fix template->language issues (not html-encoded special-characters in language-name), set version to 0.9.34-dev1 due to db structure change / update

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

admin_templates.php

@@ -214,7 +214,7 @@ if ($action == '') {
 		&& $_POST['prepare'] == 'prepare'
 	) {
 		//email templates
-		$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
+		$language = htmlentities(validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		$template = validate($_POST['template'], 'template');
 
 		$lng_bak = $lng;
@@ -244,7 +244,7 @@ if ($action == '') {
 		&& $_POST['send'] == 'send'
 	) {
 		//email templates
-		$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
+		$language = htmlentities(validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		$template = validate($_POST['template'], 'template');
 		$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
 		$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
@@ -452,6 +452,8 @@ if ($action == '') {
 			
 			$template_name = str_replace('_mailbody', '', $result['varname']);
 
+			// don't escape the already escaped language-string so save up before htmlentities()
+			$language = $result['language'];
 			$result = htmlentities_array($result);
 			$mailbody = $result['value'];
 

install/froxlor.sql

@@ -233,7 +233,7 @@ CREATE TABLE `panel_domains` (
   `dkim_privkey` text,
   `dkim_pubkey` text,
   `wwwserveralias` tinyint(1) NOT NULL default '1',
-  `parentdomainid` int(11) unsigned NOT NULL default '0',
+  `parentdomainid` int(11) NOT NULL default '0',
   `openbasedir` tinyint(1) NOT NULL default '0',
   `openbasedir_path` tinyint(1) NOT NULL default '0',
   `speciallogfile` tinyint(1) NOT NULL default '0',
@@ -538,7 +538,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.33');
+	('panel', 'version', '0.9.34-dev1');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -2892,3 +2892,31 @@ if (isFroxlorVersion('0.9.33-rc3')) {
         updateToVersion('0.9.33');
 
 }
+
+if (isFroxlorVersion('0.9.33')) {
+
+    showUpdateStep("Updating from 0.9.33 to 0.9.34-dev1");
+
+    showUpdateStep("Updating table structure of domains");
+    Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` MODIFY `parentdomainid` int(11) NOT NULL default '0'");
+    lastStepStatus(0);
+
+    showUpdateStep("Updating stored email-templates");
+    $chk_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TEMPLATES."` WHERE `templategroup` = 'mails'");
+    Database::pexecute($chk_stmt);
+    // do we have any?
+    if ($chk_stmt->rowCount() > 0) {
+        // prepare update-statement
+        $upd_stmt = Database::prepare("UPDATE `".TABLE_PANEL_TEMPLATES."` SET `language` = :lang WHERE `id` = :id");
+        // get each row
+        while ($row = $chk_stmt->fetch()) {
+           // let htmlentities run over the language name and update the entry
+           Database::pexecute($upd_stmt, array('lang' => htmlentities($row['language'])), false);
+        }
+        lastStepStatus(0);
+    } else {
+        lastStepStatus(1, "not needed");
+    }
+
+    updateToVersion('0.9.34-dev1');
+}

lib/tables.inc.php

@@ -51,6 +51,6 @@ define('TABLE_PANEL_DOMAIN_SSL_SETTINGS', 'domain_ssl_settings');
 define('TABLE_DOMAINTOIP', 'panel_domaintoip');
 
 // VERSION INFO
-$version = '0.9.33';
+$version = '0.9.34-dev1';
 $dbversion = '2';
 $branding = '';