From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001 From: ftimme Date: Wed, 30 May 2012 11:30:44 +0000 Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons). --- interface/web/client/client_message.php | 19 +++++++++++++++++-- .../web/client/lib/lang/de_client_message.lng | 1 + .../web/client/lib/lang/en_client_message.lng | 1 + .../web/client/templates/client_message.htm | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php index f64814ec1..496ee7468 100644 --- a/interface/web/client/client_message.php +++ b/interface/web/client/client_message.php @@ -88,10 +88,14 @@ if(isset($_POST) && count($_POST) > 1) { if(is_array($clients)) { $msg = $wb['email_sent_to_txt'].' '; foreach($clients as $client) { - //* Parse cleint details into message + //* Parse client details into message $message = $_POST['message']; foreach($client as $key => $val) { - $message = str_replace('{'.$key.'}', $val, $message); + if($key != 'password'){ + $message = str_replace('{'.$key.'}', $val, $message); + } else { + $message = str_replace('{'.$key.'}', '---', $message); + } } //* Send the email @@ -135,6 +139,17 @@ if($_SESSION["s"]["user"]["typ"] == 'admin'){ $app->tpl->setVar('form_legend_txt',$wb['form_legend_client_txt']); } +//message variables +$message_variables = ''; +$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional') AND Field NOT LIKE 'limit_%'"; +$field_names = $app->db->queryAllRecords($sql); +if(!empty($field_names) && is_array($field_names)){ + foreach($field_names as $field_name){ + if($field_name['Field'] != '') $message_variables .= '{'.$field_name['Field'].'} '; + } +} +$app->tpl->setVar('message_variables',trim($message_variables)); + $app->tpl->setVar('okmsg',$msg); $app->tpl->setVar('error',$error); diff --git a/interface/web/client/lib/lang/de_client_message.lng b/interface/web/client/lib/lang/de_client_message.lng index ffc297525..ffe5f6235 100644 --- a/interface/web/client/lib/lang/de_client_message.lng +++ b/interface/web/client/lib/lang/de_client_message.lng @@ -13,4 +13,5 @@ $wb["email_sent_to_txt"] = 'E-Mail verschickt an:'; $wb["recipient_txt"] = 'Empfänger'; $wb["all_clients_resellers_txt"] = 'Alle Kunden und Reseller'; $wb["all_clients_txt"] = 'Alle Kunden'; +$wb["variables_txt"] = 'Variablen:'; ?> diff --git a/interface/web/client/lib/lang/en_client_message.lng b/interface/web/client/lib/lang/en_client_message.lng index e3f603e4c..bfa42eae8 100644 --- a/interface/web/client/lib/lang/en_client_message.lng +++ b/interface/web/client/lib/lang/en_client_message.lng @@ -13,4 +13,5 @@ $wb["email_sent_to_txt"] = 'Email sent to:'; $wb["recipient_txt"] = 'Recipient'; $wb["all_clients_resellers_txt"] = 'All clients and resellers'; $wb["all_clients_txt"] = 'All clients'; +$wb["variables_txt"] = 'Variables:'; ?> diff --git a/interface/web/client/templates/client_message.htm b/interface/web/client/templates/client_message.htm index d8fdb1c03..46ab039af 100644 --- a/interface/web/client/templates/client_message.htm +++ b/interface/web/client/templates/client_message.htm @@ -26,7 +26,7 @@
- +  {tmpl_var name="variables_txt"} {tmpl_var name="message_variables"}
-- GitLab