maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

check for errors in database-description before the actual creation of the database to prevent a physical existing database without an entry in the corresponding froxlor-table, fixes #1052

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-03-05 16:28:54 +01:00
parent f88c93a301
commit e7a0508989
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
customer_mysql.php
View File

@@ -177,9 +177,11 @@ elseif($page == 'mysqls')
{ {
$dbserver = 0; $dbserver = 0;
} }
// validate description before actual adding the database, #1052
$databasedescription = validate(trim($_POST['description']), 'description');
// Begin root-session // Begin root-session
$db_root = new db($sql_root[$dbserver]['host'], $sql_root[$dbserver]['user'], $sql_root[$dbserver]['password'], ''); $db_root = new db($sql_root[$dbserver]['host'], $sql_root[$dbserver]['user'], $sql_root[$dbserver]['password'], '');
$db_root->query('CREATE DATABASE `' . $db_root->escape($username) . '`'); $db_root->query('CREATE DATABASE `' . $db_root->escape($username) . '`');
$log->logAction(USR_ACTION, LOG_INFO, "created database '" . $username . "'"); $log->logAction(USR_ACTION, LOG_INFO, "created database '" . $username . "'");
@@ -195,8 +197,6 @@ elseif($page == 'mysqls')
// End root-session // End root-session
// Statement modifyed for Database description -- PH 2004-11-29 // Statement modifyed for Database description -- PH 2004-11-29
$databasedescription = validate($_POST['description'], 'description');
$result = $db->query('INSERT INTO `' . TABLE_PANEL_DATABASES . '` (`customerid`, `databasename`, `description`, `dbserver`) VALUES ("' . (int)$userinfo['customerid'] . '", "' . $db->escape($username) . '", "' . $db->escape($databasedescription) . '", "' . $db->escape($dbserver) . '")'); $result = $db->query('INSERT INTO `' . TABLE_PANEL_DATABASES . '` (`customerid`, `databasename`, `description`, `dbserver`) VALUES ("' . (int)$userinfo['customerid'] . '", "' . $db->escape($username) . '", "' . $db->escape($databasedescription) . '", "' . $db->escape($dbserver) . '")');
$result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`+1, `mysql_lastaccountnumber`=`mysql_lastaccountnumber`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"'); $result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`+1, `mysql_lastaccountnumber`=`mysql_lastaccountnumber`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
@@ -308,7 +308,6 @@ elseif($page == 'mysqls')
} }
// Update the Database description -- PH 2004-11-29 // Update the Database description -- PH 2004-11-29
$log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'");
$databasedescription = validate($_POST['description'], 'description'); $databasedescription = validate($_POST['description'], 'description');
$result = $db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '" WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"'); $result = $db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '" WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');