Using /tmp/ as fallback is insecure (predictible filenames in a
world-writeable directory enable symlink attacks). Better die() with an
useful error message.
Send broadcast message to active users only.
Without "active=1" condition in WHERE will clause a lot of "Recipient address rejected: User unknown in virtual mailbox table."
Unicode support is a much bigger can of worms (see the discussion in #47),
and having just a little part of unicode support in is a bad idea.
You can of course use the xn--whatever notation for unicode domains ;-)
Broadcast improvements:
- allow to send to mailboxes only
- allow to send to only some domains
- allow domain admins to send to their domains - new config option $CONF['sendmail_all_admins']
variables.inc.php is an old hack to save having to declare variables
before using them in pages.
Lots of the variables there are unused (leftovers from the old
create-*.php or edit-*.php scripts) or properly initialized in the file
using them, so there's no need to keep them in variables.inc.php.
The remaining variables in this file should also be dropped after
further investigation.
array('') means to include an empty item, and that results in an invalid
remote specification with a trailing "/"
Using an empty array() fixes this.
Reported by oftc_ftw on IRC.
This replaces the hardcoded "LIMIT 10" with "LIMIT <page_size>".
Patch by Dan <dannyro @SF>, https://sourceforge.net/p/postfixadmin/patches/133/
Additional change on top of Dan's patch:
- wrap $CONF['page_size'] in intval() to avoid that a broken config
setting can break or exploit the query
The previous commit changed vacation_notificatoin.notified,
alias_domain.alias_domain and alias_domain.target_domain to latin1, but
did this only in their original upgrade function.
upgrade_1836_mysql() also applies this change to existing databases.
(It's unlikely that these fields are not latin1 - creating them as utf8
or utf8mb4 would break at the index length, but better safe than sorry ;-)
When trying to create a new database with utf8mb4 as default charset,
upgrade.php fails at various places because of too long indexes.
- no longer run upgrade_1_mysql, upgrade_2_mysql and upgrade_3_mysql
which all affect updates from pre-2.1 database layout
- add {LATIN1} to vacation_notificatoin.notified,
alias_domain.alias_domain and alias_domain.target_domain
Thanks to martinx who reported this on IRC and helped to debug it.
* Make it possible by config option that non global admins can send
broadcast messages to their domains.
* Allow the sender to select the domains the broadcast message should be
delivered to
* Allow the sender to decide if the broadcast message should just be
delivered to mailboxes
Christian Boltz