set version to 0.9.31.2 for bugfix release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/210.security.php

@@ -53,7 +53,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'allow_error_report_admin',
 					'type' => 'bool',
-					'default' => true, // TODO: will be false in final release
+					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
 				'system_allow_error_report_customer' => array(

admin_cronjobs.php

@@ -50,7 +50,8 @@ if ($page == 'cronjobs' || $page == 'overview') {
 
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($cmod != $row['module']) {
-				$module = ucfirst(explode("/", $row['module'])[1]);
+				$_mod = explode("/", $row['module']);
+				$module = ucfirst($_mod[1]);
 				eval("\$crons.=\"" . getTemplate('cronjobs/cronjobs_cronjobmodule') . "\";");
 				$cmod = $row['module'];
 			}

admin_customers.php

@@ -200,7 +200,11 @@ if ($page == 'customers'
 			WHERE `customerid` = :id" .
 			($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid")
 		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid']));
+		$result_data = array('id' => $id);
+		if ($userinfo['customers_see_all'] == '0') {
+			$result_data['adminid'] = $userinfo['adminid'];
+		}
+		$result = Database::pexecute_first($result_stmt, $result_data);
 
 		if ($result['loginname'] != '') {
 

customer_domains.php

@@ -425,7 +425,7 @@ if($page == 'overview') {
 				}
 
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, NULL, true) . makeoption($lng['domain']['homedir'], 1, NULL, true);
-				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 
 				$subdomain_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domains_add.php';
 				$subdomain_add_form = htmlform::genHTMLForm($subdomain_add_data);
@@ -615,14 +615,14 @@ if($page == 'overview') {
 				if(preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
 					if($settings['panel']['pathedit'] == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
-						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 					} else {
 						$urlvalue = '';
-						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot'], true);						
+						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot'], true);
 					}
 				} else {
 					$urlvalue = '';
-					$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot']);
+					$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot']);
 				}
 
 				$redirectcode = '';

customer_extras.php

@@ -41,15 +41,15 @@ if($page == 'overview') {
     $backup_enabled = makeyesno('backup_enabled', '1', '0', $row['backup_enabled']);
 
     if(isset($_POST['send']) && $_POST['send'] == 'send') {
-		$backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0');
-	
+	$backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0');
+
         $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
         	SET `backup_enabled`= :backupenabled
         	WHERE `customerid`= :customerid"
         );
         Database::pexecute($stmt, array("backupenabled" => $backup_enabled, "customerid" => $userinfo['customerid']));
-		
-		redirectTo($filename, Array('page' => $page, 's' => $s));
+
+	redirectTo($filename, Array('page' => $page, 's' => $s));
     }
 
     $backup_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.backup.php';
@@ -57,7 +57,7 @@ if($page == 'overview') {
 
 	$title = $backup_data['backup']['title'];
 	$image = $backup_data['backup']['image'];
-    
+
     eval("echo \"" . getTemplate("extras/backup") . "\";");
 } elseif($page == 'htpasswds') {
 	if($action == '') {
@@ -110,7 +110,7 @@ if($page == 'overview') {
 					AND `id`= :id"
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
-				
+
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 				inserttask('1');
 				redirectTo($filename, Array('page' => $page, 's' => $s));
@@ -130,7 +130,7 @@ if($page == 'overview') {
 			$username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/');
 			$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
 			validate($_POST['directory_password'], 'password');
-			
+
 			$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
 				WHERE `username`= :username
 				AND `path`= :path
@@ -184,7 +184,7 @@ if($page == 'overview') {
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
 		} else {
-			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 
 			$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
 			$htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data);
@@ -213,18 +213,18 @@ if($page == 'overview') {
 				} else {
 					$password = crypt($_POST['directory_password']);
 				}
-				
+
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"id" => $id
 				);
-				
+
 				$pwd_sql = '';
 				if($_POST['directory_password'] != '') {
 					$pwd_sql = "`password`= :password ";
 					$params["password"] = $password;
 				}
-				
+
 				$auth_sql = '';
 				if($authname != $result['authname']) {
 					$auth_sql = "`authname`= :authname ";
@@ -344,7 +344,7 @@ if($page == 'overview') {
 			);
 			Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
 			$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);
-			
+
 			if(!$_POST['path']) {
 				standard_error('invalidpath');
 			}
@@ -353,18 +353,18 @@ if($page == 'overview') {
 				$options_cgi = '1';
 			} else {
 				$options_cgi = '0';
-			} 
+			}
 
