Development

Navigation

← Previous Changeset
Next Changeset →

Changeset 596

Timestamp:

05/20/07 21:10:03 (2 years ago)

Author:

raphael

Message:

Minor corrections

Files:

trunk/gui/admin/settings_ports.php (modified) (1 diff)
trunk/gui/client/add_ftp_acc.php (modified) (1 diff)
trunk/gui/client/add_sql_database.php (modified) (1 diff)
trunk/gui/client/add_subdomain.php (modified) (4 diffs)
trunk/gui/client/catchall.php (modified) (19 diffs)
trunk/gui/client/error_pages.php (modified) (1 diff)
trunk/gui/client/sql_add_user.php (modified) (1 diff)
trunk/gui/client/support_system.php (modified) (1 diff)
trunk/gui/client/unprotect_it.php (modified) (2 diffs)
trunk/gui/include/client-functions.php (modified) (2 diffs)
trunk/gui/include/i18n.php (modified) (2 diffs)
trunk/gui/include/input-checks.php (modified) (8 diffs)
trunk/gui/include/ispcp-functions.php (modified) (5 diffs)
trunk/gui/include/login-functions.php (modified) (1 diff)
trunk/gui/include/sql.php (modified) (1 diff)
trunk/gui/orderpanel/addon.php (modified) (2 diffs)
trunk/gui/tools/index.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/gui/admin/settings_ports.php

r474	r596
257	257	// Fetch delete request
258	258	if (isset($_GET['delete'])) {
259		delete_service(~~get_get('delete')~~);
	259	delete_service($_GET['delete']);
260	260	}
261	261

trunk/gui/client/add_ftp_acc.php

r474	r596
40	40	// page functions.
41	41	//
42		function get_alias_mount_point(&$sql, &$alias_name)
	42	function get_alias_mount_point(&$sql, $alias_name)
43	43	{
44	44	$query = <<<SQL_QUERY

trunk/gui/client/add_sql_database.php

r474	r596
133	133	// are wildcards used?
134	134	//
135		if (~~ereg("\%\|\?~~", $db_name)) {
	135	if (preg_match("/[%\|\?]+/", $db_name)) {
136	136	set_page_message(tr('Wildcards as % and ? are not allowed!'));
137	137	return;

trunk/gui/client/add_subdomain.php

r474	r596
34	34	function check_subdomain_permissions($sql, $user_id)
35	35	{
36		list($dmn_id,
37		$dmn_name,
38		$dmn_gid,
39		$dmn_uid,
40		$dmn_created_id,
41		$dmn_created,
42		$dmn_last_modified,
43		$dmn_mailacc_limit,
44		$dmn_ftpacc_limit,
45		$dmn_traff_limit,
46		$dmn_sqld_limit,
47		$dmn_sqlu_limit,
48		$dmn_status,
49		$dmn_als_limit,
50		$dmn_subd_limit,
51		$dmn_ip_id,
52		$dmn_disk_limit,
53		$dmn_disk_usage,
54		$dmn_php,
55		$dmn_cgi) = get_domain_default_props($sql, $user_id);
56
57		$sub_cnt = get_domain_running_sub_cnt($sql, $dmn_id);
58
59		if ($dmn_subd_limit != 0 && $sub_cnt >= $dmn_subd_limit) {
60		set_page_message(tr('Subdomain limit expired!'));
61		header("Location: manage_domains.php");
62		die();
63		}
64
65		return $dmn_name; // Will be used in subdmn_exists()
	36	$props = get_domain_default_props($sql, $user_id, true);
	37
	38	$dmn_id = $props['domain_id'];
	39	$dmn_name = $props['domain_name'];
	40	$dmn_subd_limit = $props['domain_subd_limit'];
	41
	42	$sub_cnt = get_domain_running_sub_cnt($sql, $dmn_id);
	43
	44	if ($dmn_subd_limit != 0 && $sub_cnt >= $dmn_subd_limit) {
	45	set_page_message(tr('Subdomain limit expired!'));
	46	header("Location: manage_domains.php");
	47	die();
	48	}
	49
	50	return $dmn_name; // Will be used in subdmn_exists()
66	51	}
67	52
…	…
192	177	}
193	178
194		function check_subdomain_data(&$tpl, &$sql, $user_id)
	179	function check_subdomain_data(&$tpl, &$sql, $user_id, $dmn_name)
195	180	{
196	181	$domain_id = get_user_domain_id($sql, $user_id);
…	…
212	197	if (subdmn_exists($sql, $user_id, $domain_id, $sub_name) > 0) {
213	198	set_page_message(tr('Subdomain already exists!'));
214		} else if (@chk_subdname($sub_name.".".$~~_SESSION['user_logged']~~) > 0) {
	199	} else if (@chk_subdname($sub_name.".".$dmn_name) > 0) {
215	200	set_page_message(tr('Wrong subdomain syntax!'));
216	201	} else if (subdmn_mnt_pt_exists($sql, $user_id, $domain_id, $sub_name, $sub_mnt_pt)) {
…	…
253	238	$dmn_name = check_subdomain_permissions($sql, $_SESSION['user_id']);
254	239	gen_user_add_subdomain_data($tpl, $sql, $_SESSION['user_id']);
255		check_subdomain_data($tpl, $sql, $_SESSION['user_id']);
	240	check_subdomain_data($tpl, $sql, $_SESSION['user_id'], $dmn_name);
256	241
257	242	//

