//** Check for current service config state and compare to our results
if($conf['mysql']['master_slave_setup']=='y')$current_svc_config=$inst->dbmaster->queryOneRecord("SELECT mail_server,web_server,dns_server,xmpp_server,firewall_server,vserver_server,db_server FROM ?? WHERE server_id=?",$conf['mysql']['master_database'].'.server',$conf['server_id']);
else$current_svc_config=$inst->db->queryOneRecord("SELECT mail_server,web_server,dns_server,xmpp_server,firewall_server,vserver_server,db_server FROM ?? WHERE server_id=?",$conf["mysql"]["database"].'.server',$conf['server_id']);
if($conf['mysql']['master_slave_setup']=='y')$current_svc_config=$inst->dbmaster->queryOneRecord("SELECT mail_server,web_server,dns_server,firewall_server,db_server FROM ?? WHERE server_id=?",$conf['mysql']['master_database'].'.server',$conf['server_id']);
else$current_svc_config=$inst->db->queryOneRecord("SELECT mail_server,web_server,dns_server,firewall_server,db_server FROM ?? WHERE server_id=?",$conf["mysql"]["database"].'.server',$conf['server_id']);
$conf['services']['db']=check_service_config_state('db_server',true);/* Will always offer as MySQL is of course installed on this host as it's a requirement for ISPC to work... */
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename))$app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field))$app->error('Invalid index field '.$index_field.' in table '.$tablename);
$old_rec=$this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?",$tablename,$index_field,$index_value);
if(is_array($update_data)){
...
...
@@ -723,7 +810,7 @@ class db {
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename))$app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field))$app->error('Invalid index field '.$index_field.' in table '.$tablename);
$old_rec=$this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?",$tablename,$index_field,$index_value);
$this->query("DELETE FROM ?? WHERE ?? = ?",$tablename,$index_field,$index_value);
$new_rec=array();
...
...
@@ -732,13 +819,20 @@ class db {
returntrue;
}
//** Deletes a record and saves the changes into the datalog
publicfunctiondatalogError($errormsg){
global$app;
if(isset($app->modules->current_datalog_id)&&$app->modules->current_datalog_id>0)$this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?",$errormsg,$app->modules->current_datalog_id);
returntrue;
}
//* get the current datalog status for the specified login (or currently logged in user)
publicfunctiondatalogStatus($login=''){
global$app;
$return=array('count'=>0,'entries'=>array());
//if($_SESSION['s']['user']['typ'] == 'admin') return $return; // these information should not be displayed to admin users
// removed in favor of new non intrusive datalogstatus notification header
if($login==''&&isset($_SESSION['s']['user'])){
$login=$_SESSION['s']['user']['username'];
...
...
@@ -747,14 +841,24 @@ class db {
$result=$this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action",$login);
foreach($resultas$row){
if(!$row['dbtable']||in_array($row['dbtable'],array('aps_instances','aps_instances_settings','mail_access','mail_content_filter')))continue;// ignore some entries, maybe more to come
$results=$groupid!=1?$app->db->queryAllRecords("SELECT rr.data AS server_ip, rr.name as server_name, soa.origin as domain FROM dns_rr as rr, dns_soa as soa WHERE (rr.type = 'A' OR rr.type = 'AAAA') AND soa.id = rr.zone AND rr.sys_groupid = ?",$groupid):$results=$app->db->queryAllRecords("SELECT rr.data AS server_ip, rr.name as server_name, soa.origin as domain FROM dns_rr as rr, dns_soa as soa WHERE (rr.type = 'A' OR rr.type = 'AAAA') AND soa.id = rr.zone");
$results=$groupid!=1?$app->db->queryAllRecords("SELECT database_name as name,remote_ips as ip FROM web_database WHERE remote_ips != '' AND sys_groupid = ?",$groupid):$results=$app->db->queryAllRecords("SELECT database_name as name,remote_ips as ip FROM web_database WHERE remote_ips != ''");
...
...
@@ -513,6 +513,29 @@ class functions {
return$out;
}
// Function to check paths before we use it as include. Use with absolute paths only.
publicfunctioncheck_include_path($path){
if(strpos($path,'//')!==false)die('Include path seems to be an URL: '.$this->htmlentities($path));
if(strpos($path,'..')!==false)die('Two dots are not allowed in include path: '.$this->htmlentities($path));
if(!preg_match("/^[a-zA-Z0-9_\/\.\-]+$/",$path))die('Wrong chars in include path: '.$this->htmlentities($path));
$path=realpath($path);
if($path=='')die('Include path does not exist.');
if(substr($path,0,strlen(ISPC_ROOT_PATH))!=ISPC_ROOT_PATH)die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.');
return$path;
}
// Function to check language strings
publicfunctioncheck_language($language){
global$app;
if(preg_match('/^[a-z]{2}$/',$language)){
return$language;
}else{
$app->log('Wrong language string: '.$this->htmlentities($language),1);