Tagging 0.9.19

Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>

actions/admin/settings/100.panel.php

@@ -39,8 +39,7 @@ return array(
 					'type' => 'option',
 					'default' => 'Froxlor',
 					'option_mode' => 'one',
-					'option_options' => array('Classic' => 'Classic', 'Froxlor' => 'Froxlor'),
-					/* 'option_options_method' => 'getThemes', // iterate through templates/ and dynamically display all folders found */
+					'option_options_method' => 'getThemes',
 					'save_method' => 'storeSettingField',
 					),
 				'panel_natsorting' => array(

actions/admin/settings/120.system.php

@@ -27,6 +27,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'documentroot_prefix',
 					'type' => 'string',
+					'string_type' => 'dir',
 					'default' => '/var/customers/webs/',
 					'save_method' => 'storeSettingField',
 					'plausibility_check_method' => 'checkPathConflicts'

actions/admin/settings/137.perl.php

@@ -43,6 +43,7 @@ return array(
 					'settinggroup' => 'perl',
 					'varname' => 'suexecpath',
 					'type' => 'string',
+					'string_type' => 'dir',
 					'default' => '/var/www/cgi-bin/',
 					'save_method' => 'storeSettingField',
 					'websrv_avail' => array('apache2')

actions/admin/settings/180.dkim.php

@@ -36,6 +36,7 @@ return array(
 					'settinggroup' => 'dkim',
 					'varname' => 'dkim_prefix',
 					'type' => 'string',
+					'string_type' => 'dir',
 					'default' => '/etc/postfix/dkim/',
 					'save_method' => 'storeSettingField',
 					),

admin_customers.php

@@ -40,6 +40,9 @@ if($page == 'customers'
 {
 	if($action == '')
 	{
+		// clear request data
+		unset($_SESSION['requestData']);
+		
 		$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_customers");
 		$fields = array(
 			'c.loginname' => $lng['login']['username'],
@@ -89,7 +92,7 @@ if($page == 'customers'
 
 		$paging = new paging($userinfo, $db, TABLE_PANEL_CUSTOMERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$customers = '';
-		$result = $db->query("SELECT `c`.*, `a`.`loginname` AS `adminname` " . "FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a` " . "WHERE " . ($userinfo['customers_see_all'] ? '' : " `c`.`adminid` = '" . (int)$userinfo['adminid'] . "' AND ") . "`c`.`adminid`=`a`.`adminid` " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		$result = $db->query("SELECT `c`.*, `a`.`loginname` AS `adminname` " . "FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a` " . "WHERE " . ($userinfo['customers_see_all'] ? '' : " `c`.`adminid` = '" . (int)$userinfo['adminid'] . "' AND ") . "`c`.`adminid`=`a`.`adminid` " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy(false) . " " . $paging->getSqlLimit());
 		$paging->setEntries($db->num_rows($result));
 		$sortcode = $paging->getHtmlSortCode($lng, true);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -1126,6 +1129,47 @@ if($page == 'customers'
 						$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`='" . (($deactivated) ? 'N' : 'Y') . "', `pop3`='" . (($deactivated) ? '0' : '1') . "', `imap`='" . (($deactivated) ? '0' : '1') . "' WHERE `customerid`='" . (int)$id . "'");
 						$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled`='" . (($deactivated) ? 'N' : 'Y') . "' WHERE `customerid`='" . (int)$id . "'");
 						$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`='" . (int)$deactivated . "' WHERE `customerid`='" . (int)$id . "'");
+						
+						/* Retrieve customer's databases */
+						$databases = $db->query("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid='" . (int)$id . "' ORDER BY `dbserver`");
+						$db_root = new db($sql_root[0]['host'], $sql_root[0]['user'], $sql_root[0]['password'], '');
+						unset($db_root->password);
+						$last_dbserver = 0;
+
+						/* For each of them */
+						while($row_database = $db->fetch_array($databases))
+						{
+							if($last_dbserver != $row_database['dbserver'])
+							{
+								$db_root->query('FLUSH PRIVILEGES;');
+								$db_root->close();
+								$db_root = new db($sql_root[$row_database['dbserver']]['host'], $sql_root[$row_database['dbserver']]['user'], $sql_root[$row_database['dbserver']]['password'], '');
+								unset($db_root->password);
+								$last_dbserver = $row_database['dbserver'];
+							}
+
+							foreach(array_unique(explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host)
+							{
+								$mysql_access_host = trim($mysql_access_host);
+								
+								/* Prevent access, if deactivated */
+								if($deactivated)
+								{
+									$db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`');
+									$db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($row_database['databasename'])) . '` . * FROM `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`');
+								}
+								else /* Otherwise grant access */
+								{					
+									$db_root->query('GRANT ALL PRIVILEGES ON `' . $db_root->escape($row_database['databasename']) .'`.* TO `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`');
+									$db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($row_database['databasename'])) . '` . * TO `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`');
+								}
+							}
+						}
+
+						/* At last flush the new privileges */
+						$db_root->query('FLUSH PRIVILEGES;');
+						$db_root->close();
+						
 						$log->logAction(ADM_ACTION, LOG_INFO, "deactivated user '" . $result['loginname'] . "'");
 						inserttask('1');
 					}

admin_tickets.php

@@ -597,8 +597,7 @@ elseif($page == 'archive'
 			{
 				$categories[$x] = isset($_POST['category' . $x]) ? $_POST['category' . $x] : '';
 			}
-
-			$query = ticket::getArchiveSearchStatement($subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories);
+			$query = ticket::getArchiveSearchStatement($db, $subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories);
 			$fields = array(
 				'lastchange' => $lng['ticket']['lastchange'],
 				'ticket_answers' => $lng['ticket']['ticket_answers'],
@@ -656,7 +655,6 @@ elseif($page == 'archive'
 				{
 					if($paging->checkDisplay($i))
 					{
-						$ticket = htmlentities_array($ticket);
 						$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
 
 						if($_cid != $ticket['customerid'])
@@ -691,6 +689,8 @@ elseif($page == 'archive'
 							$ticket['subject'] = substr($ticket['subject'], 0, 17) . '...';
 						}
 