trunk/gui/client/catchall.php

r474	r596
57	57
58	58	global $cfg;
59
60
	59
	60
61	61
62	62	if ($mail_status === $cfg['ITEM_OK_STATUS']) {
…	…
68	68	return array(tr('N/A'), '#', '#');
69	69
70		}
	70	}
71	71	}
72	72
…	…
136	136
137	137	sub_id = 0
138
139		and
140
	138
	139	and
	140
141	141	(mail_type = 'normal_mail'
142	142	or
…	…
164	164
165	165	$mail_acc = decode_idna($rs -> fields['mail_acc']);
166
	166
167	167	$show_dmn_name = decode_idna($dmn_name);
168
	168
169	169
170	170	$tpl -> assign(
…	…
225	225
226	226	t2.domain_id = '$dmn_id'
227
228		and
229
	227
	228	and
	229
230	230	(t2.mail_type = 'subdom_mail'
231	231	or
…	…
235	235
236	236	t1.subdomain_id = t2.sub_id
237
	237
238	238
239	239	order by
…	…
256	256
257	257	$mail_acc = decode_idna($rs -> fields['mail_acc']);
258
	258
259	259	$show_sub_name = decode_idna($rs -> fields['sub_name']);
260
	260
261	261	$show_dmn_name = decode_idna($dmn_name);
262
	262
263	263	$tpl -> assign(
264	264	array(
…	…
321	321
322	322	t1.alias_id = t2.sub_id
323
324		and
325
	323
	324	and
	325
326	326	(t2.mail_type = 'alias_mail'
327	327	or
…	…
346	346	list($mail_action, $mail_action_script, $mail_edit_script) = gen_user_mail_action($rs -> fields['mail_id'], $rs -> fields['status']);
347	347
348
	348
349	349	$mail_acc = decode_idna($rs -> fields['mail_acc']);
350
	350
351	351	$show_dmn_name = decode_idna($dmn_name);
352
	352
353	353	$show_als_name = decode_idna($rs -> fields['als_name']);
354	354
355	355	$tpl -> assign(
356	356	array(
357		'MAIL_ACC' => $mail_acc."@".$show_als_name,
	357	'MAIL_ACC' => $mail_acc."@".$show_als_name,
358	358	'MAIL_TYPE' => user_trans_mail_type($rs -> fields['mail_type']),
359	359	'MAIL_STATUS' => user_trans_item_status($rs -> fields['status']),
…	…
403	403	return array(tr('N/A'), '#');
404	404
	405	} else {
	406
	407	return null;
	408
405	409	}
406	410
…	…
411	415
412	416	$show_dmn_name = decode_idna($dmn_name);
413
	417
414	418	if ($action === 'create') {
415	419
…	…
429	433	$show_dmn_name = decode_idna($dmn_name);
430	434	$show_mail_acc = decode_idna($mail_acc);
431
	435
432	436	$tpl -> assign(
433	437	array(
…	…
549	553
550	554	while (!$rs -> EOF) {
551
	555
552	556	if ($counter % 2 == 0) {
553
	557
554	558	$tpl -> assign('ITEM_CLASS', 'content2');
555
	559
556	560	} else {
557
558		$tpl -> assign('ITEM_CLASS', 'content');
	561
	562	$tpl -> assign('ITEM_CLASS', 'content');
559	563	}
560	564
…	…
565	569
566	570	$query = <<<SQL_QUERY
567
	571
568	572	select
569
	573
570	574	mail_id, mail_acc, status
571
	575
572	576	from
573
	577
574	578	mail_users
575
	579
576	580	where
577
	581
578	582	domain_id = '$dmn_id'
579
	583
