Commit Graph

1106 Commits (e3b242e4d807ebb0dbcc87a73fce53549e13135e)
 

Author SHA1 Message Date
Christian Boltz e3b242e4d8 flash_error.tpl:
- html-escape flash_info() / flash_error() messages to fix XSS if the
  message contains user-supplied input
  (thanks to Filippo Cavallarin for the report)

Note: This will cause ugly output for some german error messages which
contain ü etc., and the warning message in backup.php (with some
HTML tags included) will also look totally ugly.
Nevertheless, that's still better than XSS attacks ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1331 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 19b9535e43 functions.inc.php:
- PHP around 5.3.8 includes hex2bin as native function - http://php.net/hex2bin
  therefore we have to wrap our function (which fortunately gives the same
  results) with function_exists().
  Reported by MadOtis on #postfixadmin



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1328 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
David Goodwin cb640c87c1 fix sql injection in pacrypt() when mysql_crypt is in use; see previous commits etc esp in the 2.3 branch
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1327 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
David Goodwin 1a9104cab4 sql injection fix - ported back to trunk from branches/2.3 ...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1326 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 51ddbd2f2e list-domain.php:
- add missing $condition paramter in DomainHander->getList() call


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1318 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz e719c6c4dd create-alias.php:
- deleted, obsoleted by edit.php?table=alias

functions.inc.php:
- drop function check_alias() - it was only used by create-alias.php
  (AliasHandler has a similar function create_allowed(), which is a
  copy of check_alias() with superfluous {...} removed)

configs/menu.conf
- replace create-alias.php with edit.php?table=alias
- append "?" to url_create_mailbox to avoid temporary change in menu.tpl
  (create-mailbox is the only one which still needs ? instead of &)

templates/list-virtual.tpl:
- use {#url_create_alias#} instead of hardcoded create-alias.php

templates/menu.tpl:
- $url_domain: url-escape domain, use & instead of ?



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1317 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 088fef9bdb AliasHandler.php:
- override init() - change '*@domain' -> '@domain', then call parent::init()
- validate_new_id(): allow catchall ('@domain'), check only domain in this case
- create_allowed(): copy of check_alias() from functions.inc.php, with 
  superfluous { ... } removed
- remove forgotten debugging from mergeId()
- _field_goto(): 
  - allow '@domain' targets (domain-wide forward)
  - use an array to collect error messages - that avoids 'uninitialized'
    warnings and allows to easily change the join() glue if needed

Overall status:
- create-alias is now fully supported
- handling of vacation and mailbox aliases is still on my TODO list, which
  means we still need edit-alias for now


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1316 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Norman Messtorff 78c07dbd42 debian/rules:
- New target prep: Create a needed tar.gz file to build a non-nativ .dpkg
 - New target build-package: Call this target to build a shiny new .dpkg file.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1313 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Norman Messtorff a79d0d4c79 postfixadmin.postrm:
- Call wwwconfig scripts only if they are existing.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1312 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz d39a802d00 AliasHandler now works with edit.php in many cases
(TODO: catchall handling, mailbox and vacation aliases)

AliasHandler.php
- drop unused $username
- set $domain_field
- initStruct():
  - use correct labels
  - set 'domain' field options to allowed domains
  - add (virtual) 'localpart' field
  - add comments for more virtual fields
- add webformConfig() (note: modifies $struct on $new - otherwise we 
  couldn't use the domain dropdown in the web interface)
- add mergeId to merge localpart and domain to address (called by 
  edit.php _before_ ->init)
- add validate_new_id() (doesn't work for catchall yet)
- add setmore() to 
  - fill 'domain' based on 'address'
  - convert $values[goto] from array to comma-separated string
- add read_from_db_postprocess to split goto to an array
  (TODO: handling of mailbox and vacation aliases)
- add _field_goto() validator
- add empty, commented dummy delete() that will replace the "old" 
  delete function one day
- make hasAliasRecord() private (only used internally)
- mark all "old" functions as obsolete

edit.php:
- add handling of txtl field (convert textarea to array)
- call $handler->mergeId if $id_field is editable, but not displayed 
  in form (usecase: merge localpart + domain to address)

editform.tpl:
- add handling of txtl fields (textarea, filled by array)

PFAHandler.php:
- add setmore() hook function - runs at the end of set()

AdminHandler.php:
- add a comment for 'txtl' (array of one line texts, like alias goto)




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1311 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz da9a69dd0d AliasHandler.php:
- add initStruct() (not the final version, but works for now)
- add initMsg()
- replace $this->username with $this->id everywhere
- drop __construct() - default __construct will be used now

users/edit-alias.php, xmlrpc.php, VacationHandler.php, scripts/shells/alias.php:
- use default init sequence for AliasHandler (new, then ->init())


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1310 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz b8812686aa AliasdomainHandler.php, PFAHandler.php:
- move empty storemore() function from AliasdomainHandler to PFAHandler



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1309 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 0c42306267 list-virtual_alias_domain.tpl:
- use edit.php to switch active status for alias domains

edit-active.php:
- remove now superfluous handling of alias domains

configs/menu.conf:
- remove now superfluous url_edit_active (templates for list-mailbox
  and list-alias use hardcoded 'edit-active.php')



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1308 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 5416e93e5a adminlistadmin.tpl:
- use edit.php to switch active status for domains

edit-active-admin.php:
- deleted, obsoleted by using edit.php

configs/menu.conf:
- remove now superfluous url_edit_active_admin



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1307 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 91f613db5f adminlistdomain.tpl:
- use edit.php to switch active status for domains
- display backupmx and active status as yes/no instead of 1/0

edit-active-domain.php
- deleted, obsoleted by using edit.php

configs/menu.conf
- remove now superfluous url_edit_active_domain



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1306 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 2beac12971 edit.php:
- implement switching active status using *Handler
  (uses additional 'active' url parameter, which must be 0 or 1)
- document GET parameters


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1305 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Norman Messtorff d73e59fd8f Some more lintian fixes:
- control: added php5-cli dependency
 - rules: some permission fixes to postfixadmin-cli scripts
 - postfixadmin.docs: removed redundant changelog file

Merry christmas!



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1304 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 18b8564b64 Make $struct in the *Handler classes customizeable
config.inc.php:
- add $CONF['*_struct_hook'] to modify $struct in the *Handler classes

PFAHandler.php:
- call $CONF['*_struct_hook'] hook

AdminHandler.php, AliasdomainHandler.php, DomainHandler.php:
- remove now outdated TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1303 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 6eb7e9f794 PFAHandler.php:
- encrypt passwords ("pass" fields) with pacrypt()

AdminHandler.php:
- update/remove various TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1302 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz ee33647232 setup.php
- add rewritten function create_admin() (now using AdminHandler, 
  which means 25 instead of 80 lines)
- various follow-up changes to match the rewritten function create_admin()

functions.inc.php:
- delete function create_admin() - setup.php was the last file calling it
- honor POSTFIXADMIN_SETUP in authentification_get_username() to avoid
  a redirect to login.php after creating an admin with setup.php and to
  get "SETUP.PHP" for db_log()

model/AdminHandler.php:
- add TODO: implement generate_password


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1301 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz f6425e025b Delete the now unused files
- edit-admin.php
- create-admin.php
- templates/admin_edit-admin.tpl

Total: about 300 lines deleted


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1300 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 25abbafd20 configs/menu.conf, templates/adminlistadmin.tpl:
- use edit.php?table=admin instead of create-admin.php and edit-admin.php


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1299 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz b335abf02e functions.inc.php - db_log():
- allow log actions create_admin and edit_admin
- add edit_admin_state and delete_admin as comment/reminder that they 
  should also be logged

*.lang:
- add text for the new "create admin" and "edit admin" log actions


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1298 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 23c08bc02e PFAHandler.php:
- store unchecked input values given to set() in $this->RAWvalues before
  running the validation functions. This is needed to make comparing 
  password and password2 possible.
  (uppercase RAW intentional to make usage harder - hopefully hard enough
  to give everybody who wants to use it some time to think over secure
  programming when working with unchecked input ;-)

AdminHandler.php:
- compare password and password2

This commit means AdminHandler is complete :-)

(Note: db_log can't handle the admin-related log actions yet.)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1297 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Norman Messtorff c65c2caa7a - added missing files/dirs (smarty, *.js etc.) into the package
- simplified the DB credential patch and removing ucf registrations on package purge...



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1296 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Norman Messtorff b5397e595c Again some Debian stuff:
- Changed source format to 3.0 (quilt)
 - Added watchfile



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1295 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Norman Messtorff bf92cc3dc6 Updating Debian-Standards-Version:
* debian/rules: added missing build Targets
 * debian/control: removed VCS field, not longer needed.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1294 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 3a8a738585 PFAHandler.php:
- fix field type for skipping password fields (must be 'pass', not 'password')
- implement validation of 'pass' fields with validate_password()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1293 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 76befc69ff editform.tpl:
- implement handling of password fields (type=password, and never
  fill the value)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1292 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 300f096025 AdminHandler.php:
- add empty no_domain_field() to disable default die() from PFAHandler
- $struct: 
  - changed 'superadmin' to normal bool field (+ TODO note)
  - changed 'password2' to be an alias of password in SELECT
  - init 'domains' default with array() and options with list_domains(),
- storemore():
  - implement storing domains in domain_admins table
  - implement storing ALL in domain_admins table for superadmins to 
    keep the database backwards-compatible with 2.3.x for now
- add read_from_db_postprocess() to convert the domains list to an array

This makes AdminHandler working with edit.php?table=admin
(Some fine-tuning at various places/files is still missing.)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1291 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 9104b0652a editform.tpl:
- implement handling of 'list' fields (<select> with multiple choices 
  allowed)
- also include alternative implementation with checkboxes (commented out)
- change {$value_{$key}} to $value_{$key} for 'enum' to stay in sync 
  with 'list' ('list' fails with the additional {...} because it converts
  the array to the string "Array") (seems to be new behaviour in Smarty 
  3.1.5 - IIRC 3.0.7 required the additional {...})


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1290 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 06c2d414ef smarty.inc.php: some fixes after the Smarty upgrade:
- use SmartyBC (Backwards Compatible) instead of Smarty class to keep 
  {php} in templates working (do we really need this?)
- remove obsolete allow_php_tag
- config_dir default value is now an array



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1289 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 35d91d4b0c update smarty from 3.0.7 to 3.1.5
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1288 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 7773c537cc PFAHandler.php - read_from_db():
- also include column in SELECT if display_in_form != 0
- call read_from_db_postprocess() hook before returning data


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1287 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 0f0b7d336c PFAHandler:
- split code to handle domain_field == "" && admin_username != ""
  from __construct() to no_domain_field().
  Default behaviour stays to die(), but AdminHandler will override it


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1286 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 3baf1a61c9 functions.inc.php:
- db_delete(): allow to specify additional conditions for the WHERE clause


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1285 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 41d8bcaf0a upgrade.php:
- upgrade_1284(): migrate the ALL domain to the superadmin column
  Note: The ALL domain is not (yet) deleted to stay backwards-compatible 
  for now (will be done in a later upgrade function)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1284 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 48f2a0a94b upgrade.php
- upgrade_1283(): add a "superadmin" column to the admin table
  This is the first step to get rid of the "ALL" dummy domain.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1283 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 6f9d520262 list-admin.php:
- use AdminHandler
- move displaying the superadmin flag to the template

templates/adminlistadmin.tpl:
- update to the fieldnames provided by AdminHandler (name->username)
- move displaying the superadmin flag to the template

functions.inc.php:
- delete function get_admin_properties() (was only used by list-admin
  and is not needed anymore) -> 48 lines less :-)
- add TODO to list_admins() to use AdminHandler


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1282 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 36e31b9e23 AdminHandler.php (new file):
- Handler for admins
- list mode works
- edit mode not implemented yet


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1281 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz e95dffb55a users/edit-alias.php:
- remove unused $vacation_domain and $vacation_goto


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1280 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 24d9d695ad edit.php:
- whitespace fixes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1279 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz dd21f03616 functions.inc.php - db_log():
- add log action 'edit_alias_domain'
- update outdated comment to point to $action_list instead of 
  maintaining the list as comment _and_ variable

languages/*.lang
- add $PALANG['pViewlog_action_edit_alias_domain']


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1278 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 50590a5eea configs/menu.conf:
- move url_edit_domain to global section to avoid warning
- remove unused _txt_list_domain and [main] section


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1277 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 8f267c1b7f Use edit.php to create/edit domains
model/DomainHandler.php:
- add webformConfig()

configs/menu.conf:
- change url_edit_domain to edit.php?table=domain
- drop url_create_domain (use url_edit_domain instead)

templates/*:
- replace #url_create_domain# with #url_edit_domain#
- replace ? with &

create-domain.php:
- deleted :-)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1276 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 9cf7c7799a Use edit.php to edit/create for alias domains
(yes, we get edit mode "for free")

model/AliasdomainHandler.php:
- add webformConfig()

configs/menu.conf:
- change url_create_alias_domain to edit.php?table=aliasdomain

templates/list-virtual_alias_domain.tpl
- change ?target_domain to &target_domain 
  (TODO: this is currently ignored by edit.php)
- add edit link (TODO: add log action to avoid the error message)

create-alias-domain.php:
- deleted :-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1275 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 7ed5f7e471 Several changes to make edit.php a generic edit form
edit.php:
- use ?table= parameter to decide what will be edited
- generate (and validate) Handler classname based on ?table=
- read handler-specific configuration from $handler->webformConfig()
  and use it at various places
- add option to run $handler->init() early. Useful for $new in case
  of AliasdomainHandler which might fail if all domains are already
  aliased.
- always redirect to edit.php?table=$table after adding an item to
  ensure correct initialization for next item

templates/editform.tpl:
- add hidden field "table"


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1274 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz bfd4981433 PFAHandler.php:
- fix view() to use associative array key


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1273 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 0730cdfc6f copy edit-domain.php to edit.php (exact copy, no changes)
edit.php will be used as generic edit page for everything
(admins, domains, mailboxes, aliases, ...)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1272 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 63f20c28da AliasdomainHandler.php - initStruct():
- if only one alias_domain available, filter it out from target_domain list


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1271 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago