From c1ca72dd3c2a1f51c1663fa5d9ec779a02689757 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Fri, 19 Dec 2014 09:29:25 +0100
Subject: [PATCH] fix validation of offset-value in domain import + minor fixes

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 actions/admin/settings/136.phpfpm.php       |  2 --
 admin_domains.php                           |  2 +-
 lib/classes/bulk/class.DomainBulkAction.php | 12 +++++++++---
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/actions/admin/settings/136.phpfpm.php b/actions/admin/settings/136.phpfpm.php
index 61bfd624..188bae03 100644
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -198,5 +198,3 @@ return array(
 			),
 		),
 	);
-
-?>
diff --git a/admin_domains.php b/admin_domains.php
index ec7de7d7..2c024ae2 100644
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -1889,7 +1889,7 @@ if ($page == 'domains'
 
 			$customerid = intval($_POST['customerid']);
 			$separator = validate($_POST['separator'], 'separator');
-			$offset = intval($_POST['offset']);
+			$offset = validate($_POST['offset'], 'offset', "/[0-9]/i");
 
 			$file_name = $_FILES['file']['tmp_name'];
 
diff --git a/lib/classes/bulk/class.DomainBulkAction.php b/lib/classes/bulk/class.DomainBulkAction.php
index 5011e074..e4a07019 100644
--- a/lib/classes/bulk/class.DomainBulkAction.php
+++ b/lib/classes/bulk/class.DomainBulkAction.php
@@ -103,7 +103,9 @@ class DomainBulkAction {
 	 */
 	public function __construct($import_file = null, $customer_id = 0) {
 
-		$this->_impFile = makeCorrectFile($import_file);
+		if (!empty($import_file)) {
+			$this->_impFile = makeCorrectFile($import_file);
+		}
 		$this->_custId = $customer_id;
 	
 	}
@@ -135,10 +137,14 @@ class DomainBulkAction {
 			throw new Exception("Invalid separator specified: '" . $separator . "'");
 		}
 		
-		if (! is_numeric($offset) || $offset < 0) {
+		if (! is_int($offset) || $offset < 0) {
 			throw new Exception("Invalid offset specified");
 		}
-		
+
+		if ($this->_custId <= 0) {
+			throw new Exception("Invalid customer selected");
+		}
+
 		$this->_readCustomerData();
 		
 		if (is_null($this->_custData)) {