580	584	and
581
	585
582	586	sub_id = '$als_id'
583
	587
584	588	and
585
	589
586	590	mail_type = 'alias_catchall'
587
	591
588	592	SQL_QUERY;
589
	593
590	594	$rs_als = execute_query($sql, $query);
591
	595
592	596	if ($rs_als -> RecordCount() == 0) {
593
	597
594	598	gen_catchall_item($tpl, 'create', $als_id, $als_name, '', '', '', 'als');
595
	599
596	600	} else {
597
	601
598	602	gen_catchall_item($tpl,
599	603	'delete',
…	…
603	607	$rs_als -> fields['mail_acc'],
604	608	$rs_als -> fields['status'], 'als');
605
	609
606	610	}
607
	611
608	612	$tpl -> parse('CATCHALL_ITEM', '.catchall_item');
609	613
…	…
632	636
633	637	a.domain_id = '$dmn_id'
634
635		and
	638
	639	and
636	640	a.domain_id = b.domain_id
637	641
…	…
641	645
642	646	while (!$rs -> EOF) {
643
	647
644	648	if ($counter % 2 == 0) {
645
	649
646	650	$tpl -> assign('ITEM_CLASS', 'content2');
647
	651
648	652	} else {
649
650		$tpl -> assign('ITEM_CLASS', 'content');
	653
	654	$tpl -> assign('ITEM_CLASS', 'content');
651	655	}
652	656
…	…
657	661
658	662	$query = <<<SQL_QUERY
659
	663
660	664	select
661
	665
662	666	mail_id, mail_acc, status
663
	667
664	668	from
665
	669
666	670	mail_users
667
	671
668	672	where
669
	673
670	674	domain_id = '$dmn_id'
671
	675
672	676	and
673
	677
674	678	sub_id = '$als_id'
675
	679
676	680	and
677
	681
678	682	mail_type = 'subdom_catchall'
679
	683
680	684	SQL_QUERY;
681
	685
682	686	$rs_als = execute_query($sql, $query);
683
	687
684	688	if ($rs_als -> RecordCount() == 0) {
685
	689
686	690	gen_catchall_item($tpl, 'create', $als_id, $als_name, '', '', '', 'sub');
687
	691
688	692	} else {
689
	693
690	694	gen_catchall_item($tpl,
691	695	'delete',
…	…
695	699	$rs_als -> fields['mail_acc'],
696	700	$rs_als -> fields['status'], 'sub');
697
	701
698	702	}
699
	703
700	704	$tpl -> parse('CATCHALL_ITEM', '.catchall_item');
701	705

trunk/gui/client/error_pages.php

r474	r596
20	20	require '../include/vfs.php';
21	21
22		function write_error_page(&$sql, &$user_id, &$eid)
	22	function write_error_page(&$sql, &$user_id, $eid)
23	23	{
24	24	$error = stripslashes($_POST['error']);

trunk/gui/client/sql_add_user.php

r565	r596
275	275	// are wildcards used?
276	276	//
277		if (~~ereg("\%\|\?~~", $db_user)) {
	277	if (preg_match("/[%\|\?]+/", $db_user)) {
278	278	set_page_message(tr('Wildcards as % and ? are not allowed!'));
279		return; }
	279	return;
	280	}
280	281
281	282	//

trunk/gui/client/support_system.php

r550	r596
37	37	// page functions.
38	38	//
39		function get_last_date(&$tpl, &$sql, &$ticket_id)
	39	function get_last_date(&$tpl, &$sql, $ticket_id)
40	40	{
41	41	$query = <<<SQL_QUERY

trunk/gui/client/unprotect_it.php

r474	r596
31	31	$domain_name = $_SESSION['user_logged'];
32	32	$cdir = $_GET['cdir'];
33		~~global $cfg;~~
34		~~$homedir = $cfg['FTP_HOMEDIR'];~~
35	33
36	34	unlink($cfg['FTP_HOMEDIR'].'/'.$domain_name.$cdir.'.htaccess');
…	…
40	38	header( "Location: protected_areas.php?cur_dir=$cdir" );
41	39	die();
42
43
44
45		~~if (isset($cfg['DUMP_GUI_DEBUG'])) dump_gui_debug();~~
46	40	?>

trunk/gui/include/client-functions.php

r593	r596
18	18	**/
19	19
20		function get_domain_default_props(&$sql, $domain_admin_id) {
	20	function get_domain_default_props(&$sql, $domain_admin_id, $returnWKeys = false) {
21	21	$query = <<<SQL_QUERY
22	22	select
…	…
49	49	$rs = exec_query($sql, $query, array($domain_admin_id));
50	50
51		return array($rs -> fields['domain_id'],
52		$rs -> fields['domain_name'],
53		$rs -> fields['domain_gid'],
54		$rs -> fields['domain_uid'],
55		$rs -> fields['domain_created_id'],
56		$rs -> fields['domain_created'],
57		$rs -> fields['domain_last_modified'],
58		$rs -> fields['domain_mailacc_limit'],
59		$rs -> fields['domain_ftpacc_limit'],
60		$rs -> fields['domain_traffic_limit'],
61		$rs -> fields['domain_sqld_limit'],
62		$rs -> fields['domain_sqlu_limit'],
63		$rs -> fields['domain_status'],
64		$rs -> fields['domain_alias_limit'],
65		$rs -> fields['domain_subd_limit'],
66		$rs -> fields['domain_ip_id'],
67		$rs -> fields['domain_disk_limit'],
68		$rs -> fields['domain_disk_usage'],
69		$rs -> fields['domain_php'],
70		$rs -> fields['domain_cgi']);
71
	51	if (!$returnWKeys) {
	52	return array($rs -> fields['domain_id'],
	53	$rs -> fields['domain_name'],
	54	$rs -> fields['domain_gid'],
	55	$rs -> fields['domain_uid'],
	56	$rs -> fields['domain_created_id'],
	57	$rs -> fields['domain_created'],
	58	$rs -> fields['domain_last_modified'],
	59	$rs -> fields['domain_mailacc_limit'],
	60	$rs -> fields['domain_ftpacc_limit'],
	61	$rs -> fields['domain_traffic_limit'],
	62	$rs -> fields['domain_sqld_limit'],
	63	$rs -> fields['domain_sqlu_limit'],
	64	$rs -> fields['domain_status'],
	65	$rs -> fields['domain_alias_limit'],
	66	$rs -> fields['domain_subd_limit'],
	67	$rs -> fields['domain_ip_id'],
	68	$rs -> fields['domain_disk_limit'],
	69	$rs -> fields['domain_disk_usage'],
	70	$rs -> fields['domain_php'],
	71	$rs -> fields['domain_cgi']);
	72	} else {
	73	return $rs->fields;
	74	}
72	75	}
73	76

trunk/gui/include/i18n.php

r573	r596
33	33	global $sql, $default_lang;
34	34
35		$default_lang = (~~session_id() &&~~ isset($_SESSION['user_def_lang'])) ? $_SESSION['user_def_lang'] : $cfg['USER_INITIAL_LANG'];
	35	$default_lang = (isset($_SESSION['user_def_lang'])) ? $_SESSION['user_def_lang'] : $cfg['USER_INITIAL_LANG'];
36	36
37	37	if (!$sql) {
38	38	return ($js ? $msgid : replace_html(htmlentities($msgid, ENT_COMPAT, "UTF-8")));
39		}
40		else {
	39	} else {
41	40	$table = $default_lang;
42	41	$encoding = $sql->Execute("SELECT `msqstr` FROM `$table` WHERE `msgid` = 'encoding';");
…	…
49	48	if (!$res) {
50	49	return ($js ? $msgid : replace_html(htmlentities($msgid, ENT_COMPAT, $encoding)));
51		}
52		elseif ($res->RowCount() == 0) {
	50	} elseif ($res->RowCount() == 0) {
53	51	return ($js ? $msgid : replace_html(htmlentities($msgid, ENT_COMPAT, $encoding)));
54		}
55		else {
	52	} else {
56	53	$data = $res->FetchRow();
57	54	if ($data['msgstr'] == '') {