 			$error404path = '';
 			if (isset($_POST['error404path'])) {
 				$error404path = correctErrorDocument($_POST['error404path']);
 			}
-			
+
 			$error403path = '';
 			if (isset($_POST['error403path'])) {
 				$error403path = correctErrorDocument($_POST['error403path']);
 			}
-			
+
 			$error500path = '';
 			if (isset($_POST['error500path'])) {
 				$error500path = correctErrorDocument($_POST['error500path']);
@@ -400,7 +400,7 @@ if($page == 'overview') {
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
 		} else {
-			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 			$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 			/*
 			$options_indexes = makeyesno('options_indexes', '1', '0', '0');
@@ -444,8 +444,8 @@ if($page == 'overview') {
 					|| ($error404path != $result['error404path'])
 					|| ($error403path != $result['error403path'])
 					|| ($error500path != $result['error500path'])
-					|| ($options_cgi != $result['options_cgi'])) {
-					
+					|| ($options_cgi != $result['options_cgi'])
+				) {
 					inserttask('1');
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
 						SET `options_indexes` = :options_indexes,
@@ -489,7 +489,7 @@ if($page == 'overview') {
 
 				$htaccess_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_edit.php';
 				$htaccess_edit_form = htmlform::genHTMLForm($htaccess_edit_data);
-	
+
 				$title = $htaccess_edit_data['htaccess_edit']['title'];
 				$image = $htaccess_edit_data['htaccess_edit']['image'];
 
@@ -499,4 +499,3 @@ if($page == 'overview') {
 	}
 }
 
-?>

customer_ftp.php

@@ -38,7 +38,7 @@ if ($page == 'overview') {
 			'homedir' => $lng['panel']['path']
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		
+
 		$result_stmt = Database::prepare("SELECT `id`, `username`, `homedir` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid 
 			AND `username` NOT LIKE '%_backup'" . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
@@ -63,7 +63,7 @@ if ($page == 'overview') {
 				}
 
