maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

secure included webinterface-modules; add settings-functions to Froxlor-ApiCommand

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-22 21:05:58 +01:00
parent dfb5d33a56
commit d9ec214e17
5 changed files with 112 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apihelp.php
View File

@@ -1,6 +1,8 @@
<?php
if (! defined('AREA'))
die('You cannot access this file directly!');
if (! defined('AREA')) {
header("Location: index.php");
exit;
}
/**
* This file is part of the Froxlor project.
@@ -77,10 +79,10 @@ foreach ($output_arr as $module => $functions) {
$apihelp .= "<h3>" . ($funcdata['return_type'] == - 1 ? "<span class=\"red\">no-return-type</span>" : $funcdata['return_type']) . "&nbsp;";
$apihelp .= "<b>" . $module . ".<span class=\"blue\">" . $function . "</span></b></h3>";
// description
if (strtoupper(substr($funcdata['head'], 0, 4)) == "TODO")
if (strtoupper(substr($funcdata['head'], 0, 5)) == "@TODO")
$apihelp .= "<span class=\"red\">";
$apihelp .= $funcdata['head'];
if (strtoupper(substr($funcdata['head'], 0, 4)) == "TODO")
if (strtoupper(substr($funcdata['head'], 0, 5)) == "@TODO")
$apihelp .= "</span>";
// output ALL the params;
if (count($funcdata['params_list']) > 0) {

8
dns_editor.php
View File

@@ -1,6 +1,8 @@
<?php
if (! defined('AREA'))
die('You cannot access this file directly!');
if (! defined('AREA')) {
header("Location: index.php");
exit;
}
/**
* This file is part of the Froxlor project.
@@ -18,7 +20,7 @@ if (! defined('AREA'))
*/
// This file is being included in admin_domains and customer_domains
// and therefore does not need to require lib/init.php
// and therefore does not need to require lib/init.php
$domain_id = isset($_GET['domain_id']) ? (int) $_GET['domain_id'] : null;

80
lib/classes/api/commands/class.Froxlor.php
View File

@@ -81,6 +81,86 @@ class Froxlor extends ApiCommand
throw new Exception("Not allowed to execute given command.", 403);
}
/**
* @TODO import settings
*/
public function importSettings()
{}
/**
* @TODO export settings to file
*/
public function exportSettings()
{}
/**
* return a list of all settings
*
* @return array count|list
*/
public function listSettings()
{
$sel_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY settinggroup ASC, varname ASC
");
Database::pexecute($sel_stmt, null, true, true);
$result = array();
while ($row = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {
$result[] = array(
'key' => $row['settinggroup'] . '.' . $row['varname'],
'value' => $row['value']
);
}
return $this->response(200, "successfull", array(
'count' => count($result),
'list' => $result
));
}
/**
* return a setting by settinggroup.varname couple
*
* @param string $key
* settinggroup.varname couple
*
* @throws Exception
* @return string
*/
public function getSetting()
{
if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
$setting = $this->getParam('key');
return $this->response(200, "successfull", Settings::Get($setting));
}
throw new Exception("Not allowed to execute given command.", 403);
}
/**
* updates a setting
*
* @param string $key
* settinggroup.varname couple
* @param string $value
* optional the new value, default is ''
*
* @throws Exception
* @return string
*/
public function updateSetting()
{
if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
$setting = $this->getParam('key');
$value = $this->getParam('value', true, '');
$oldvalue = Settings::Get($setting);
if (is_null($oldvalue)) {
throw new Exception("Setting '" . $setting . "' could not be found");
}
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] Changing setting '" . $setting . "' from '" . $oldvalue . "' to '" . $value . "'");
return $this->response(200, "successfull", Settings::Set($setting, $value, true));
}
throw new Exception("Not allowed to execute given command.", 403);
}
/**
* returns a list of all available api functions
*

35
lib/functions/filedir/function.makeCorrectDir.php
View File

@@ -20,26 +20,23 @@
/**
* Function which returns a correct dirname, means to add slashes at the beginning and at the end if there weren't some
*
* @param string The dirname
* @param string $dir
* The dirname
*
* @return string The corrected dirname
* @author Florian Lippert <flo@syscp.org>
*/
function makeCorrectDir($dir) {
if (version_compare("5.4.6", PHP_VERSION, ">")) {
assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
} else {
assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
function makeCorrectDir($dir)
{
if (is_string($dir) && strlen($dir) > 0) {
$dir = trim($dir);
if (substr($dir, - 1, 1) != '/') {
$dir .= '/';
}
if (substr($dir, 0, 1) != '/') {
$dir = '/' . $dir;
}
$dir = makeSecurePath($dir);
return $dir;
}
$dir = trim($dir);
if (substr($dir, -1, 1) != '/') {
$dir.= '/';
}
if (substr($dir, 0, 1) != '/') {
$dir = '/' . $dir;
}
$dir = makeSecurePath($dir);
return $dir;
throw new Exception("Cannot validate directory in " . __FUNCTION__ . " which is very dangerous.");
}

8
ssl_certificates.php
View File

@@ -1,6 +1,8 @@
<?php
if (! defined('AREA'))
die('You cannot access this file directly!');
if (! defined('AREA')) {
header("Location: index.php");
exit;
}
/**
* This file is part of the Froxlor project.
@@ -18,7 +20,7 @@ if (! defined('AREA'))
*/
// This file is being included in admin_domains and customer_domains
// and therefore does not need to require lib/init.php
// and therefore does not need to require lib/init.php
$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE id = :id");
$success_message = "";