trunk/gui/include/input-checks.php

r593	r596
231	231	$user_part = "(?:$normuser\|$quotedstring)";
232	232
233		$regex = ~~"$user_part"~~;
	233	$regex = $user_part;
234	234	// RegEx end
235	235
236		if (!preg_match("/^$regex$/",$email)) return 0;
	236	if (!preg_match("/^$regex$/D",$email)) return 0;
237	237
238	238	if (strlen($email) > $num) return 0;
…	…
292	292
293	293	$match = array();
294		$res = preg_match("/^([A-Za-z0-9])([A-Za-z0-9\-]*)([A-Za-z0-9])$/", $data, $match);
	294	$res = preg_match("/^([A-Za-z0-9])([A-Za-z0-9\-]*)([A-Za-z0-9])$/D", $data, $match);
295	295
296	296	if ($res == 0) {
…	…
326	326	function ispcp_name_check ( $data, $num ) {
327	327
328		$res = preg_match("/^[A-Za-z][A-Za-z0-9\.\-\_]*[A-Za-z0-9]$/", $data);
	328	$res = preg_match("/^[A-Za-z][A-Za-z0-9\.\-\_]*[A-Za-z0-9]$/D", $data);
329	329
330	330	if ($res == 0) return 0;
…	…
376	376	function ispcp_limit_check($data, $num) {
377	377
378		$res = preg_match("/^(-1\|0\|[1-9][0-9]*)$/", $data);
	378	$res = preg_match("/^(-1\|0\|[1-9][0-9]*)$/D", $data);
379	379
380	380	if ($res == 0)
…	…
406	406
407	407	$match = array();
408		$res = preg_match("/^([[^a-z0-9^A-Z^��\-]*)([A-Za-z0-9])$/", $data, $match);
	408	$res = preg_match("/^([[^a-z0-9^A-Z^��\-]*)([A-Za-z0-9])$/D", $data, $match);
409	409	if ($res == 0) return 0;
410	410
…	…
499	499	function ispcp_url_check ($data) {
500	500
501		$data ~~= "$data~~\n";
	501	$data .= "\n";
502	502
503	503	$res = preg_match("/^(http\|https\|ftp)\:\/\/[^\n]+\n$/", $data);
…	…
679	679	}
680	680
681		function get_~~get~~($value) {
682
683		if(isset($_~~GET~~[$value])) {
684
685		return $_~~GET~~[$value];
	681	function get_session($value) {
	682
	683	if(isset($_SESSION[$value])) {
	684
	685	return $_SESSION[$value];
686	686
687	687	} else {
…	…
693	693	}
694	694
695		~~function get_session($value) {~~
696
697		~~if(isset($_SESSION[$value])) {~~
698
699		~~return $_SESSION[$value];~~
700
701		~~} else {~~
702
703		~~return null;~~
704
705		}
706
707		}
708
709		~~function get_cookie($value) {~~
710
711		~~if(isset($_COOKIE[$value])) {~~
712
713		~~return $_COOKIE[$value];~~
714
715		~~} else {~~
716
717		~~return null;~~
718
719		}
720
721		}
722
723		~~function get_server($value) {~~
724
725		~~if(isset($_SERVER[$value])) {~~
726
727		~~return $_SERVER[$value];~~
728
729		~~} else {~~
730
731		~~return null;~~
732
733		}
734
735		}
736
737	695	?>

trunk/gui/include/ispcp-functions.php

r593	r596
293	293
294	294	*/
295		function decode_idna(&$input)
	295	function decode_idna($input)
296	296	{
297	297
…	…
312	312	}
313	313
314		function get_punny(&$input)
	314	function get_punny($input)
315	315	{
316	316
…	…
325	325	}
326	326
327		function strip_html(&$input)
	327	function strip_html($input)
328	328	{
329	329	$output = htmlspecialchars($input, ENT_QUOTES, "UTF-8");
…	…
331	331	}
332	332
333		function is_number(&$integer) {
	333	function is_number($integer) {
334	334	if (preg_match('/^[0-9]+$/', $integer)) {
335	335	return true;
…	…
338	338	}
339	339
340		function is_basicString(&$sting) {
	340	function is_basicString($sting) {
341	341	if (preg_match('=^[a-zA-Z0-9_-]+$=', $sting)) {
342	342	return true;

trunk/gui/include/login-functions.php

r593	r596
217	217
218	218	if (!session_exists(session_id())) {
	219	if (isset($_SESSION['user_logged']))
219	220	unset($_SESSION['user_logged']);
220	221	unset_user_login_data();

trunk/gui/include/sql.php

r593	r596
93	93	}
94	94
95		function match_sqlinjection($value) {
96		global $imatch;
97		$imatch = array();
98		return (preg_match("/((DELETE)\|(INSERT)\|(UPDATE)\|(ALTER)\|(CREATE)\|( TABLE)\|(DROP))\s[A-Za-z0-9 ]{0,200}(\s(FROM)\|(INTO)\|(TABLE)\s)/i", $value)>0);
	95	function match_sqlinjection($value, &$matches) {
	96	$matches = array();
	97	return (preg_match("/((DELETE)\|(INSERT)\|(UPDATE)\|(ALTER)\|(CREATE)\|( TABLE)\|(DROP))\s[A-Za-z0-9 ]{0,200}(\s(FROM)\|(INTO)\|(TABLE)\s)/i", $value, $matches)>0);
99	98	}
100	99
101	100	function check_query() {
102		~~global $imatch~~;
103		if (phpversion() > '4.2.2') {
104		foreach($_REQUEST as $key=>$value) {
105		if (!is_array($value)) {
106		~~if (match_sqlinjection($value~~)) {
107		~~$message = "Possible SQL injection detected: $key=>$value. <b>$imatch[0]~~</b>. Script terminated.";
108		write_log($message);
109		system_message($message);
110		die();
111		}
112		} else {
113		~~foreach($value as $key1=>$val~~) {
114		~~if (!is_array($~~val)) {
115		~~if (match_sqlinjection($val~~)) {
116		~~$message = "Possible SQL injection detected: $key=>$val <b>$imatch[0]~~</b>. Script terminated.";
117		write_log($message);
118		system_message($message);
119		die();
120		}
121		}
122		}
123		}
124		}
	101	$matches = null;
	102	if (phpversion() > '4.2.2') {
	103	foreach($_REQUEST as $key=>$value) {
	104	if (!is_array($value)) {
	105	if (match_sqlinjection($value, $matches)) {
	106	$message = "Possible SQL injection detected: $key=>$value. <b>${matches[0]}</b>. Script terminated.";
	107	write_log($message);
	108	system_message($message);
	109	die();
	110	}
	111	} else {
	112	foreach($value as $skey=>$svalue) {
	113	if (!is_array($sval)) {
	114	if (match_sqlinjection($svalue, $matches)) {
	115	$message = "Possible SQL injection detected: $skey=>$svalue <b>${matches[0]}</b>. Script terminated.";
	116	write_log($message);
	117	system_message($message);
	118	die();
	119	}
	120	}
	121	}
	122	}
	123	}
125	124	}
126	125	}

trunk/gui/orderpanel/addon.php

r474	r596
35	35	*/
36	36
37		function addon_domain(~~&$tpl,~~ $dmn_name)
	37	function addon_domain($dmn_name)
38	38	{
39	39	$dmn_name = strtolower($dmn_name);
…	…
94	94
95	95	if (isset($_POST['domainname']) && $_POST['domainname'] != ''){
96		addon_domain($~~tpl, $~~_POST['domainname']);
	96	addon_domain($_POST['domainname']);
97	97	}
98	98

trunk/gui/tools/index.php

r154 r596

1 <?
2
1 <?php
2 header("Location: ../");
3 exit;
3 4 ?>

Development

Navigation

Changeset 596

Legend:

Download in other formats: