Bugfix: SMTP password was visible in html source

Bugfix: Show error message on smtp enabled without administrator mail / name

Bugfix: SMTP password was visible in html source
7b17e453 · mcramer · 147b6f7e · 7b17e453 · 7b17e453 · 7b17e453
Commit 7b17e453 authored 12 years ago by mcramer
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
 <?php
 $wb['system_config_desc_txt'] = '';
+$wb['smtp_missing_admin_mail_txt'] = 'Bitte geben Sie die Administrator E-Mail und den Namen ein, wenn Sie SMTP Versand nutzen wollen.';
 $wb['warning'] = 'Bearbeiten Sie diese Werte sorgfältig! Entfernen Sie die Prefixe nicht auf Systemen mit mehr als einem Client.';
 $wb['dbname_prefix_txt'] = 'Datenbanknamen Prefix';
 $wb['dbuser_prefix_txt'] = 'Datenbankbenutzer Prefix';

--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
 <?php
 $wb['system_config_desc_txt'] = '';
+$wb['smtp_missing_admin_mail_txt'] = 'Please enter the admin name and admin mail address if you want to use smtp mail sending.';
 $wb['dashboard_atom_url_admin_txt'] = 'Dashboard atom feed URL (admin)';
 $wb['dashboard_atom_url_reseller_txt'] = 'Dashboard atom feed URL (reseller)';
 $wb['dashboard_atom_url_client_txt'] = 'Dashboard atom feed URL (client)';

--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -77,6 +77,25 @@ class page_action extends tform_actions {
 		$app->tpl->setVar($record);
 	}
 	
+    function onSubmit() {
+        global $app;
+        
+        $app->uses('ini_parser,getconf');
+		
+        $section = $app->tform->getCurrentTab();
+		
+		$server_config_array = $app->getconf->get_global_config();
+		$new_config = $app->tform->encode($this->dataRecord,$section);
+        if($section == 'mail') {
+            if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
+            if($new_config['smtp_enabled'] == 'y' && ($new_config['admin_mail'] == '' || $new_config['admin_name'] == '')) {
+                $app->tform->errorMessage .= $app->tform->lng("smtp_missing_admin_mail_txt");
+            }
+        }
+        
+        parent::onSubmit();
+    }
+    
 	function onUpdateSave($sql) {
 		global $app,$conf;
 		
@@ -85,7 +104,6 @@ class page_action extends tform_actions {
 		
 		$section = $app->tform->getCurrentTab();
 		
-        
 		$server_config_array = $app->getconf->get_global_config();
 		$new_config = $app->tform->encode($this->dataRecord,$section);
        if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['vhost_subdomains'] == 'y') {
@@ -94,6 +112,8 @@ class page_action extends tform_actions {
            if($check['cnt'] > 0) {
                $new_config['vhost_subdomains'] = 'y';
            }
+        } elseif($section == 'mail') {
+            if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
        }
        $server_config_array[$section] = $new_config;
 		$server_config_str = $app->ini_parser->get_ini_string($server_config_array);

--- a/interface/web/admin/templates/system_config_mail_edit.htm
+++ b/interface/web/admin/templates/system_config_mail_edit.htm
@@ -59,7 +59,7 @@
            </div>
            <div class="ctrlHolder">
                <label for="smtp_pass">{tmpl_var name='smtp_pass_txt'}</label>
-                <input name="smtp_pass" id="smtp_pass" value="{tmpl_var name='smtp_pass'}" size="30" maxlength="255" type="password" class="textInput" />
+                <input name="smtp_pass" id="smtp_pass" value="" size="30" maxlength="255" type="password" class="textInput" />
            </div>
            <div class="ctrlHolder">
                <p class="label">{tmpl_var name='smtp_crypt_txt'}</p>