maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

remove unnecessary parameter-checks as they will never happen; make Customers.update callable for customers

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-25 15:02:58 +01:00
parent 243b68cc37
commit a222114d0a
6 changed files with 488 additions and 552 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/classes/api/commands/class.Admins.php
View File

@@ -63,11 +63,7 @@ class Admins extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') == 1 || ($this->getUserDetail('adminid') == $id || $this->getUserDetail('loginname') == $loginname))) { if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') == 1 || ($this->getUserDetail('adminid') == $id || $this->getUserDetail('loginname') == $loginname))) {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
@@ -318,11 +314,7 @@ class Admins extends ApiCommand implements ResourceEntity
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array( $json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
@@ -583,11 +575,7 @@ class Admins extends ApiCommand implements ResourceEntity
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array( $json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
@@ -652,11 +640,7 @@ class Admins extends ApiCommand implements ResourceEntity
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array( $json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,

30
lib/classes/api/commands/class.Customers.php
View File

@@ -70,11 +70,7 @@ class Customers extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
if ($this->isAdmin()) { if ($this->isAdmin()) {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
@@ -131,7 +127,7 @@ class Customers extends ApiCommand implements ResourceEntity
$phone = $this->getParam('phone', true, ''); $phone = $this->getParam('phone', true, '');
$fax = $this->getParam('fax', true, ''); $fax = $this->getParam('fax', true, '');
$customernumber = $this->getParam('customernumber', true, ''); $customernumber = $this->getParam('customernumber', true, '');
$def_language = $this->getParam('def_language', true, ''); $def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
$gender = intval_ressource($this->getParam('gender', true, 0)); $gender = intval_ressource($this->getParam('gender', true, 0));
$custom_notes = $this->getParam('custom_notes', true, ''); $custom_notes = $this->getParam('custom_notes', true, '');
$custom_notes_show = $this->getParam('custom_notes_show', true, 0); $custom_notes_show = $this->getParam('custom_notes_show', true, 0);
@@ -681,14 +677,9 @@ class Customers extends ApiCommand implements ResourceEntity
*/ */
public function update() public function update()
{ {
if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Customers::getLocal($this->getUserData(), array( $json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
@@ -892,7 +883,6 @@ class Customers extends ApiCommand implements ResourceEntity
} }
if ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') { if ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') {
try { try {
$std_domain = Domains::getLocal($this->getUserData(), array( $std_domain = Domains::getLocal($this->getUserData(), array(
'id' => $result['standardsubdomain'], 'id' => $result['standardsubdomain'],
@@ -1219,8 +1209,6 @@ class Customers extends ApiCommand implements ResourceEntity
return $this->response(200, "successfull", $upd_data); return $this->response(200, "successfull", $upd_data);
} }
throw new Exception("Not allowed to execute given command.", 403);
}
/** /**
* delete a customer entry by either id or loginname * delete a customer entry by either id or loginname
@@ -1241,13 +1229,9 @@ class Customers extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
$delete_userfiles = $this->getParam('delete_userfiles', true, 0); $delete_userfiles = $this->getParam('delete_userfiles', true, 0);
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Customers::getLocal($this->getUserData(), array( $json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
'loginname' => $loginname 'loginname' => $loginname
@@ -1487,11 +1471,7 @@ class Customers extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Customers::getLocal($this->getUserData(), array( $json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,

20
lib/classes/api/commands/class.Domains.php
View File

@@ -73,13 +73,8 @@ class Domains extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$domainname = $this->getParam('domainname', $dn_optional, ''); $domainname = trim($this->getParam('domainname', $dn_optional, ''));
$no_std_subdomain = $this->getParam('no_std_subdomain', true, false); $no_std_subdomain = $this->getParam('no_std_subdomain', true, false);
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get domain #" . $id);
if ($id <= 0 && empty($domainname)) {
throw new Exception("Either 'id' or 'domainname' parameter must be given", 406);
}
// convert possible idn domain to punycode // convert possible idn domain to punycode
if (substr($domainname, 0, 4) != 'xn--') { if (substr($domainname, 0, 4) != 'xn--') {
@@ -101,6 +96,7 @@ class Domains extends ApiCommand implements ResourceEntity
} }
$result = Database::pexecute_first($result_stmt, $params, true, true); $result = Database::pexecute_first($result_stmt, $params, true, true);
if ($result) { if ($result) {
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get domain '" . $result['domain'] . "'");
return $this->response(200, "successfull", $result); return $this->response(200, "successfull", $result);
} }
$key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'"); $key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'");
@@ -778,11 +774,7 @@ class Domains extends ApiCommand implements ResourceEntity
// parameters // parameters
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$domainname = $this->getParam('domainname', $dn_optional, ''); $domainname = trim($this->getParam('domainname', $dn_optional, ''));
if ($id <= 0 && empty($domainname)) {
throw new Exception("Either 'id' or 'domainname' parameter must be given", 406);
}
// get requested domain // get requested domain
$json_result = Domains::getLocal($this->getUserData(), array( $json_result = Domains::getLocal($this->getUserData(), array(
@@ -1595,14 +1587,10 @@ class Domains extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$domainname = $this->getParam('domainname', $dn_optional, ''); $domainname = trim($this->getParam('domainname', $dn_optional, ''));
$is_stdsubdomain = $this->getParam('is_stdsubdomain', true, 0); $is_stdsubdomain = $this->getParam('is_stdsubdomain', true, 0);
$remove_subbutmain_domains = $this->getParam('delete_mainsubdomains', true, 0); $remove_subbutmain_domains = $this->getParam('delete_mainsubdomains', true, 0);
if ($id <= 0 && empty($domainname)) {
throw new Exception("Either 'id' or 'domainname' parameter must be given", 406);
}
$json_result = Domains::getLocal($this->getUserData(), array( $json_result = Domains::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
'domainname' => $domainname 'domainname' => $domainname

6
lib/classes/api/commands/class.Ftps.php
View File

@@ -37,11 +37,7 @@ class Ftps extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$un_optional = ($id <= 0 ? false : true); $un_optional = ($id <= 0 ? false : true);
$username = $this->getParam('username', $un_optional, ''); $username = trim($this->getParam('username', $un_optional, ''));
if ($id <= 0 && empty($username)) {
throw new Exception("Either 'id' or 'username' parameter must be given", 406);
}
$params = array(); $params = array();
if ($this->isAdmin()) { if ($this->isAdmin()) {

18
lib/classes/api/commands/class.Mysqls.php
View File

@@ -238,13 +238,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, ''); $dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1); $dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin()) { if ($this->isAdmin()) {
if ($this->getUserDetail('customers_see_all') != 1) { if ($this->getUserDetail('customers_see_all') != 1) {
// if it's a reseller or an admin who cannot see all customers, we need to check // if it's a reseller or an admin who cannot see all customers, we need to check
@@ -341,13 +337,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, ''); $dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1); $dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) { if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405); throw new Exception("You cannot access this resource", 405);
} }
@@ -549,13 +541,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, ''); $dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1); $dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) { if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405); throw new Exception("You cannot access this resource", 405);
} }

2
lib/functions/output/function.standard_error.php
View File

@@ -61,7 +61,7 @@ function standard_error($errors = '', $replacer = '', $throw_exception = false)
} }
if ($throw_exception) { if ($throw_exception) {
throw new Exception($error, 400); throw new Exception(strip_tags($error), 400);
} }
eval("echo \"" . getTemplate('misc/error', '1') . "\";"); eval("echo \"" . getTemplate('misc/error', '1') . "\";");
exit; exit;