
- rename "fField" form fields to just "field" to match the column names
in the database
- remove list of template and POST variables in the header - the code is
self-documenting on this, one useless comment block less to maintain ;-)
- rename $default to $field - matches the usage better
- use $values[$key] instead $$key (this also avoids the need to fill
$values before calling $handler->set)
- remove some validation that is already done in DomainHandler
- use $handler->set even if creating $handler results in an error to
make error messages for all fields visible
- set $values to defaults at the end of the file if $error == 0 (and
use a foreach loop) instead of doing it for GET at the beginning and
again after successful POST
- remove some unused variables
- various other changes
edit-domain.php, templates/admin_edit-domain.tpl:
- rename "fField" form fields to just "field" to match the column names
in the database
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1218 a1433add-5e2c-0410-b055-b7f2511e0802
for create-domain.php...
create-domain.php:
- finally: use DomainHandler :-))
edit-domain.php, create-domain.php,
templates/admin_edit-domain.tpl:
- use 0/1 instead of off/on for checkboxes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1217 a1433add-5e2c-0410-b055-b7f2511e0802
- split off $fDomain from ?username= (admin mode)
- basic sanity check for ?username= (admin mode)
- urlencode $fDomain for $Return_url (admin mode)
- don't split off domain from username in users mode (not needed)
- added various TODO notes
- some whitespace fixes near the end of the file (2*3 lines)
list-virtual_mailbox.tpl
- don't include domain in link to vacation.php (no longer needed)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1172 a1433add-5e2c-0410-b055-b7f2511e0802
vacation.php
- result of merging edit-vacation.php and users/vacation.php
- vacation.php comes with the svn history of edit-vacation.php
- display "vacation already active" (only) in user mode if vacation is active
(would be useful in admin mode too, but needs a text change)
- various comment updates
- add username in $PALANG[pVacation_result_removed] and
$PALANG[pVacation_result_added] using sprintf
- change compared to Jan Kruis' patch:
- set return url for users to main.php instead of users/main.php
- set return url for admins after setting $fDomain. Otherwise the return url
does not contain the domain.
- removed unused variable $tDomain
users/vacation.php:
- require(../vacation.php)
- remove everything else
- whitespace changes in the license header
- note: this is completely different from Jan Kruis' patch - his intention was
to remove this file and use ../vacation.php. However, with his way all links
in the users menu would point to the wrong place/directory
edit-vacation.php:
- deleted
templates/vacation.tpl
- display username only in admin mode
templates/list-virtual_mailbox.tpl
- link changed to merged vacation.php
languages/en.lang
- add username in $PALANG[pVacation_result_removed] and
$PALANG[pVacation_result_added] as sprintf variable
- (comments added by Jan Kruis' patch are not part of this commit)
languages/nl.lang
- translation updates
- already contains the sprintf variable in $PALANG[pVacation_result_removed]
and $PALANG[pVacation_result_added]
(updates for other *.lang files follow in another commit)
The following parts of Jan Kruis' patch are not part of this commit:
- rejected:
- variables.inc.php: don't add $Admin_role and $Return_url
If we initialize them, it should be done directly in (edit-)vacation.php,
but the current code always sets them already in all cases.
- templates/users_main.tpl: do not change url for vacation.php
- postponed:
- added comments in en.lang about obsolete texts
Most parts of this commit (see exceptions above) were provided as patch
by Jan Kruis (jan-kruis@SF), see
https://sourceforge.net/tracker/?func=detail&aid=3383236&group_id=191583&atid=937966
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1169 a1433add-5e2c-0410-b055-b7f2511e0802
Prepare merging of edit-vacation.php and users/vacation.php
users/vacation.php, edit-vacation.php:
- first step of merging
- renamed some variables to fit vacation.tpl
- some code sorting and cleanup
- replaced JS redirect on cancel with handling in PHP
users_vacation.tpl, edit-vacation.tpl:
- deleted (merged to vacation.tpl)
vacation.tpl:
- new file, result of merging edit-vacation.tpl and users_vacation.tpl
- display mail address to users also (to be discussed)
Thanks to J.Kruis (jan-kruis@SF) for the patch,
https://sourceforge.net/tracker/?func=detail&aid=3383236&group_id=191583&atid=937966
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1163 a1433add-5e2c-0410-b055-b7f2511e0802
edit-alias.tpl:
- merge with create-alias.tpl
- added various {if $mode = ...}
- for edit mode: used "multiple targets" help text right of textarea
(instead of having it under the headline)
- use $fGoto instead of array in textarea
create-alias.tpl
- deleted
edit-alias.php:
- fixed $tGoto to contain unmodified $_POST value on error
- dropped $array smarty variable that was used instead of $tGoto
- added mode = edit smarty variable
- add empty pCreate_alias_address_text_error smarty variable to avoid
"undefined" warning
create-alias.php:
- added mode = create smarty variable
- switched to edit-alias template
*.lang
- marked $PALANG['pCreate_alias_address'] as obsolete
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1153 a1433add-5e2c-0410-b055-b7f2511e0802
edit-mailbox.php
- report password errors next to the password field instead of flash_error()
- small changes to smarty variables
create-mailbox.php:
- small changes to smarty variables
edit-mailbox.tpl, create-mailbox.tpl:
- merge as good as possible (everything that is still left will probably
need an {if}
- renamed some smarty variables
- use colspan=3 for buttons
*.lang:
- mark pCreate_mailbox_username, pCreate_mailbox_name, pCreate_mailbox_quota,
pCreate_mailbox_quota_text and pEdit_mailbox_name_text as obsolete
- added some "please check" notes for translators
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1146 a1433add-5e2c-0410-b055-b7f2511e0802
users/password.php:
- use SESSID_USERNAME instead of USERID_USERNAME to match the smarty
variable name in the password module for admins
- switch to 'password' template
templates/password.tpl:
- display "exit" button if logged in as user
- change form name to something more useful
templates/users_password.tpl:
- deleted
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1140 a1433add-5e2c-0410-b055-b7f2511e0802
- use $authentication_has_role instead of checking if $smarty_template
contains "users_". This makes the code cleaner and avoids problems
when merging templates to names without "users_".
- check for login template without using needle - that's possible after
merging the login and users_login template to login.tpl
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1139 a1433add-5e2c-0410-b055-b7f2511e0802
login.php, users/login.php:
- set logintype=admin/user smarty variable
- cleanup: move smarty assignments outside of GET/POST handling - it's
the same for both
users/login.php:
- do not pre-fill username on failed login
templates/login.tpl:
- merge in users_login.tpl
- add some {if} to handle the differences between admin and user login
templates/users_login.tpl:
- deleted
*.lang:
- mark pUsersLogin_username, pUsersLogin_password, pUsersLogin_language
and pUsersLogin_button as obsolete
- add some notes if pLogin_* and pUsersLogin differ
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1137 a1433add-5e2c-0410-b055-b7f2511e0802
- removed always empty variable $pCreate_mailbox_username_text
- replaced "static" variables $pCreate_mailbox_password_text and
$pCreate_mailbox_quota_text with their PALANG content in the template
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1132 a1433add-5e2c-0410-b055-b7f2511e0802
- change <h3> to <th>
list-virtual_alias_domain.tpl
- style "create new" link as button
These changes were forgotten by Dale :-P
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1115 a1433add-5e2c-0410-b055-b7f2511e0802