From ac15a401b0f50f055c9a724d86528b9e642e5db4 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Sat, 13 Apr 2024 19:20:49 +0200
Subject: [PATCH 1/2] Preserve other DKIM keys while updating, #6688

---
 interface/web/mail/mail_domain_edit.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index c822c9f27a..ba5c59a27b 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -699,7 +699,7 @@ class page_action extends tform_actions {
 			if ( ($selector || $dkim_private || $dkim_active) && $dkim_active )
 				//* create a new record only if the dns-zone exists
 				if ( isset($soa) && !empty($soa) ) {
-					$this->update_dns($this->dataRecord, $soa);
+					$this->update_dns($this->dataRecord, $soa, $this->oldDataRecord);
 				}
 			if (! $dkim_active) {
 				// updated existing dmarc-record to policy 'none'
@@ -718,15 +718,17 @@ class page_action extends tform_actions {
 
 	}
 
-	private function update_dns($dataRecord, $new_rr) {
+	private function update_dns($dataRecord, $new_rr, $oldDataRecord = null) {
 		global $app, $conf;
 
-		// purge old rr-record(s)
-		$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
-		$rec = $app->db->queryAllRecords($sql, '%._domainkey.'.$dataRecord['domain'].'.');
-		if(is_array($rec)) {
-			foreach($rec as $r) {
-				$app->db->datalogDelete('dns_rr', 'id', $r['id']);
+		// Purge old rr-record, incase the selector or domain changed.
+		if (!empty($oldDataRecord)) {
+			$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
+			$rec = $app->db->queryAllRecords($sql, $oldDataRecord['dkim_selector'].'._domainkey.'.$oldDataRecord['domain'].'.');
+			if(is_array($rec)) {
+				foreach($rec as $r) {
+					$app->db->datalogDelete('dns_rr', 'id', $r['id']);
+				}
 			}
 		}
 
-- 
GitLab


From 58d622a5d85e32a7e854de1b46d0a9d9f7dc37d6 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Sat, 13 Apr 2024 20:39:22 +0200
Subject: [PATCH 2/2] Remove broken code

This has never worked, missing a '=' in `name ?` results in a query failure.
---
 interface/web/mail/mail_domain_edit.php | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index ba5c59a27b..a22e7fc5dc 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -732,13 +732,6 @@ class page_action extends tform_actions {
 			}
 		}
 
-		// also delete a dsn-records with same selector
-		$sql = "SELECT * from dns_rr WHERE name ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r');
-		$rec = $app->db->queryAllRecords($sql, '._domainkey.'.$dataRecord['dkim_selector'].'.', $dataRecord['domain']);
-		if (is_array($rec))
-			foreach ($rec as $del)
-				$app->db->datalogDelete('dns_rr', 'id', $del['id']);
-
 		$new_rr['name'] = $dataRecord['dkim_selector'].'._domainkey.'.$dataRecord['domain'].'.';
 		$new_rr['type'] = 'TXT';
 		$new_rr['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $this->dataRecord['dkim_public']);
-- 
GitLab