 				$row['documentroot'] = makeCorrectDir($row['documentroot']);
-				
+
 				$row = htmlentities_array($row);
 				eval("\$accounts.=\"" . getTemplate('ftp/accounts_account') . "\";");
 				$count++;
@@ -80,7 +80,7 @@ if ($page == 'overview') {
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-		
+
 		if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
@@ -98,23 +98,23 @@ if ($page == 'overview') {
 					"username" => $userinfo['loginname']
 				);
 				Database::pexecute($stmt, $params);
-				
+
 				$result_stmt = Database::prepare("SELECT `username`, `homedir` FROM `" . TABLE_FTP_USERS . "`
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
 				Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
 				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-				
+
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name");
 				Database::pexecute($stmt, array("name" => $result['username']));
-				
+
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "`
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
-				
+
 				$stmt = Database::prepare("
 					UPDATE `" . TABLE_FTP_GROUPS . "` SET
 					`members` = REPLACE(`members`, :username,'')
@@ -130,13 +130,13 @@ if ($page == 'overview') {
 				if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
 					inserttask('8', $userinfo['loginname'], $result['homedir']);
 				}
-				
+
 				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
 					SET `ftps_used` = `ftps_used` - 1 $resetaccnumber
 					WHERE `customerid` = :customerid"
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
-				
+
 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
 				ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']);
@@ -170,7 +170,7 @@ if ($page == 'overview') {
 					);
 					Database::pexecute($ftpdomain_check_stmt, array("domain" => $ftpdomain, "customerid" => $userinfo['customerid']));
 					$ftpdomain_check = $ftpdomain_check_stmt->fetch(PDO::FETCH_ASSOC);
-					
+
 					if ($ftpdomain_check['domain'] != $ftpdomain) {
 						standard_error('maindomainnonexist', $domain);
 					}
@@ -178,13 +178,13 @@ if ($page == 'overview') {
 				} else {
 					$username = $userinfo['loginname'] . $settings['customer']['ftpprefix'] . (intval($userinfo['ftp_lastaccountnumber']) + 1);
 				}
-				
+
 				$username_check_stmt = Database::prepare("SELECT * FROM `" . TABLE_FTP_USERS . "`
 					WHERE `username` = :username"
 				);
 				Database::pexecute($username_check_stmt, array("username" => $username));
 				$username_check = $username_check_stmt->fetch(PDO::FETCH_ASSOC);
-				
+
 				if (!empty($username_check) && $username_check['username'] = $username) {
 					standard_error('usernamealreadyexists', $username);
 				} elseif ($password == '') {
@@ -195,7 +195,7 @@ if ($page == 'overview') {
 					$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 
 					$cryptPassword = makeCryptPassword($password);
-					
+
 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
 						(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
 						VALUES (:customerid, :username, :password, :homedir, 'y', :guid, :guid)"
@@ -208,12 +208,12 @@ if ($page == 'overview') {
 						"guid" => $userinfo['guid']
 					);
 					Database::pexecute($stmt, $params);
-					
+
 					$result_stmt = Database::prepare("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "`
 						WHERE `name` = :name"
 					);
 					Database::pexecute($result_stmt, array("name" => $userinfo['loginname']));
-					
+
 					while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 						$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "`
 							(`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) 
@@ -221,7 +221,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($stmt, array("name" => $username, "bytes_in_used" => $row['bytes_in_used']));
 					}
-					
+
 					$stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "`
 						SET `members` = CONCAT_WS(',',`members`, :username)
 						WHERE `customerid`= :customerid
@@ -233,7 +233,7 @@ if ($page == 'overview') {
 						"guid" => $userinfo['guid']
 					);
 					Database::pexecute($stmt, $params);
-					
+
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
 						SET `ftps_used` = `ftps_used` + 1,
 						`ftp_lastaccountnumber` = `ftp_lastaccountnumber` + 1
@@ -252,7 +252,7 @@ if ($page == 'overview') {
 							'USR_PASS' => $password,
 							'USR_PATH' => makeCorrectDir(substr($path, strlen($userinfo['documentroot'])))
 						);
-						
+
 						$def_language = $userinfo['def_language'];
 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 							WHERE `adminid` = :adminid
@@ -263,7 +263,7 @@ if ($page == 'overview') {
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_subject']), $replace_arr));
-						
+
 						$def_language = $userinfo['def_language'];
 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 							WHERE `adminid` = :adminid
@@ -274,7 +274,7 @@ if ($page == 'overview') {
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_body']['main']), $replace_arr));
-						
+
 						$_mailerror = false;
 						try {
 							$mail->Subject = $mail_subject;
@@ -301,7 +301,7 @@ if ($page == 'overview') {
 					redirectTo($filename, Array('page' => $page, 's' => $s));
 				}
 			} else {
-				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], '/');
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], '/');
 
 				if ($settings['customer']['ftpatdomain'] == '1') {
 					$domainlist = array();
@@ -348,7 +348,7 @@ if ($page == 'overview') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');
-				
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -363,14 +363,14 @@ if ($page == 'overview') {
 					}
 					$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
 					$cryptPassword = makeCryptPassword($password);
-					
+
 					$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
 						SET `password` = :password
 						WHERE `customerid` = :customerid
 						AND `id` = :id"
 					);
 					Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id, "password" => $cryptPassword));
-						
+
 					// also update customers backup user password if password of main ftp user is changed
 					if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])) {
 						$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
@@ -386,7 +386,7 @@ if ($page == 'overview') {
 						Database::pexecute($stmt, $params);
 					}
 				}
-				
+
 				if ($path != '') {
 					$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 
@@ -398,7 +398,7 @@ if ($page == 'overview') {
 						}
 
 						$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account homdir for '" . $result['username'] . "'");
-						
+
 						$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
 							SET `homedir` = :homedir
 							WHERE `customerid` = :customerid
@@ -409,7 +409,7 @@ if ($page == 'overview') {
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
-						Database::pexecute($stmt, $params);		
+						Database::pexecute($stmt, $params);
 					}
 				}
 
@@ -422,7 +422,7 @@ if ($page == 'overview') {
 				}
 				$homedir = makeCorrectDir($homedir);
 
-				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $homedir);
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $homedir);
 
 				if ($settings['customer']['ftpatdomain'] == '1') {
 					$domains = '';

install/froxlor.sql

@@ -553,7 +553,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'phpconfigs_hidestdsubdomain', '0'),
 	('panel', 'allow_theme_change_admin', '1'),
 	('panel', 'allow_theme_change_customer', '1'),
-	('panel', 'version', '0.9.31');
+	('panel', 'version', '0.9.31.2');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -763,7 +763,7 @@ CREATE TABLE `panel_phpconfigs` (
 
 
 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
-	(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n');
+(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n'),
 (2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n');
 
 

install/lib/class.FroxlorInstall.php

@@ -908,6 +908,16 @@ class FroxlorInstall {
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}
 
+                // check for curl extension
+                $content .= $this->_status_message('begin', $this->_lng['requirements']['phpcurl']);
+
+                if (!extension_loaded('curl')) {
+                        $content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['curldescription']);
+                } else {
+                        $content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+                }
+
+
 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
 		$php_ob = @ini_get("open_basedir");

install/lng/english.lng.php

@@ -23,7 +23,7 @@ $lng['requirements']['not_true'] = 'no';
 $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
-$lng['requirements']['phpversion'] = 'PHP version >= 5.2';
+$lng['requirements']['phpversion'] = 'PHP version >= 5.3';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off". We have disabled it temporary for now please fix the coresponding php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
@@ -31,7 +31,9 @@ $lng['requirements']['phpxml'] = 'PHP XML-extension...';
 $lng['requirements']['phpfilter'] = 'PHP filter-extension...';
 $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
+$lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['curldescription'] = 'Version-check and news-feed may not work correctly!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';

install/lng/german.lng.php

@@ -23,7 +23,7 @@ $lng['requirements']['not_true'] = 'nein';
 $lng['requirements']['notfound'] = 'nicht gefunden';
 $lng['requirements']['notinstalled'] = 'nicht installiert';
 $lng['requirements']['activated'] = 'ist aktiviert.';
-$lng['requirements']['phpversion'] = 'PHP Version >= 5.2';
+$lng['requirements']['phpversion'] = 'PHP Version >= 5.3';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"). Die Einstellung wurde temporär deaktiviert, bitte ändern Sie diese in der entsprechenden php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
@@ -31,10 +31,12 @@ $lng['requirements']['phpxml'] = 'PHP XML-Erweiterung...';
 $lng['requirements']['phpfilter'] = 'PHP filter-Erweiterung...';
 $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
+$lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['curldescription'] = 'Versions-Prüfung und News-Feed stehen nicht vollständig zur Verfügung!';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
-$lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Versuchen Sie die angezeigten Problem zu beheben und versuchen Sie es erneut.';
+$lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
 $lng['requirements']['froxlor_succ_checks'] = 'Alle Vorraussetzungen sind erfüllt';
 
 $lng['install']['lngtitle'] = 'Froxlor Installation - Sprache auswählen';

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -2570,3 +2570,15 @@ if (isFroxlorVersion('0.9.31-rc3')) {
 	lastStepStatus(0);
 	updateToVersion('0.9.31');
 }
+
+if (isFroxlorVersion('0.9.31')) {
+        showUpdateStep("Updating from 0.9.31 to 0.9.31.1 final", true);
+        lastStepStatus(0);
+        updateToVersion('0.9.31.1');
+}
+
+if (isFroxlorVersion('0.9.31.1')) {
+        showUpdateStep("Updating from 0.9.31.1 to 0.9.31.2 final", true);
+        lastStepStatus(0);
+        updateToVersion('0.9.31.2');
+}

lib/classes/database/class.Database.php

@@ -327,25 +327,57 @@ class Database {
 		@fclose($errlog);
 
 		if ($showerror) {
-			if (!isset($_SERVER['SHELL']) || (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] == '')) {
-				// if we're not on the shell, output a nicer error-message
-				$err_hint = file_get_contents(dirname($sl_dir).'/templates/'.$theme.'/misc/dberrornice.tpl');
-				// replace values
-				$err_hint = str_replace("<TEXT>", $error->getMessage(), $err_hint);
-				$err_hint = str_replace("<DEBUG>", $error->getTraceAsString(), $err_hint);
 
-				$err_report_html = '';
-				if (is_array($userinfo) && (
-					($userinfo['adminsession'] == '1' && $settings['system']['allow_error_report_admin'] == '1')
-					|| ($userinfo['adminsession'] == '0' && $settings['system']['allow_error_report_customer'] == '1'))
-				) {
-					$err_report_html = '<a href="<LINK>" title="Click here to report error">Report error</a>';
-					$err_report_html = str_replace("<LINK>", $linker->getLink(array('section' => 'index', 'page' => 'send_error_report', 'errorid' => $errid)), $err_report_html);
+			// include userdata.inc.php
+			require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
+
+			// le format
+			if (self::$_needroot == true
+				&& isset($sql['root_user'])
+				&& isset($sql['root_password'])
+				&& (!isset($sql_root) || !is_array($sql_root))
+			) {
+				$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
+			}
+
+			// hide username/password in messages
+			$error_message = $error->getMessage();
+			$error_trace = $error->getTraceAsString();
+			// error-message
+			$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
+			$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
+			// error-trace
+			$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
+			$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
+
+			// clean up sensitive data
+			unset($sql);
+			unset($sql_root);
+
+			if ((isset($theme) && $theme != '')
+				&& !isset($_SERVER['SHELL']) || (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] == '')
+			) {
+				// if we're not on the shell, output a nice error
+				$_errtpl = dirname($sl_dir).'/templates/'.$theme.'/misc/dberrornice.tpl';
+				if (file_exists($_errtpl)) {
+					$err_hint = file_get_contents($_errtpl);
+					// replace values
+					$err_hint = str_replace("<TEXT>", $error_message, $err_hint);
+					$err_hint = str_replace("<DEBUG>", $error_trace, $err_hint);
+
+					$err_report_html = '';
+					if (is_array($userinfo) && (
+						($userinfo['adminsession'] == '1' && $settings['system']['allow_error_report_admin'] == '1')
+						|| ($userinfo['adminsession'] == '0' && $settings['system']['allow_error_report_customer'] == '1'))
+					) {
+						$err_report_html = '<a href="<LINK>" title="Click here to report error">Report error</a>';
+						$err_report_html = str_replace("<LINK>", $linker->getLink(array('section' => 'index', 'page' => 'send_error_report', 'errorid' => $errid)), $err_report_html);
+					}
+					$err_hint = str_replace("<REPORT>", $err_report_html, $err_hint);
+
+					// show
+					die($err_hint);
 				}
-				$err_hint = str_replace("<REPORT>", $err_report_html, $err_hint);
-
-				// show
-				die($err_hint);
 			}
 			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in in the sql-error.log in the logs/ directory");
 		}

lib/tables.inc.php

@@ -72,6 +72,6 @@ define('PACKAGE_LOCKED', 1);
 define('PACKAGE_ENABLED', 2);
 
 // VERSION INFO
-$version = '0.9.31';
+$version = '0.9.31.2';
 $dbversion = '2';
 $branding = '';

templates/misc/configfiles/debian_squeeze/dovecot/etc_dovecot_dovecot.conf

@@ -1,4 +1,4 @@
-#protocols = imap pop3 <SSLPROTOCOLS>
+protocols = imap pop3 <SSLPROTOCOLS>
 listen = *
 mail_access_groups = vmail
 mail_debug = no

templates/misc/configfiles/debian_wheezy/dovecot/etc_dovecot_conf.d_15-lda.conf

@@ -4,7 +4,7 @@
 
 # Address to use when sending rejection mails.
 # Default is postmaster@<your domain>.
-#postmaster_address = postmaster@<SERVERNAME>
+postmaster_address = postmaster@<SERVERNAME>
 
 # Hostname to use in various parts of sent mails, eg. in Message-Id.
 # Default is the system's real hostname.