+						$ticket = htmlentities_array($ticket);
+
 						eval("\$tickets.=\"" . getTemplate("ticket/archived_tickets") . "\";");
 						$count++;
 						$_cid = $ticket['customerid'];
@@ -777,8 +777,8 @@ elseif($page == 'archive'
 			$by = $lng['ticket']['customer'];
 		}
 
-		$subject = $mainticket->Get('subject');
-		$message = $mainticket->Get('message');
+		$subject = htmlentities($mainticket->Get('subject'));
+		$message = htmlentities($mainticket->Get('message'));
 		eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_main") . "\";");
 		$result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
                               WHERE `id`="' . (int)$mainticket->Get('category') . '"');
@@ -799,15 +799,15 @@ elseif($page == 'archive'
 				$by = $lng['ticket']['customer'];
 			}
 
-			$subject = $subticket->Get('subject');
-			$message = $subticket->Get('message');
+			$subject = htmlentities($subticket->Get('subject'));
+			$message = htmlentities($subticket->Get('message'));
 			eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_list") . "\";");
 		}
 
-		$priorities = makeoption($lng['ticket']['high'], '1', $mainticket->Get('priority'), true, true);
-		$priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true);
-		$priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true);
-		$subject = $mainticket->Get('subject');
+		$priorities = makeoption($lng['ticket']['high'], '1', htmlentities($mainticket->Get('priority')), true, true);
+		$priorities.= makeoption($lng['ticket']['normal'], '2', htmlentities($mainticket->Get('priority')), true, true);
+		$priorities.= makeoption($lng['ticket']['low'], '3', htmlentities($mainticket->Get('priority')), true, true);
+		$subject = htmlentities($mainticket->Get('subject'));
 		$ticket_replies_count = $db->num_rows($andere) + 1;
 
 		// don't forget the main-ticket!

customer_autoresponder.php

@@ -109,7 +109,15 @@ if($action == "add")
 	
 	$date_from_off = makecheckbox('date_from_off', $lng['panel']['not_activated'], '-1', false, '-1', true, true);
 	$date_until_off = makecheckbox('date_until_off', $lng['panel']['not_activated'], '-1', false, '-1', true, true);
+	
+	$isactive = makeyesno('active', '1', '0', '1');
 
+	$autoresponder_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_addautoresponder.php';
+	$autoresponder_add_form = htmlform::genHTMLForm($autoresponder_add_data);
+
+	$title = $autoresponder_add_data['autoresponder_add']['title'];
+	$image = $autoresponder_add_data['autoresponder_add']['image'];
+	
 	eval("echo \"" . getTemplate("email/autoresponder_add") . "\";");
 }
 
@@ -212,6 +220,7 @@ if($action == "edit")
 	if($date_from == -1)
 	{
 		$deactivated = '-1';
+		$date_from = '';
 	}
 	else
 	{
@@ -223,7 +232,7 @@ if($action == "edit")
 	if($date_until == -1)
 	{
 		$deactivated = '-1';
-		$date_until = '-1';
+		$date_until = '';
 	}
 	else
 	{
@@ -231,13 +240,14 @@ if($action == "edit")
 		$date_until = date('d-m-Y', $date_until);
 	}
 	$date_until_off = makecheckbox('date_until_off', $lng['panel']['not_activated'], '-1', false, $deactivated, true, true);
+	
+	$isactive = makeyesno('active', '1', '0', $row['enabled']);
 
-	$checked = '';
+	$autoresponder_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/email/formfield.emails_editautoresponder.php';
+	$autoresponder_edit_form = htmlform::genHTMLForm($autoresponder_edit_data);
 
-	if($row['enabled'] == 1)
-	{
-		$checked = "checked=\"checked\"";
-	}
+	$title = $autoresponder_edit_data['autoresponder_edit']['title'];
+	$image = $autoresponder_edit_data['autoresponder_edit']['image'];
 
 	eval("echo \"" . getTemplate("email/autoresponder_edit") . "\";");
 }

customer_domains.php

@@ -368,9 +368,9 @@ elseif($page == 'domains')
 					$aliasdomains.= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id']);
 				}
 
+				$redirectcode = '';
 				if($settings['customredirect']['enabled'] == '1')
 				{
-					$redirectcode = '';
 					$codes = getRedirectCodesArray();
 					foreach($codes as $rc)
 					{
@@ -541,10 +541,17 @@ elseif($page == 'domains')
 
 				if(preg_match('/^https?\:\/\//', $result['documentroot'])
 				   && validateUrl($idna_convert->encode($result['documentroot']))
-				   && $settings['panel']['pathedit'] == 'Dropdown')
-				{
-					$urlvalue = $result['documentroot'];
-					$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+				) {
+					if($settings['panel']['pathedit'] == 'Dropdown')
+					{
+						$urlvalue = $result['documentroot'];
+						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+					}
+					else
+					{
+						$urlvalue = '';
+						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot'], true);						
+					}
 				}
 				else
 				{
@@ -552,10 +559,10 @@ elseif($page == 'domains')
 					$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot']);
 				}
 
+				$redirectcode = '';
 				if($settings['customredirect']['enabled'] == '1')
 				{
 					$def_code = getDomainRedirectId($id);
-					$redirectcode = '';
 					$codes = getRedirectCodesArray();
 					foreach($codes as $rc)
 					{