- the WHERE fieldname is now hardcoded instead of being a $_GET parameter
This fixes a possible security hole in admin/delete.php (only vulnerabe
when logged in as global-admin)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@166 a1433add-5e2c-0410-b055-b7f2511e0802
fetchmail.php:
- IMPORTANT: fixed typo in database column name. If you have created the
fetchmail database already, you have to rename the "pool_time" column
to "poll_time"
- fixed adding of new entries
- don't display status fields (last poll date and result) in edit mode
- validate and quote the GET and POST variables
- show POSTed data again if invalid values were entered (data to display
in the edit form is passed to fetchmail.tpl in $formvars)
- check results of database operations and display error/success
messages
- check owner of target mailbox on all operations
- changed password handling: empty means no change (instead of sending
"******" around)
- reworked and moved around large code portions
- added some TODO notes
fetchmail.tpl:
- use data from $formvars in edit mode instead of parsing the full array
- moved "new entry" below the table
- replaced delete button with delete links
- Note: the boolean fields need testing with PgSQL. Especially test if
they are displayed as active correctly in list and edit mode!
*.lang:
- added several fetchmail-related strings, more to follow
- added $PALANG['please_keep_this_as_last_entry'] which always has to be
the last entry in the language files. This solves the problem that
language-check.sh mixes up the string order when adding strings at the
end of the language files.
- added vim:ft=php
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@163 a1433add-5e2c-0410-b055-b7f2511e0802
- removed $display_fields array again after understanding how $fm_struct
in fetchmail.php works
- added workaround for undefined index warnings in $fm_struct (line 47)
(for whatever reasons, there seem to be both numeric and named keys)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@161 a1433add-5e2c-0410-b055-b7f2511e0802
- changed editable and display flags of some columns in $fm_struct
(this array is pretty useful once you understand how to use it ;-)
- completed support for $CONF['fetchmail_extra_options'] = 'NO'
- added several escape_string() calls
- fixed several $_GET/$_POST undefined index warnings
- fixed some MySQL vs. PgSQL issues
- some small fixes
fetchmail.tpl
- changed layout to separate list and edit view
- fixed an undefined index warning
- replaced ID column with edit link
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@160 a1433add-5e2c-0410-b055-b7f2511e0802
Script to update the language files, with lots of tricky bash code ;-)
MUST be run everytime you add a string to en.lang.
./language-update.sh --patch
should do the job, unless something goes wrong.
./language-update.sh --help
prints all available options.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@155 a1433add-5e2c-0410-b055-b7f2511e0802
a '# XXX' comment for translators). This makes translation easier.
- added vim: comment to all language files
- this obsoletes default.lang - removed
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@154 a1433add-5e2c-0410-b055-b7f2511e0802
- shortened german menu text for fetchmail
- config.inc.php:
- added $CONF['fetchmail'] and $CONF['fetchmail_extra_options'], including
a big warning for the latter one.
- include config.inc.php at the end if it exists. This can make future
updates easier because you don't have to edit config.inc.php itsself.
It should also make development easier because you don't need to undo
local changes before commiting config.inc.php
- fetchmail.tpl:
- new array display_fields, contains the list of fields to display in the
table. This also solves most "undefined index" warnings.
Note: editing fetchmail does not honor $CONF['fetchmail_extra_options'] = 'NO' yet.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@151 a1433add-5e2c-0410-b055-b7f2511e0802
(see postfixadmin-devel mailinglist for detailed description and known
problems, subject "fetchmail support").
This commit adds fetchmail.pl which was missing in r140
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@147 a1433add-5e2c-0410-b055-b7f2511e0802
(see postfixadmin-devel mailinglist for detailed description and known
problems, subject "fetchmail support")
- encoded some german umlauts as htmlentities
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@140 a1433add-5e2c-0410-b055-b7f2511e0802
Note: Developers can use
$CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php'
to avoid deletion of setup.php after every "svn up".
WARNING:
THIS ALLOWS NON-AUTHENTIFICATED USERS TO CREATE SUPERADMIN ACCOUNTS!
Use this setting only on development systems, where the database is not
used by postfix.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@137 a1433add-5e2c-0410-b055-b7f2511e0802
- completely reworked HTML code in setup.php
- moved admin creation code from create_admin.php to functions.php,
function create_admin
- several related changes in functions.inc.php:
- use table_by_key() directly instead of the cached variables (which
are empty if config.inc.php was not read before functions.php)
- add an additional (optional) parameter $setup to db_connect, changed
many die(msg) calls to $error_message .= msg.
If $setup is given, the return value is array($link, $error_text)
instead of $link
- db_connect now checks for invalid $CONF['database_type']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@135 a1433add-5e2c-0410-b055-b7f2511e0802
- merge GET and POST code
- admin/search.php still has the old code commented out
@pgsql users: please test the search - I can't promise that everything works.
There are several TODOs / open questions regarding pgsql in search.php currently...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@126 a1433add-5e2c-0410-b055-b7f2511e0802
- always check if password == password2 (even if password2 is empty)
- skip changing password if new password is empty. Reasons:
- empty passwords are insecure
- editing an admin does not always mean to edit the password. One might
edit the allowed domains without even knowing the password of the
edited admin.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@123 a1433add-5e2c-0410-b055-b7f2511e0802
Christian Boltz