Using /tmp/ as fallback is insecure (predictible filenames in a
world-writeable directory enable symlink attacks). Better die() with an
useful error message.
Send broadcast message to active users only.
Without "active=1" condition in WHERE will clause a lot of "Recipient address rejected: User unknown in virtual mailbox table."
Unicode support is a much bigger can of worms (see the discussion in #47),
and having just a little part of unicode support in is a bad idea.
You can of course use the xn--whatever notation for unicode domains ;-)
Broadcast improvements:
- allow to send to mailboxes only
- allow to send to only some domains
- allow domain admins to send to their domains - new config option $CONF['sendmail_all_admins']
variables.inc.php is an old hack to save having to declare variables
before using them in pages.
Lots of the variables there are unused (leftovers from the old
create-*.php or edit-*.php scripts) or properly initialized in the file
using them, so there's no need to keep them in variables.inc.php.
The remaining variables in this file should also be dropped after
further investigation.
array('') means to include an empty item, and that results in an invalid
remote specification with a trailing "/"
Using an empty array() fixes this.
Reported by oftc_ftw on IRC.
This replaces the hardcoded "LIMIT 10" with "LIMIT <page_size>".
Patch by Dan <dannyro @SF>, https://sourceforge.net/p/postfixadmin/patches/133/
Additional change on top of Dan's patch:
- wrap $CONF['page_size'] in intval() to avoid that a broken config
setting can break or exploit the query
The previous commit changed vacation_notificatoin.notified,
alias_domain.alias_domain and alias_domain.target_domain to latin1, but
did this only in their original upgrade function.
upgrade_1836_mysql() also applies this change to existing databases.
(It's unlikely that these fields are not latin1 - creating them as utf8
or utf8mb4 would break at the index length, but better safe than sorry ;-)
Christian Boltz