Commit Graph

2135 Commits (b4564958a1142fbf2ef28f13ee8839806a78698b)
 

Author SHA1 Message Date
Jan-Frederik Rieckers 7ee587bb87
[Broadcast] Use db_in_clause instead of a foreach loop 8 years ago
Christian Boltz 67a6d0e27a
use $CONF[page_size] in viewlog.php
This replaces the hardcoded "LIMIT 10" with "LIMIT <page_size>".

Patch by Dan <dannyro @SF>, https://sourceforge.net/p/postfixadmin/patches/133/

Additional change on top of Dan's patch:
- wrap $CONF['page_size'] in intval() to avoid that a broken config
  setting can break or exploit the query
8 years ago
Christian Boltz 29364b4734
ensure some fields are really latin1
The previous commit changed vacation_notificatoin.notified,
alias_domain.alias_domain and alias_domain.target_domain to latin1, but
did this only in their original upgrade function.

upgrade_1836_mysql() also applies this change to existing databases.
(It's unlikely that these fields are not latin1 - creating them as utf8
or utf8mb4 would break at the index length, but better safe than sorry ;-)
8 years ago
Christian Boltz ba94c3a75e
fix problems with utf8mb4 as default charset
When trying to create a new database with utf8mb4 as default charset,
upgrade.php fails at various places because of too long indexes.

- no longer run upgrade_1_mysql, upgrade_2_mysql and upgrade_3_mysql
  which all affect updates from pre-2.1 database layout
- add {LATIN1} to vacation_notificatoin.notified,
  alias_domain.alias_domain and alias_domain.target_domain

Thanks to martinx who reported this on IRC and helped to debug it.
8 years ago
David Goodwin 7e496094e0 fall back to sys_get_temp_dir() if we cannot write to a templates_c like place 8 years ago
David Goodwin c253ef7dbd allow escape_string() to take a db connection as a parameter; should improve performance when there are a large number of things to escape 8 years ago
David Goodwin 1a7b2df81f fix undefined variable 8 years ago
Martin Oemus 9aba43ee48 added config option to disable "edit_alias" function for users 8 years ago
David Goodwin 71e412f6c2 make error messages red; fix slightly invalid html; remove templates_c check (unnecessary); note we want php5+; add label tags to input elements 8 years ago
David Goodwin 8c2d447421 remove silencing of @include_once - fixes #20 8 years ago
Jan-Frederik Rieckers 2e92eb5cd1
Fix small syntax bug 8 years ago
Christian Boltz 04e54508e5 Merge pull request #19 from rmcaninch/rmcaninch-patch-1
add css id #update-check to footer.tpl

This allows to hide the "check for updates" link using a custom CSS with '#update-check { display:none; }'
8 years ago
Jan-Frederik Rieckers 3c360f646f
Switch config item for broadcast.
The new config item is now `sendmail_all_admins`
8 years ago
Jan-Frederik Rieckers eb871de916
Add new broadcst message language keys 8 years ago
Jan-Frederik Rieckers 3c3d844130
Improve the broadcast message tool
* Make it possible by config option that non global admins can send
  broadcast messages to their domains.
* Allow the sender to select the domains the broadcast message should be
  delivered to
* Allow the sender to decide if the broadcast message should just be
  delivered to mailboxes
8 years ago
Christian Boltz ace8597bb3 3.0.2 again - this time with correct SVN revision
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1895 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 28703935b3 3.0.2 release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1894 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin 7ddac2ac4b evil hack to make vacation work while we are using Mail::Sender - see also https://sourceforge.net/p/postfixadmin/patches/136/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1893 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 0ec8064fe6 changelog update
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1892 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin f2a9131938 bump debian/changelog
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1891 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 80d381f644 Make VacationHandler compatible with MySQL strict mode again
The MySQL database layout includes a 'cache' column for historical
reasons, the PostgreSQL database never did.

r1883 removed the 'cache' column from VacationHandler to unbreak
PostgreSQL, and at the same time broke MySQL in strict mode.

This patch re-adds the 'cache' column only for MySQL to fix this
regression.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1890 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz bf9ec09829 Merge pull request #23 from Janfred/bugfix_aliasdelete
Security fix: don't allow to delete protected aliases (CVE-2017-5930)
8 years ago
Jan-Frederik Rieckers 800f07816a
Fix wrong way of check for can_delete 8 years ago
Jan-Frederik Rieckers 03f4bad49c
Add Language-Key for protected_alias_cant_be_deleted 8 years ago
Jan-Frederik Rieckers 7bb36d0bbc
Fix security hole in AliasHandler
Without this fix it is possible to delete a protected alias via editing
the request parameter of the alias to delete.
8 years ago
David Goodwin e56727fe09 Merge remote-tracking branch 'svnexport/master' 8 years ago
Christian Boltz e3ade3e4b2 Set alias domain-related smarty variables only if alias domains are enabled
This avoids "undefined variable" warnings.

Reported by Kalavera on IRC.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1888 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin 061a96fea3 Merge remote-tracking branch 'svnexport/master' 8 years ago
David Goodwin 2bbf6c63d4 see https://sourceforge.net/p/postfixadmin/bugs/376/ - remove any old templates_c/ files
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1887 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin b8051515db check whether we can use templates_c (this seems a better idea than falling back to using something in /tmp)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1886 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin b434f7070a possibly improve debian dependencies
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1885 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin 491df198cc Merge remote-tracking branch 'svnexport/master' 8 years ago
David Goodwin 2f2db5949a fix date formatting in non-english languages, thanks to uz@musoftware.de
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1884 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin bd8e0e3ae3 apparently dead columns - thanks to uz@musoftware.de
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1883 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 9ba7118d7b AliasHandler: restrict mailbox subquery to requested domains
set_is_mailbox_extrafrom() restricts the domain list to the domain that
needs to be checked (in normal list-virtual listing one domain), and is
then used to restore the default extrafrom.
This improves the performance for most usecases even for superadmins.

Note: Search mode might still be slow because by default it searches in
all domains available to the admin.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1882 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
rmcaninch 137c9ac9d1 css id update-check added to footer.tpl
Simplify hiding the software update check from display. Not really for security. More for aesthetics; and keeping the more basic users from questioning it. Add #update-check {display: none;} to your custom css. See related feature patch: https://sourceforge.net/p/postfixadmin/patches/134/
8 years ago
Christian Boltz 516f1c68f4 upgrade_1835_mysql: fix defaults for both date fields at once
Doing it in two steps fails, see comment by Gabor 'Morc' KORMOS on
https://sourceforge.net/p/postfixadmin/bugs/5/

Note: This is an exception from the "never change an existing
upgrade_*() function" rule because
a) the result doesn't change for people where it worked and
b) it will continue here anyway for people who had upgrade problems


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1881 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 74130b478c list-virtual.tpl: add missing "download as CSV" for mailboxes
Reported by Dan <dannyro @SF> in
https://sourceforge.net/p/postfixadmin/patches/135/

Note that I'm using a completely different patch to fix it.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1880 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 40b4fdf61c beautify alias list search parameters
AliasHandler:
- initStruct(): handle __mailbox_username as separate field (needed to
  make it searchable)
- split off a condition_ignore_mailboxes() function (used in getList()
  and getPagebrowser()) to add '__mailbox_username IS NULL' to the search
  condition array. Also, make sure $condition can be an array (preferred)
  or a string with a raw query

list-virtual.php:
- hand over a search array instead of a raw query


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1879 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 16e1407621 db_where_clause(): allow NULL and NOTNULL searchmodes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1878 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz bd28fcb194 AliasHandler: restrict __is_mailbox subquery to allowed domains
This improves performance on setups with lots of mailboxes.
Well, except for superadmins because restricting to "all domains"
doesn't really help ;-)

Thanks to gygy for reporting this on IRC, and for testing the patch.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1877 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 4c2ff84d52 upate wiki links
mediawiki -> SF wiki


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1876 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz bbec3e9f0e pacrypt(): allow switching between dovecot:* password schemes
Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.

This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.

Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin 17d1cce041 Merge remote-tracking branch 'svnexport/master' 8 years ago
Christian Boltz 62b872491f config.inc.php: add pointers between $CONF[encrypt] = 'authlib' and $CONF[authlib_default_flavor]
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1874 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz c909d4a71e FetchmailHandler: use a valid date as default for 'date'
This fixes an invalid query when using mysql strict mode.

Reported by Martin Kenney, https://sourceforge.net/p/postfixadmin/bugs/380/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1873 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin f77309fd62 try and improve debian dependencies - see https://sourceforge.net/p/postfixadmin/bugs/382/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1872 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz cade17f777 update CHANGELOG.TXT:
- add section about 3.0.1 Debian packages
- import 2.3.8 CHANGELOG section from 2.3 branch


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1871 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin 6e6da819d1 Merge remote-tracking branch 'svnexport/master' 8 years ago
David Goodwin b44459c016 sigh....
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1868 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago