maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

only let admin select php-configs that the customer is allowed to use to avoid unwanted php-config changes when customer edits domain, refs #514

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-09 13:57:23 +01:00
parent 4d3fa6eca5
commit 5612720342
4 changed files with 74 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
admin_domains.php
View File

@@ -2209,12 +2209,19 @@ if ($page == 'domains' || $page == 'overview') {
FROM `" . TABLE_PANEL_PHPCONFIGS . "` c FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
"); ");
$c_allowed_configs = getCustomerDetail($result['customerid'], 'allowed_phpconfigs');
if (!empty($c_allowed_configs)) {
$c_allowed_configs = json_decode($c_allowed_configs, true);
} else {
$c_allowed_configs = array();
}
while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) { while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
$disabled = !empty($c_allowed_configs) && !in_array($phpconfigs_row['id'], $c_allowed_configs);
if ((int) Settings::Get('phpfpm.enabled') == 1) { if ((int) Settings::Get('phpfpm.enabled') == 1) {
$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true); $phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
} else { } else {
$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true); $phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
} }
} }
@@ -2231,6 +2238,13 @@ if ($page == 'domains' || $page == 'overview') {
eval("echo \"" . getTemplate("domains/domains_edit") . "\";"); eval("echo \"" . getTemplate("domains/domains_edit") . "\";");
} }
} }
} elseif ($action == 'jqGetCustomerPHPConfigs') {
$customerid = intval($_POST['customerid']);
$allowed_phpconfigs = getCustomerDetail($customerid, 'allowed_phpconfigs');
echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode(array());
exit;
} elseif ($action == 'import') { } elseif ($action == 'import') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {

6
lib/functions/output/function.makeoption.php
View File

@@ -29,7 +29,7 @@
* @author Florian Lippert <flo@syscp.org> * @author Florian Lippert <flo@syscp.org>
*/ */
function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $value_trusted = false, $id = NULL) function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $value_trusted = false, $id = NULL, $disabled = false)
{ {
if($selvalue !== NULL if($selvalue !== NULL
&& ((is_array($selvalue) && in_array($value, $selvalue)) || $value == $selvalue)) && ((is_array($selvalue) && in_array($value, $selvalue)) || $value == $selvalue))
@@ -41,6 +41,10 @@ function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $v
$selected = ''; $selected = '';
} }
if ($disabled) {
$selected .= ' disabled="disabled"';
}
if(!$title_trusted) if(!$title_trusted)
{ {
$title = htmlspecialchars($title); $title = htmlspecialchars($title);

1
templates/Sparkle/admin/domains/domains_add.tpl vendored
View File

@@ -6,6 +6,7 @@ $header
{$title} {$title}
</h2> </h2>
</header> </header>
<script type="text/javascript" src="templates/{$theme}/assets/js/domains.js"></script>
<section> <section>

52
templates/Sparkle/assets/js/domains.js vendored Normal file
View File

@@ -0,0 +1,52 @@
$(document).ready(function() {
var getUrlParameter = function getUrlParameter(sParam) {
var sPageURL = decodeURIComponent(window.location.search.substring(1)),
sURLVariables = sPageURL.split('&'),
sParameterName,
i;
for (i = 0; i < sURLVariables.length; i++) {
sParameterName = sURLVariables[i].split('=');
if (sParameterName[0] === sParam) {
return sParameterName[1] === undefined ? true : sParameterName[1];
}
}
};
/**
* disable unusable php-configuration by customer settings
*/
$('#customerid').change(function() {
var cid = $(this).val();
var sid = getUrlParameter('s');
var page = getUrlParameter('page');
$.ajax({
url: "admin_domains.php?s="+sid+"&page="+page+"&action=jqGetCustomerPHPConfigs",
type: "POST",
data: {
customerid: cid
},
dataType: "json",
success: function(json) {
if (json.length > 0) {
$('#phpsettingid option').each(function() {
var pid = $(this).val();
$(this).attr("disabled", "disabled");
for (i in json) {
if (pid == json[i]) {
$(this).removeAttr("disabled");
}
}
});
}
},
error: function(a, b) {
console.log(a, b);
}
});
});
});