Commit Graph

14 Commits (dcb60a670c49d6d963f9e040689d8f43b77bad23)

Author SHA1 Message Date
Christian Boltz 52a7df2b3a Add CSRF protection for POST requests
Add the CSRF token to all forms, and validate it when those forms are
submitted.

https://sourceforge.net/p/postfixadmin/bugs/372/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1842 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 530c489ec4 editform.tpl:
- add {if} block for description column to make customization for
  special fields/cases easier


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1829 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz eb7e40cf94 PFAHandler, editform.tpl:
- add support for 'b64p' fields (passwords stored base64-encoded)
  as preparation to migrate fetchmail.php to FetchmailHandler


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1750 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 1ad0d6832b editform.tpl:
- display cleartext value instead of key for readonly enma fields


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1721 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3d58d1f092 editform.tpl:
- add handling for 'enma' fields (see PFAHandler r1711)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1720 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 0cf9d7e53c templates/editform.tpl:
- change all field names to "value[$key]" instead of just "$key"
  to keep the main "namespace" clean

edit.php:
- adjust POST handling code to changed form field names ("value[$key]")



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1629 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz d39a802d00 AliasHandler now works with edit.php in many cases
(TODO: catchall handling, mailbox and vacation aliases)

AliasHandler.php
- drop unused $username
- set $domain_field
- initStruct():
  - use correct labels
  - set 'domain' field options to allowed domains
  - add (virtual) 'localpart' field
  - add comments for more virtual fields
- add webformConfig() (note: modifies $struct on $new - otherwise we 
  couldn't use the domain dropdown in the web interface)
- add mergeId to merge localpart and domain to address (called by 
  edit.php _before_ ->init)
- add validate_new_id() (doesn't work for catchall yet)
- add setmore() to 
  - fill 'domain' based on 'address'
  - convert $values[goto] from array to comma-separated string
- add read_from_db_postprocess to split goto to an array
  (TODO: handling of mailbox and vacation aliases)
- add _field_goto() validator
- add empty, commented dummy delete() that will replace the "old" 
  delete function one day
- make hasAliasRecord() private (only used internally)
- mark all "old" functions as obsolete

edit.php:
- add handling of txtl field (convert textarea to array)
- call $handler->mergeId if $id_field is editable, but not displayed 
  in form (usecase: merge localpart + domain to address)

editform.tpl:
- add handling of txtl fields (textarea, filled by array)

PFAHandler.php:
- add setmore() hook function - runs at the end of set()

AdminHandler.php:
- add a comment for 'txtl' (array of one line texts, like alias goto)




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1311 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 76befc69ff editform.tpl:
- implement handling of password fields (type=password, and never
  fill the value)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1292 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 9104b0652a editform.tpl:
- implement handling of 'list' fields (<select> with multiple choices 
  allowed)
- also include alternative implementation with checkboxes (commented out)
- change {$value_{$key}} to $value_{$key} for 'enum' to stay in sync 
  with 'list' ('list' fails with the additional {...} because it converts
  the array to the string "Array") (seems to be new behaviour in Smarty 
  3.1.5 - IIRC 3.0.7 required the additional {...})


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1290 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 7ed5f7e471 Several changes to make edit.php a generic edit form
edit.php:
- use ?table= parameter to decide what will be edited
- generate (and validate) Handler classname based on ?table=
- read handler-specific configuration from $handler->webformConfig()
  and use it at various places
- add option to run $handler->init() early. Useful for $new in case
  of AliasdomainHandler which might fail if all domains are already
  aliased.
- always redirect to edit.php?table=$table after adding an item to
  ensure correct initialization for next item

templates/editform.tpl:
- add hidden field "table"


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1274 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 3f0e77e6ab editform.tpl:
- replace hardcoded $value_transport with {$value_{$key}


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1270 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz d065179993 create-domain.php, templates/editform.tpl:
- move handling of displaying checkboxes to editform.tpl.
  This means: One switch block less in create-domain.php



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1262 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz def9c22fb1 create-domain.php, templates/editform.tpl:
- move special handling for enum fields from PHP select_options() to 
  the template using smarty {html_options}


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1260 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 7ac37cfbff templates/editform.tpl:
- new file
- generic edit form template that uses $struct to render the form

templates/admin_edit-domain.tpl:
- deleted, obsoleted by editform.tpl

create-domain.php
- use new editform.tpl
- use $errormsg array instead of join't $errortext
- store/move errors related to a display_in_form field in $fielderror
  (they will be displayed next to the field)
- display remaining error messages (not related to a field) with 
  flash_error()
- use "value_$key" instead of "t$Key" as smarty variable name for field 
  values

model/DomainHandler.php
- store error messages in $this->errormsg[$field] (instead of $this->errormsg[])
- fix label for default_aliases

model/PFAHandler.php:
- store error messages in $this->errormsg[$field] (instead of $this->errormsg[])



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1252 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago