"; //* Stop on error while preparing the sql query @@ -238,7 +231,7 @@ class remoting { /* copied from the client_edit php */ exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); - $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id); + $app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id); exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub'); @@ -251,10 +244,10 @@ class remoting { $app->remoting_lib->ispconfig_sysuser_add($params, $insert_id); if($reseller_id) { - $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ".$insert_id); - $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$reseller_id); + $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id); + $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id); $app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']); - $app->db->query("UPDATE client SET parent_client_id = ".$reseller_id." WHERE client_id = ".$insert_id); + $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id); } } @@ -347,6 +340,7 @@ class remoting { //* Get the SQL query $sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id); + // throw new SoapFault('debug', $sql); if($app->remoting_lib->errorMessage != '') { throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); @@ -473,11 +467,8 @@ class remoting { return false; } - $session_id = $app->db->quote($session_id); - - $now = time(); - $sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now"; - $session = $app->db->queryOneRecord($sql); + $sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()"; + $session = $app->db->queryOneRecord($sql, $session_id); if($session['remote_userid'] > 0) { return $session; } else { diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php index 0d89c1f1a13bb4f7f7d56ba7b7bcf724f934fabe..9ee3ca547c2d11cf0e9b89f7cbaac4251435f071 100644 --- a/interface/lib/classes/remoting_lib.inc.php +++ b/interface/lib/classes/remoting_lib.inc.php @@ -110,7 +110,7 @@ class remoting_lib extends tform_base { if(isset($_SESSION['client_login']) && isset($_SESSION['client_sys_userid']) && $_SESSION['client_login'] == 1) { $client_sys_userid = $app->functions->intval($_SESSION['client_sys_userid']); - $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = " . $client_sys_userid); + $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = ?", $client_sys_userid); $this->client_id = $client['client_id']; $client_login = true; @@ -125,23 +125,11 @@ class remoting_lib extends tform_base { $this->sys_groups = 1; $_SESSION["s"]["user"]["typ"] = 'admin'; } else { - //* load system user - try with sysuser and before with userid (workarrond) - /* - $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id"); - if(empty($user["userid"])) { - $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id"); - if(empty($user["userid"])) { - $this->errorMessage .= "No sysuser with the ID $client_id found."; - return false; - } - }*/ - - $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id"); + $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id); $this->sys_username = $user['username']; $this->sys_userid = $user['userid']; $this->sys_default_group = $user['default_group']; $this->sys_groups = $user['groups']; - // $_SESSION["s"]["user"]["typ"] = $user['typ']; // we have to force admin priveliges for the remoting API as some function calls might fail otherwise. if($client_login == false) $_SESSION["s"]["user"]["typ"] = 'admin'; } @@ -239,8 +227,8 @@ class remoting_lib extends tform_base { return parent::getDataRecord($primary_id); } elseif($primary_id == -1) { // Return a array with all records - $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape; - return $app->db->queryAllRecords($sql); + $sql = "SELECT * FROM ??"; + return $app->db->queryAllRecords($sql, $this->formDef['db_table']); } else { throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.'); return array(); @@ -250,22 +238,23 @@ class remoting_lib extends tform_base { $sql_offset = 0; $sql_limit = 0; $sql_where = ''; + $params = array($this->formDef['db_table']); foreach($primary_id as $key => $val) { - $key = $app->db->quote($key); - $val = $app->db->quote($val); if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val); elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val); elseif(stristr($val, '%')) { - $sql_where .= "$key like '$val' AND "; + $sql_where .= "? like ? AND "; } else { - $sql_where .= "$key = '$val' AND "; + $sql_where .= "? = ? AND "; } + $params[] = $key; + $params[] = $val; } $sql_where = substr($sql_where, 0, -5); if($sql_where == '') $sql_where = '1'; - $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']); + $sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']); if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit; - return $app->db->queryAllRecords($sql); + return $app->db->queryAllRecords($sql, true, $params); } else { $this->errorMessage = 'The ID must be either an integer or an array.'; return array(); @@ -274,12 +263,12 @@ class remoting_lib extends tform_base { function ispconfig_sysuser_add($params, $insert_id){ global $conf, $app, $sql1; - $username = $app->db->quote($params["username"]); - $password = $app->db->quote($params["password"]); + $username = $params["username"]; + $password = $params["password"]; if(!isset($params['modules'])) { $modules = $conf['interface_modules_enabled']; } else { - $modules = $app->db->quote($params['modules']); + $modules = $params['modules']; } if(isset($params['limit_client']) && $params['limit_client'] > 0) { $modules .= ',client'; @@ -288,44 +277,51 @@ class remoting_lib extends tform_base { if(!isset($params['startmodule'])) { $startmodule = 'dashboard'; } else { - $startmodule = $app->db->quote($params["startmodule"]); + $startmodule = $params["startmodule"]; if(!preg_match('/'.$startmodule.'/', $modules)) { $_modules = explode(',', $modules); $startmodule=$_modules[0]; } } - $usertheme = $app->db->quote($params["usertheme"]); + $usertheme = $params["usertheme"]; $type = 'user'; $active = 1; $insert_id = $app->functions->intval($insert_id); - $language = $app->db->quote($params["language"]); - $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid'); + $language = $params["language"]; + $groupid = $app->db->datalogInsert('sys_group', array("name" => $username, "description" => "", "client_id" => $insert_id), 'groupid'); $groups = $groupid; if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password)); $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) - VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)"; - $app->db->query($sql1); + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; + $app->db->query($sql1, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$insert_id); } function ispconfig_sysuser_update($params, $client_id){ global $app; - $username = $app->db->quote($params["username"]); - $clear_password = $app->db->quote($params["password"]); + $username = $params["username"]; + $clear_password = $params["password"]; $client_id = $app->functions->intval($client_id); if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password)); else $password = $clear_password; - if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ; - $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id"; - $app->db->query($sql); + $params = array($username); + if ($clear_password) { + $pwstring = ", passwort = ?"; + $params[] = $password; + } else { + $pwstring ="" ; + } + $params[] = $client_id; + $sql = "UPDATE sys_user set username = ? $pwstring WHERE client_id = ?"; + $app->db->query($sql, true, $params); } function ispconfig_sysuser_delete($client_id){ global $app; $client_id = $app->functions->intval($client_id); - $sql = "DELETE FROM sys_user WHERE client_id = $client_id"; - $app->db->query($sql); - $sql = "DELETE FROM sys_group WHERE client_id = $client_id"; - $app->db->query($sql); + $sql = "DELETE FROM sys_user WHERE client_id = ?"; + $app->db->query($sql, $client_id); + $sql = "DELETE FROM sys_group WHERE client_id = ?"; + $app->db->query($sql, $client_id); } } diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php index cfa8f283601324f93861de938454d8b5cc635279..0a290c1d699bcae630af474c76190d92f5ec1d42 100644 --- a/interface/lib/classes/searchform.inc.php +++ b/interface/lib/classes/searchform.inc.php @@ -177,7 +177,7 @@ class searchform { if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0; $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page; - $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where"); + $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ?? WHERE $sql_where", $table); $pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page); $vars['list_file'] = $this->listDef['file']; @@ -247,7 +247,7 @@ class searchform { $list_name = $this->listDef['name']; $settings = $_SESSION['search'][$list_name]; unset($settings['page']); - $data = $app->db->quote(serialize($settings)); + $data = serialize($settings); $userid = $_SESSION['s']['user']['userid']; $groupid = $_SESSION['s']['user']['default_group']; @@ -260,9 +260,8 @@ class searchform { $sql = 'INSERT INTO `searchform` ( ' .'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` ' - .')VALUES (' - ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')"; - $app->db->query($sql); + .')VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)'; + $app->db->query($sql, $userid, $groupid, $sys_perm_user, $sys_perm_group, $sys_perm_other, $module, $searchform, $title, $data); } public function decode($record) @@ -303,6 +302,7 @@ class searchform { return $record; } + /* TODO: check for double quoting mysql value */ public function encode($record) { global $app; diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php index 8b3a7cffc4b530136d472cbe4b7510a5cfbc3df8..bef2a1037838b2c3253c771b3b5d280b21ad49b9 100644 --- a/interface/lib/classes/session.inc.php +++ b/interface/lib/classes/session.inc.php @@ -66,9 +66,9 @@ class session { function read ($session_id) { if($this->timeout > 0) { - $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))"); + $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout); } else { - $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'"); + $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id); } if (is_array($rec)) { @@ -87,23 +87,18 @@ class session { // Dont write session_data to DB if session data has not been changed after reading it. if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) { - $session_id = $this->db->quote($session_id); - $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = '$session_id'"); + $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id); return true; } if (@$this->session_array['session_id'] == '') { - $session_id = $this->db->quote($session_id); - $session_data = $this->db->quote($session_data); - $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id',NOW(),NOW(),'$session_data','" . ($this->permanent ? 'y' : 'n') . "')"; - $this->db->query($sql); + $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),'$session_data',?)"; + $this->db->query($sql, $session_id, ($this->permanent ? 'y' : 'n')); } else { - $session_id = $this->db->quote($session_id); - $session_data = $this->db->quote($session_data); - $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'"; - $this->db->query($sql); + $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?"; + $this->db->query($sql, $session_data, $session_id); } @@ -112,25 +107,20 @@ class session { function destroy ($session_id) { - $session_id = $this->db->quote($session_id); - $sql = "DELETE FROM sys_session WHERE session_id = '$session_id'"; - $this->db->query($sql); + $sql = "DELETE FROM sys_session WHERE session_id = ?"; + $this->db->query($sql, $session_id); return true; } function gc ($max_lifetime) { - /*if($this->timeout > 0) { - $this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)"); - } else {*/ - $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($max_lifetime) . " SECOND) AND `permanent` != 'y'"; - $this->db->query($sql); + $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'"; + $this->db->query($sql, intval($max_lifetime)); - /* delete very old even if they are permanent */ - $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)"; - $this->db->query($sql); - //} + /* delete very old even if they are permanent */ + $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)"; + $this->db->query($sql); return true; diff --git a/interface/lib/classes/sites_database_plugin.inc.php b/interface/lib/classes/sites_database_plugin.inc.php index bf53c61fadbc5d6494a99da32ff3943b7244ceff..89cb7ce9c278a649d610a2a8ef4891cafbb47ebd 100644 --- a/interface/lib/classes/sites_database_plugin.inc.php +++ b/interface/lib/classes/sites_database_plugin.inc.php @@ -40,15 +40,15 @@ class sites_database_plugin { global $app; if($form_page->dataRecord["parent_domain_id"] > 0) { - $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($form_page->dataRecord["parent_domain_id"])); + $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $form_page->dataRecord["parent_domain_id"]); //* The Database user shall be owned by the same group then the website $sys_groupid = $app->functions->intval($web['sys_groupid']); - $backup_interval = $app->db->quote($web['backup_interval']); + $backup_interval = $web['backup_interval']; $backup_copies = $app->functions->intval($web['backup_copies']); - $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$form_page->id; - $app->db->query($sql); + $sql = "UPDATE web_database SET sys_groupid = ?, backup_interval = ?, backup_copies = ? WHERE database_id = ?"; + $app->db->query($sql, $sys_groupid, $backup_interval, $backup_copies, $form_page->id); } } diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 7912f537dc78bb762ba11650ab2cd7b3ad2638f9..30a71db6391d42e075ccd17cdd951176d4cc0b79 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -79,8 +79,8 @@ class tform extends tform_base { $escape = '`'; } - $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm); - if($record = $app->db->queryOneRecord($sql)) { + $sql = "SELECT ?? FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL($perm); + if($record = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], $this->formDef['db_table_idx'], $record_id)) { return true; } else { return false; @@ -133,8 +133,8 @@ class tform extends tform_base { $escape = '`'; } - $sql = "SELECT sys_userid FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; - $record = $app->db->queryOneRecord($sql); + $sql = "SELECT sys_userid FROM ?? WHERE ?? = ?"; + $record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id); // return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record. if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) { @@ -161,18 +161,17 @@ class tform extends tform_base { global $app; $check_passed = true; - $limit_name = $app->db->quote($limit_name); if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); // Get the limits of the client that is currently logged in $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT ?? as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $limit_name, $client_group_id); // Check if the user may add another item if($client["number"] >= 0) { - $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE ".$this->getAuthSQL('u'); + $sql = "SELECT count(??) as number FROM ?? WHERE ".$this->getAuthSQL('u'); if($sql_where != '') $sql .= ' and '.$sql_where; - $tmp = $app->db->queryOneRecord($sql); + $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table']); if($tmp["number"] >= $client["number"]) $check_passed = false; } @@ -183,30 +182,29 @@ class tform extends tform_base { global $app; $check_passed = true; - $limit_name = $app->db->quote($limit_name); if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); // Get the limits of the client that is currently logged in $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); //* If the client belongs to a reseller, we will check against the reseller Limit too if($client['parent_client_id'] != 0) { //* first we need to know the groups of this reseller - $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']); + $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']); $reseller_groups = $tmp["groups"]; $reseller_userid = $tmp["userid"]; // Get the limits of the reseller of the logged in client $client_group_id = $_SESSION["s"]["user"]["default_group"]; - $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ".$client['parent_client_id']); + $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ?", $client['parent_client_id']); // Check if the user may add another item if($reseller["number"] >= 0) { - $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE (sys_groupid IN (".$reseller_groups.") or sys_userid = ".$reseller_userid.")"; + $sql = "SELECT count(??) as number FROM ?? WHERE (sys_groupid IN ? or sys_userid = ?)"; if($sql_where != '') $sql .= ' and '.$sql_where; - $tmp = $app->db->queryOneRecord($sql); + $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], explode(',', $reseller_groups), $reseller_userid); if($tmp["number"] >= $reseller["number"]) $check_passed = false; } } diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index dfc943c8822a33039ea0cd82cf7e4a65a171fc2d..f172fea1f4c5fceb824281c8e1b54ee7cc6b3446 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -82,7 +82,7 @@ class tform_actions { // check if the client is locked - he may not change anything, then. if(!$app->auth->is_admin()) { $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id)); + $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); if(is_array($client) && $client['locked'] == 'y') { $app->tform->errorMessage .= $app->lng("client_you_are_locked")."
"; } @@ -311,7 +311,6 @@ class tform_actions { if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission')); } - //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id); $this->dataRecord = $app->tform->getDataRecord($this->id); $app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_check_delete', $this); @@ -324,7 +323,7 @@ class tform_actions { $app->tform->datalogSave('DELETE', $this->id, $this->dataRecord, array()); } - $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1"); + $app->db->query("DELETE FROM ?? WHERE ?? = ? LIMIT 1", $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id); // loading plugins @@ -379,11 +378,11 @@ class tform_actions { $app->tpl->setInclude("content_tpl", $app->tform->formDef['template_print']); if($app->tform->formDef['auth'] == 'no') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + $sql = "SELECT * FROM ?? WHERE ?? = ?"; } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r'); + $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r'); } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission')); $record["datum"] = date("d.m.Y"); @@ -423,11 +422,11 @@ class tform_actions { $app->tpl->setInclude("content_tpl", $app->tform->formDef['template_mailsend']); $app->tpl->setVar('show_mail', 1); if($app->tform->formDef['auth'] == 'no') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + $sql = "SELECT * FROM ?? WHERE ?? = ?"; } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r'); + $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r'); } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission')); $record["datum"] = date("d.m.Y"); $record["mailmessage"] = $_POST["message"]; @@ -459,11 +458,11 @@ class tform_actions { if($app->tform->formDef['auth'] == 'no') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + $sql = "SELECT * FROM ?? WHERE ?? = ?"; } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r'); + $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r'); } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission')); $record["datum"] = date("d.m.Y"); @@ -560,11 +559,11 @@ class tform_actions { // bestehenden Datensatz anzeigen if($app->tform->errorMessage == '') { if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r'); + $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r'); } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + $sql = "SELECT * FROM ?? WHERE ?? = ?"; } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission')); } else { // $record = $app->tform->encode($_POST,$this->active_tab); $record = $app->tform->encode($this->dataRecord, $this->active_tab, false); diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php index e27940d4f5c0270eaea15d4e5c02528cb9f1419a..fb943c50b464b17d95a0aa108d02ff87e9dcfc9c 100644 --- a/interface/lib/classes/tform_base.inc.php +++ b/interface/lib/classes/tform_base.inc.php @@ -347,7 +347,7 @@ class tform_base { return $values; } else { $client_group_id = $_SESSION["s"]["user"]["default_group"]; - $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); $allowed = explode(',', $client['lm']); } } @@ -359,19 +359,19 @@ class tform_base { } else { //* Get the limits of the client that is currently logged in $client_group_id = $_SESSION["s"]["user"]["default_group"]; - $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); //echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"; //* If the client belongs to a reseller, we will check against the reseller Limit too if($client['parent_client_id'] != 0) { //* first we need to know the groups of this reseller - $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']); + $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']); $reseller_groups = $tmp["groups"]; $reseller_userid = $tmp["userid"]; // Get the limits of the reseller of the logged in client $client_group_id = $_SESSION["s"]["user"]["default_group"]; - $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ".$client['parent_client_id']); + $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ?", $client['parent_client_id']); $allowed = explode(',', $reseller['lm']); } else { return $values; @@ -810,6 +810,9 @@ class tform_base { case 'IDNTOUTF8': $returnval = $app->functions->idn_decode($returnval); break; + case 'TRIM': + $returnval = trim($returnval); + break; default: $this->errorMessage .= "Unknown Filter: ".$filter['type']; break; @@ -853,7 +856,7 @@ class tform_base { if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n'; if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){ if($this->action == 'NEW') { - $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); + $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ?", $this->formDef['db_table'], $field_name, $field_value); if($num_rec["number"] > 0) { $errmsg = $validator['errmsg']; if(isset($this->wordbook[$errmsg])) { @@ -863,7 +866,7 @@ class tform_base { } } } else { - $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); + $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ? AND ?? != ?", $this->formDef['db_table'], $field_name, $field_value, $this->formDef['db_table_idx'], $this->primary_id); if($num_rec["number"] > 0) { $errmsg = $validator['errmsg']; if(isset($this->wordbook[$errmsg])) { @@ -1108,6 +1111,7 @@ class tform_base { * @param primary_id * @return record */ + /* TODO: check for double quoting */ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) { global $app; @@ -1139,7 +1143,7 @@ class tform_base { $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { - $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); + $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key])); $record[$key] = $tmp['crypted']; $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } else { @@ -1167,7 +1171,7 @@ class tform_base { $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { - $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); + $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key])); $record[$key] = $tmp['crypted']; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } else { @@ -1359,8 +1363,8 @@ class tform_base { function getDataRecord($primary_id) { global $app; $escape = '`'; - $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']); - return $app->db->queryOneRecord($sql); + $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']); + return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id); } diff --git a/interface/lib/classes/tools_monitor.inc.php b/interface/lib/classes/tools_monitor.inc.php index d8a09f4d6a1453d227b2a0e3d9788ff08c68e6a7..bd1a969d57457fee98709adf390ea4ab12b0e00f 100644 --- a/interface/lib/classes/tools_monitor.inc.php +++ b/interface/lib/classes/tools_monitor.inc.php @@ -33,7 +33,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $data = unserialize($record['data']); @@ -80,7 +80,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $data = unserialize($record['data']); @@ -123,7 +123,7 @@ class tools_monitor { function showDatabaseSize () { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $data = unserialize($record['data']); //* format the data @@ -142,10 +142,12 @@ class tools_monitor { if ($line['size'] > 0) $line['size'] = $app->functions->formatBytes($line['size']); //* get the client - $line['client']=$app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$line['database_name']."'")['username']; + $tmp = $app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $line['database_name']); + $line['client'] = $tmp['username']; //* get the domain - $line['domain']=$app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name='".$line['database_name']."')")['domain']; + $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name=?", $line['database_name']); + $line['domain'] = $tmp['domain']; //* remove the sys_groupid from output unset($line['sys_groupid']); @@ -166,7 +168,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $data = unserialize($record['data']); @@ -202,7 +204,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $data = unserialize($record['data']); @@ -236,7 +238,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $data = unserialize($record['data']); @@ -349,7 +351,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $html = @@ -379,7 +381,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $html = @@ -408,7 +410,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $html = @@ -441,7 +443,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $html = @@ -472,7 +474,7 @@ class tools_monitor { global $app; /* fetch the Data from the DB */ - $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']); if(isset($record['data'])) { $html = @@ -486,7 +488,7 @@ class tools_monitor { $data = unserialize($record['data']); if ($data == '') { $html .= '
'.
- 'fail2ban is not installed at this server.
' .
+ 'fail2ban is not installed on this server.
' .
'See more (for debian) here...'.
'
'.
- 'MongoDB is not installed at this server.
' .
- 'See more (for debian) here...'.
+ 'MongoDB is not installed on this server.
' .
'
@@ -562,7 +563,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
if(isset($record['data'])) {
$data = unserialize($record['data']);
@@ -578,7 +579,7 @@ class tools_monitor {
global $app;
/* fetch the Data from the DB */
- $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+ $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = ? and server_id = ? ORDER BY created DESC", $type, $_SESSION['monitor']['server_id']);
/* TODO: datetimeformat should be set somewhat other way */
$dateTimeFormat = $app->lng("monitor_settings_datetimeformat_txt");
diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
index 3400c5b708097d837a6880881b1e4a064d9fdd5d..b2881f57cc7e28a96554b8f585d17873100035fe 100644
--- a/interface/lib/classes/tools_sites.inc.php
+++ b/interface/lib/classes/tools_sites.inc.php
@@ -87,7 +87,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id'])) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -96,7 +96,7 @@ class tools_sites {
}
}
- $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = ?", $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = $this->convertClientName($clientName);
@@ -114,7 +114,7 @@ class tools_sites {
if(isset($dataRecord['client_group_id'])) {
$client_group_id = $dataRecord['client_group_id'];
} elseif (isset($dataRecord['parent_domain_id']) && $dataRecord['parent_domain_id'] != 0) {
- $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+ $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
} elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
@@ -122,7 +122,7 @@ class tools_sites {
return '[CLIENTID]';
}
}
- $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+ $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
$clientID = $tmp['client_id'];
if ($clientID == '') $clientID = '0';
return $clientID;
@@ -144,6 +144,7 @@ class tools_sites {
return $res;
}
+ /* TODO: rewrite SQL */
function getDomainModuleDomains($not_used_in_table = null, $selected_domain = null) {
global $app;
@@ -168,6 +169,7 @@ class tools_sites {
return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
}
+ /* TODO: rewrite SQL */
function checkDomainModuleDomain($domain_id) {
global $app;
@@ -180,7 +182,8 @@ class tools_sites {
if(!$domain || !$domain['domain_id']) return false;
return $domain['domain'];
}
-
+
+ /* TODO: rewrite SQL */
function getClientIdForDomain($domain_id) {
global $app;
diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index c67601bfb7d7c080bd5d9f15d086ab63e06d38dc..db55b04f187862eecd25593396597303f27c3aff 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -43,7 +43,7 @@ class validate_client {
}
if($client_id == 0) {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ?", $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -53,7 +53,7 @@ class validate_client {
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ? AND client_id != ?", $field_value, $client_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -108,23 +108,23 @@ class validate_client {
switch ($field_name)
{
case 'web_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'dns_servers':
- $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'db_servers':
- $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'mail_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'xmpp_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
}
@@ -151,7 +151,7 @@ class validate_client {
}
// check if country is member of EU
- $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = '".$country."'");
+ $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = ?", $country);
if($country_details['eu'] == 'y' && $vatid != ''){
$vatid = preg_replace('/\s+/', '', $vatid);
@@ -161,6 +161,8 @@ class validate_client {
// Test if the country of the VAT-ID matches the country of the customer
if($country != ''){
+ // Greece
+ if($country == 'GR') $country = 'EL';
if(strtoupper($cc) != $country){
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
diff --git a/interface/lib/classes/validate_dkim.inc.php b/interface/lib/classes/validate_dkim.inc.php
index 71fd8c5454a847b1877cd9d74e81502538803851..5d7fb8f1e369a88930ca90379ee90be5af2cb203 100644
--- a/interface/lib/classes/validate_dkim.inc.php
+++ b/interface/lib/classes/validate_dkim.inc.php
@@ -62,8 +62,10 @@ class validate_dkim {
*/
function check_template($field_name, $field_value, $validator) {
$dkim=false;
- foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
- if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+ if(is_array($field_value) && !empty($field_value)){
+ foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
+ if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+ }
}
diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php
index 212c4d75dccd8aaf7b537f342b9a7465be22cf10..a6920e0b01d4f033326b148f425d34631d2cb9bb 100644
--- a/interface/lib/classes/validate_dns.inc.php
+++ b/interface/lib/classes/validate_dns.inc.php
@@ -104,7 +104,7 @@ class validate_dns {
}
if(substr($field, -1) == '.' && $area == 'Name'){
- $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));
+ $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ?", $zoneid);
if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."
\r\n"; } diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php index a072412584f51bb4a4d5b226c20009449df983c5..b4acbd6db136449cb967aa46602684a13ea0188b 100644 --- a/interface/lib/classes/validate_domain.inc.php +++ b/interface/lib/classes/validate_domain.inc.php @@ -88,8 +88,8 @@ class validate_domain { $app->uses('ini_parser,getconf'); $settings = $app->getconf->get_global_config('domains'); if ($settings['use_domain_module'] == 'y') { - $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($check_domain); - $domain_check = $app->db->queryOneRecord($sql); + $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = ?"; + $domain_check = $app->db->queryOneRecord($sql, $check_domain); if(!$domain_check) return; $check_domain = $domain_check['domain']; } @@ -157,24 +157,27 @@ class validate_domain { if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){ if($domain['parent_domain_id'] > 0){ - $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id'])); + $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $domain['parent_domain_id']); } } // check if domain has alias/subdomains - if we move a web to another IP, make sure alias/subdomains are checked as well - $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$app->functions->intval($primary_id)." AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')"); + $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')", $primary_id); $additional_sql1 = ''; $additional_sql2 = ''; + $domain_params = array(); if(is_array($aliassubdomains) && !empty($aliassubdomains)){ foreach($aliassubdomains as $aliassubdomain){ - $additional_sql1 .= " OR d.domain = '".$app->db->quote($aliassubdomain['domain'])."'"; - $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = '".$app->db->quote($aliassubdomain['domain'])."'"; + $additional_sql1 .= " OR d.domain = ?"; + $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = ?"; + $domain_params[] = $aliassubdomain['domain']; } } - $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = '" . $app->db->quote($domain_name) . "'" . $additional_sql1 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : ""); - $checks = $app->db->queryAllRecords($qrystr); + $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = ?" . $additional_sql1 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : ""); + $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id); + $checks = $app->db->queryAllRecords($qrystr, true, $params); if(is_array($checks) && !empty($checks)){ foreach($checks as $check){ if($domain['ip_address'] == '*') return false; @@ -185,8 +188,9 @@ class validate_domain { } if($only_domain == false) { - $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= '" . $app->db->quote($domain_name) . "'" . $additional_sql2 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : ""); - $checks = $app->db->queryAllRecords($qrystr); + $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= ?" . $additional_sql2 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : ""); + $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id); + $checks = $app->db->queryAllRecords($qrystr, true, $params); if(is_array($checks) && !empty($checks)){ foreach($checks as $check){ if($domain['ip_address'] == '*') return false; @@ -207,7 +211,7 @@ class validate_domain { if($_SESSION["s"]["user"]["typ"] != 'admin') { // Get the limits of the client $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); if($client["limit_wildcard"] == 'y') return true; else return false; diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php index 8e0663ecae9dc661df5051163a37a9b9d73a1bea..da8c100adcdb168287b97db8b81be580a36f6d13 100644 --- a/interface/lib/classes/validate_ftpuser.inc.php +++ b/interface/lib/classes/validate_ftpuser.inc.php @@ -50,7 +50,7 @@ class validate_ftpuser { if($primary_id > 0) { //* get parent_domain_id from website - $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'"); + $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $primary_id); if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { @@ -66,7 +66,7 @@ class validate_ftpuser { $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']); } - $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'"); + $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id); if(!is_array($domain_data) || $domain_data["domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php index 2cab1cf44464c563b7296230cd3af6682d906aa3..74824b72ca592ad3b4506fee29f1f219e6d798fd 100644 --- a/interface/lib/classes/validate_systemuser.inc.php +++ b/interface/lib/classes/validate_systemuser.inc.php @@ -95,7 +95,7 @@ class validate_systemuser { if($primary_id > 0) { //* get parent_domain_id from website - $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'"); + $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id); if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { @@ -111,7 +111,7 @@ class validate_systemuser { $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']); } - $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'"); + $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id); if(!is_array($domain_data) || $domain_data["domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { diff --git a/interface/lib/plugins/dns_dns_slave_plugin.inc.php b/interface/lib/plugins/dns_dns_slave_plugin.inc.php index aa2e20f9ab4089e5833de379049ee22f416f24a3..8f49ce69d0bc4c855f60a927cc120a38dee8f7ac 100644 --- a/interface/lib/plugins/dns_dns_slave_plugin.inc.php +++ b/interface/lib/plugins/dns_dns_slave_plugin.inc.php @@ -30,19 +30,19 @@ class dns_dns_slave_plugin { // make sure that the record belongs to the client group and not the admin group when a dmin inserts it if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id); } //** When the client group has changed, change also the owner of the record if the owner is not the admin user if($page_form->oldDataRecord && $page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id); + $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); if($tmp["userid"] > 0) { - $app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_slave SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id); } } } diff --git a/interface/lib/plugins/dns_dns_soa_plugin.inc.php b/interface/lib/plugins/dns_dns_soa_plugin.inc.php index 1cada0e932d59510d136542b8a3295933a434e37..8f047bef8b147c354cc400a082b4050a7b4befec 100644 --- a/interface/lib/plugins/dns_dns_soa_plugin.inc.php +++ b/interface/lib/plugins/dns_dns_soa_plugin.inc.php @@ -31,17 +31,17 @@ class dns_dns_soa_plugin { $tmp = $app->db->diffrec($page_form->oldDataRecord, $app->tform->getDataRecord($page_form->id)); if($tmp['diff_num'] > 0) { // Update the serial number of the SOA record - $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$page_form->id); - $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$page_form->id); + $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ?", $page_form->id); + $app->db->query("UPDATE dns_soa SET serial = ? WHERE id = ?", $app->validate_dns->increase_serial($soa["serial"]), $page_form->id); } //** When the client group has changed, change also the owner of the record if the owner is not the admin user if($page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id); + $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); if($tmp["userid"] > 0) { - $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id); - $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$page_form->id); + $app->db->query("UPDATE dns_soa SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id); + $app->db->query("UPDATE dns_rr SET sys_userid = ? WHERE zone = ?", $tmp["userid"], $page_form->id); } } } @@ -49,15 +49,15 @@ class dns_dns_soa_plugin { // make sure that the record belongs to the client group and not the admin group when a dmin inserts it if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'ru' WHERE id = ?", $client_group_id, $page_form->id); // And we want to update all rr records too, that belong to this record - $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id); + $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $page_form->id); // And we want to update all rr records too, that belong to this record - $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id); + $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id); } } diff --git a/interface/lib/plugins/mail_mail_domain_plugin.inc.php b/interface/lib/plugins/mail_mail_domain_plugin.inc.php index 13f6009ee58d62a84aaf6cc4de54b9c48a5ca4e3..90b1ac15b95033a431d6c75932392eaec0f8652a 100644 --- a/interface/lib/plugins/mail_mail_domain_plugin.inc.php +++ b/interface/lib/plugins/mail_mail_domain_plugin.inc.php @@ -31,23 +31,29 @@ class mail_mail_domain_plugin { // also make sure that the user can not delete entry created by an admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $updates = "sys_groupid = $client_group_id, sys_perm_group = 'ru'"; + $updates = "sys_groupid = ?, sys_perm_group = 'ru'"; + $update_params = array($client_group_id); if ($event_name == 'mail:mail_domain:on_after_update') { - $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id"); + $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1; - $updates = "sys_userid = $client_user_id, $updates"; + $updates .= ", sys_userid = ?"; + $update_params[] = $client_user_id; } - $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id); + $update_params[] = $page_form->id; + $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); $updates = "sys_groupid = $client_group_id, sys_perm_group = 'riud'"; + $update_params = array($client_group_id); if ($event_name == 'mail:mail_domain:on_after_update') { - $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id"); + $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1; - $updates = "sys_userid = $client_user_id, $updates"; + $updates .= ", sys_userid = ?"; + $update_params[] = $client_user_id; } - $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id); + $update_params[] = $page_form->id; + $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params); } //** If the domain name or owner has been changed, change the domain and owner in all mailbox records @@ -57,9 +63,9 @@ class mail_mail_domain_plugin { $mail_config = $app->getconf->get_server_config($page_form->dataRecord["server_id"], 'mail'); //* Update the mailboxes - $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", "%@" . $page_form->oldDataRecord['domain']); $sys_groupid = $app->functions->intval((isset($page_form->dataRecord['client_group_id']))?$page_form->dataRecord['client_group_id']:$page_form->oldDataRecord['sys_groupid']); - $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid"); + $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid); $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1); if(is_array($mailusers)) { foreach($mailusers as $rec) { @@ -67,46 +73,45 @@ class mail_mail_domain_plugin { $mail_parts = explode("@", $rec['email']); $maildir = str_replace("[domain]", $page_form->dataRecord['domain'], $mail_config["maildir_path"]); $maildir = str_replace("[localpart]", $mail_parts[0], $maildir); - $maildir = $app->db->quote($maildir); - $email = $app->db->quote($mail_parts[0].'@'.$page_form->dataRecord['domain']); - $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']); + $email = $mail_parts[0].'@'.$page_form->dataRecord['domain']; + $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']); } } //* Update the aliases - $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']); if(is_array($forwardings)) { foreach($forwardings as $rec) { - $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination'])); - $source = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source'])); - $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']); + $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']); + $source = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']); + $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']); } } //* Update the mailinglist - $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']); if(is_array($mailing_lists)) { foreach($mailing_lists as $rec) { - $app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']); + $app->db->datalogUpdate('mail_mailinglist', array("sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailinglist_id', $rec['mailinglist_id']); } } //* Update the mailget records - $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']); if(is_array($mail_gets)) { foreach($mail_gets as $rec) { - $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination'])); - $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']); + $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']); + $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']); } } if ($page_form->oldDataRecord["domain"] != $page_form->dataRecord['domain']) { //* Delete the old spamfilter record - $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", "@" . $page_form->oldDataRecord["domain"]); $app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]); unset($tmp); } - $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, '".$app->db->quote($page_form->oldDataRecord['domain'])."', '".$app->db->quote($page_form->dataRecord['domain'])."'), sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE email LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, ?, ?), sys_userid = ?, sys_groupid = ? WHERE email LIKE ?", $page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $client_user_id, $sys_groupid, "%@" . $page_form->oldDataRecord['domain']); } // end if domain name changed } diff --git a/interface/lib/plugins/mail_user_filter_plugin.inc.php b/interface/lib/plugins/mail_user_filter_plugin.inc.php index 8faeab5e83aad6c63b01df88cc35689d36583099..640dab230086183de1f35779315c52f80fe6be8a 100644 --- a/interface/lib/plugins/mail_user_filter_plugin.inc.php +++ b/interface/lib/plugins/mail_user_filter_plugin.inc.php @@ -61,7 +61,7 @@ class mail_user_filter_plugin { function mail_user_filter_edit($event_name, $page_form) { global $app, $conf; - $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]); + $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]); $skip = false; $lines = explode("\n", $mailuser['custom_mailfilter']); $out = ''; @@ -86,8 +86,7 @@ class mail_user_filter_plugin { $out = $new_rule . $out; } - $out = $app->db->quote($out); - $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]); + $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]); } @@ -95,7 +94,7 @@ class mail_user_filter_plugin { function mail_user_filter_del($event_name, $page_form) { global $app, $conf; - $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]); + $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]); $skip = false; $lines = explode("\n", $mailuser['custom_mailfilter']); $out = ''; @@ -111,8 +110,7 @@ class mail_user_filter_plugin { } } - $out = $app->db->quote($out); - $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]); + $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]); } @@ -124,7 +122,7 @@ class mail_user_filter_plugin { global $app, $conf; $app->uses("getconf"); - $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($page_form->dataRecord["mailuser_id"])); + $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]); $mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]), 'mail'); if($mail_config['mail_filter_syntax'] == 'sieve') { diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php index 1a880a1b10a0cd4d67cdc9861dbf917839b01c96..754c249ab9959208beba689b4b9a50971ae2b119 100644 --- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php +++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php @@ -31,13 +31,12 @@ class sites_web_database_user_plugin { // also make sure that the user can not delete entry created by an admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'ru' WHERE database_user_id = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $page_form->id); } - //$app->db->query("UPDATE web_database_user SET server_id = '" . $app->functions->intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id); } } diff --git a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php index b65c05bf2cd0546bcf853685a1e02b1278703c4d..aeb5623996009f08e3650628c4e0c871b5b50007 100644 --- a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php +++ b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php @@ -51,11 +51,11 @@ class sites_web_vhost_domain_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id); + $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id); + $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $page_form->id); } // Get configuration for the web system $app->uses("getconf"); @@ -73,15 +73,15 @@ class sites_web_vhost_domain_plugin { // get the ID of the client if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id); $client_id = $app->functions->intval($client["client_id"]); } elseif (isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $page_form->dataRecord["client_group_id"]; - $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval(@$page_form->dataRecord["client_group_id"])); + $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval(@$page_form->dataRecord["client_group_id"])); $client_id = $app->functions->intval($client["client_id"]); } else { $client_group_id = $page_form->dataRecord["client_group_id"]; - $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($page_form->dataRecord["client_group_id"])); + $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval($page_form->dataRecord["client_group_id"])); $client_id = $app->functions->intval($client["client_id"]); } @@ -89,81 +89,81 @@ class sites_web_vhost_domain_plugin { $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1); // Set the values for document_root, system_user and system_group - $system_user = $app->db->quote('web'.$page_form->id); - $system_group = $app->db->quote('client'.$client_id); + $system_user = 'web'.$page_form->id; + $system_group = 'client'.$client_id; $document_root = str_replace("[client_id]", $client_id, $document_root); $document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root); $document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root); $document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root); $document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root); - $document_root = $app->db->quote($document_root); if($event_name == 'sites:web_vhost_domain:on_after_update') { if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) { - $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ? WHERE domain_id = ?"; + $app->db->query($sql, $system_user, $system_group, $document_root, $page_form->id); // Update the FTP user(s) too - $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id'])); + $app->db->datalogUpdate('ftp_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "uid" => $system_user, "gid" => $system_group, "dir" => $document_root), 'ftp_user_id', $app->functions->intval($rec['ftp_user_id'])); } unset($records); unset($rec); // Update the webdav user(s) too - $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('webdav_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'webdav_user_id', $app->functions->intval($rec['webdav_user_id'])); + $app->db->datalogUpdate('webdav_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'webdav_user_id', $app->functions->intval($rec['webdav_user_id'])); } unset($records); unset($rec); // Update the web folder(s) too - $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_folder', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_id', $app->functions->intval($rec['web_folder_id'])); + $app->db->datalogUpdate('web_folder', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_id', $app->functions->intval($rec['web_folder_id'])); } unset($records); unset($rec); //* Update all web folder users - $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_folder_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id'])); + $app->db->datalogUpdate('web_folder_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id'])); } unset($records); unset($rec); // Update the Shell user(s) too - $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id'])); + $app->db->datalogUpdate('shell_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "puser" => $system_user, "pgroup" => $system_group, "dir" => $document_root), 'shell_user_id', $app->functions->intval($rec['shell_user_id'])); } unset($records); unset($rec); // Update the cron(s) too - $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('cron', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'id', $app->functions->intval($rec['id'])); + $app->db->datalogUpdate('cron', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'id', $app->functions->intval($rec['id'])); } unset($records); unset($rec); //* Update all subdomains and alias domains - $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'"; + $update_columns = array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']); if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') { $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$rec['web_folder'], $web_config["php_open_basedir"]); $php_open_basedir = str_replace("[website_domain]/web", $rec['domain'].'/'.$rec['web_folder'], $php_open_basedir); $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $rec['domain'], $php_open_basedir)); + $php_open_basedir = str_replace("[website_domain]", $rec['domain'], $php_open_basedir); - $update_columns .= ", document_root = '".$document_root."', `php_open_basedir` = '".$php_open_basedir."'"; + $update_columns["document_root"] = $document_root; + $update_columns["php_open_basedir"] = $php_open_basedir; } $app->db->datalogUpdate('web_domain', $update_columns, 'domain_id', $rec['domain_id']); } @@ -171,24 +171,24 @@ class sites_web_vhost_domain_plugin { unset($rec); //* Update all databases - $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id'])); + $app->db->datalogUpdate('web_database', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_id', $app->functions->intval($rec['database_id'])); } //* Update all database users - $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_database_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_user_id', $app->functions->intval($rec['database_user_id'])); + $app->db->datalogUpdate('web_database_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_user_id', $app->functions->intval($rec['database_user_id'])); } unset($records); unset($rec); // Update APS instances - $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]); if(is_array($records) && !empty($records)){ foreach($records as $rec){ - $app->db->datalogUpdate('aps_instances', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', customer_id = '".$app->functions->intval($client_id)."'", 'id', $rec['instance_id']); + $app->db->datalogUpdate('aps_instances', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "customer_id" => $client_id), 'id', $rec['instance_id']); } } unset($records); @@ -198,20 +198,20 @@ class sites_web_vhost_domain_plugin { //* If the domain name has been changed, we will have to change all subdomains + APS instances if(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"]) { - $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE '%.".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE ?", "%." . $page_form->oldDataRecord["domain"]); foreach($records as $rec) { - $subdomain = $app->db->quote(str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain'])); - $app->db->datalogUpdate('web_domain', "domain = '".$subdomain."'", 'domain_id', $rec['domain_id']); + $subdomain = str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']); + $app->db->datalogUpdate('web_domain', array("domain" => $subdomain), 'domain_id', $rec['domain_id']); } unset($records); unset($rec); unset($subdomain); // Update APS instances - $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]); if(is_array($records) && !empty($records)){ foreach($records as $rec){ - $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($page_form->dataRecord["domain"])."'", 'id', $rec['id']); + $app->db->datalogUpdate('aps_instances_settings', array("value" => $page_form->dataRecord["domain"]), 'id', $rec['id']); } } unset($records); @@ -220,35 +220,35 @@ class sites_web_vhost_domain_plugin { //* Set allow_override if empty if($web_rec['allow_override'] == '') { - $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $sql = "UPDATE web_domain SET allow_override = ? WHERE domain_id = ?"; + $app->db->query($sql, $web_config["htaccess_allow_override"], $page_form->id); } //* Set php_open_basedir if empty or domain or client has been changed if(empty($web_rec['php_open_basedir']) || (!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"])) { $php_open_basedir = $web_rec['php_open_basedir']; - $php_open_basedir = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir)); - $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir); + $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $php_open_basedir, $page_form->id); } if(empty($web_rec['php_open_basedir']) || (isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"])) { - $document_root = $app->db->quote(str_replace("[client_id]", $client_id, $document_root)); + $document_root = str_replace("[client_id]", $client_id, $document_root); $php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir)); - $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir); + $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $php_open_basedir, $page_form->id); } //* Change database backup options when web backup options have been changed if(isset($page_form->dataRecord['backup_interval']) && ($page_form->dataRecord['backup_interval'] != $page_form->oldDataRecord['backup_interval'] || $page_form->dataRecord['backup_copies'] != $page_form->oldDataRecord['backup_copies'])) { //* Update all databases - $backup_interval = $app->db->quote($page_form->dataRecord['backup_interval']); + $backup_interval = $page_form->dataRecord['backup_interval']; $backup_copies = $app->functions->intval($page_form->dataRecord['backup_copies']); $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']); + $app->db->datalogUpdate('web_database', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'database_id', $rec['database_id']); } unset($records); unset($rec); @@ -258,36 +258,36 @@ class sites_web_vhost_domain_plugin { //* Change vhost subdomain and alias ip/ipv6 if domain ip/ipv6 has changed if(isset($page_form->dataRecord['ip_address']) && ($page_form->dataRecord['ip_address'] != $page_form->oldDataRecord['ip_address'] || $page_form->dataRecord['ipv6_address'] != $page_form->oldDataRecord['ipv6_address'])) { - $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']); + $app->db->datalogUpdate('web_domain', array("ip_address" => $web_rec['ip_address'], "ipv6_address" => $web_rec['ipv6_address']), 'domain_id', $rec['domain_id']); } unset($records); unset($rec); } } else { $php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir)); - - $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]); - $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir); + $htaccess_allow_override = $web_config["htaccess_allow_override"]; + + $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id); } } else { if(isset($page_form->dataRecord["parent_domain_id"]) && $page_form->dataRecord["parent_domain_id"] != $page_form->oldDataRecord["parent_domain_id"]) { - $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = '" . $app->functions->intval($page_form->dataRecord['parent_domain_id']) . "'"); + $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $page_form->dataRecord['parent_domain_id']); // Set the values for document_root, system_user and system_group - $system_user = $app->db->quote($parent_domain['system_user']); - $system_group = $app->db->quote($parent_domain['system_group']); - $document_root = $app->db->quote($parent_domain['document_root']); + $system_user = $parent_domain['system_user']; + $system_group = $parent_domain['system_group']; + $document_root = $parent_domain['document_root']; $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$page_form->dataRecord['web_folder'], $web_config["php_open_basedir"]); $php_open_basedir = str_replace("[website_domain]/web", $page_form->dataRecord['domain'].'/'.$page_form->dataRecord['web_folder'], $php_open_basedir); $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir)); - $htaccess_allow_override = $app->db->quote($parent_domain['allow_override']); - $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($parent_domain['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir); + $htaccess_allow_override = $parent_domain['allow_override']; + $sql = "UPDATE web_domain SET sys_groupid = ?,system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $parent_domain['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id); } } } diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php index fd442055623c273d166ba5094f88b76e44c8f222..dcd2df73504fbc638b7e3f9b0121d5c7c4e421c3 100644 --- a/interface/lib/plugins/vm_openvz_plugin.inc.php +++ b/interface/lib/plugins/vm_openvz_plugin.inc.php @@ -41,24 +41,24 @@ class vm_openvz_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } // Set the VEID $tmp = $app->db->queryOneRecord('SELECT MAX(veid) + 1 as newveid FROM openvz_vm'); $veid = ($tmp['newveid'] > 100)?$tmp['newveid']:101; - $app->db->query("UPDATE openvz_vm SET veid = ".$veid." WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET veid = ? WHERE vm_id = ?", $veid, $this->id); unset($tmp); // Apply template values to the advanced tab settings $this->applyTemplate(); // Set the IP address - $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'"); + $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']); // Create the OpenVZ config file and store it in config field $this->makeOpenVZConfig(); @@ -82,11 +82,11 @@ class vm_openvz_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } if(isset($this->dataRecord["ostemplate_id"]) && $this->oldDataRecord["ostemplate_id"] != $this->dataRecord["ostemplate_id"]) { @@ -94,7 +94,7 @@ class vm_openvz_plugin { } // Set the IP address - if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'"); + if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']); // Create the OpenVZ config file and store it in config field $this->makeOpenVZConfig(); @@ -111,8 +111,8 @@ class vm_openvz_plugin { global $app, $conf; //* Free the IP address - $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id)); - $app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']); + $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ?", $page_form->id); + $app->db->datalogUpdate('openvz_ip', array('vm_id' => 0), 'ip_address_id', $tmp['ip_address_id']); unset($tmp); } @@ -120,29 +120,29 @@ class vm_openvz_plugin { private function applyTemplate() { global $app, $conf; - $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"])); + $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $this->dataRecord["template_id"]); $sql = "UPDATE openvz_vm SET "; - $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', "; - $sql .= "ram = '".$app->db->quote($tpl['ram'])."', "; - $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', "; - $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', "; - $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', "; - $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', "; - $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', "; - $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', "; - $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', "; - $sql .= "capability = '".$app->db->quote($tpl['capability'])."' "; - $sql .= "WHERE vm_id = ".$app->functions->intval($this->id); - $app->db->query($sql); + $sql .= "diskspace = ?, "; + $sql .= "ram = ?, "; + $sql .= "ram_burst = ?, "; + $sql .= "cpu_units = ?, "; + $sql .= "cpu_num = ?, "; + $sql .= "cpu_limit = ?, "; + $sql .= "io_priority = ?, "; + $sql .= "nameserver = ?, "; + $sql .= "create_dns = ?, "; + $sql .= "capability = ? "; + $sql .= "WHERE vm_id = ?"; + $app->db->query($sql, $tpl['diskspace'], $tpl['ram'], $tpl['ram_burst'], $tpl['cpu_units'], $tpl['cpu_num'], $tpl['cpu_limit'], $tpl['io_priority'], $tpl['nameserver'], $tpl['create_dns'], $tpl['capability'], $this->id); } private function makeOpenVZConfig() { global $app, $conf; - $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id)); - $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id'])); + $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?",$app->functions->intval($this->id)); + $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?",$app->functions->intval($vm['template_id'])); $burst_ram = $vm['ram_burst']*256; $guar_ram = $vm['ram']*256; @@ -194,12 +194,12 @@ class vm_openvz_plugin { $tpl->setVar('nameserver', $vm['nameserver']); $tpl->setVar('capability', $vm['capability']); - $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id'])); + $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $app->functions->intval($vm['ostemplate_id'])); $tpl->setVar('ostemplate', $tmp['template_file']); unset($tmp); - $openvz_config = $app->db->quote($tpl->grab()); - $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id)); + $openvz_config = $tpl->grab(); + $app->db->query("UPDATE openvz_vm SET config = ? WHERE vm_id = ?", $openvz_config, $app->functions->intval($this->id)); unset($tpl); @@ -208,23 +208,23 @@ class vm_openvz_plugin { private function createDNS() { global $app, $conf; - $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id)); + $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?", $app->functions->intval($this->id)); if($vm['create_dns'] != 'y') return; $full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']); $hostname_parts = explode('.', $full_hostname); - $hostname = $app->db->quote($hostname_parts[0]); + $hostname = $hostname_parts[0]; unset($hostname_parts[0]); - $zone = $app->db->quote((implode('.', $hostname_parts))); + $zone = implode('.', $hostname_parts); unset($hostname_parts); // Find the dns zone - $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'"); - $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'"); + $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $zone); + $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ?", $zone_rec['id'], $hostname); if($zone_rec['id'] > 0) { - $ip_address = $app->db->quote($vm['ip_address']); + $ip_address = $vm['ip_address']; $sys_userid = $app->functions->intval($zone_rec['sys_userid']); $sys_groupid = $app->functions->intval($zone_rec['sys_groupid']); $server_id = $app->functions->intval($zone_rec['server_id']); @@ -232,12 +232,25 @@ class vm_openvz_plugin { if($rr_rec['id'] > 0) { $app->uses('validate_dns'); - $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id'])); + $app->db->datalogUpdate('dns_rr', array("data" => $ip_address), 'id', $app->functions->intval($rr_rec['id'])); $serial = $app->validate_dns->increase_serial($zone_rec['serial']); - $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id'])); + $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $app->functions->intval($zone_rec['id'])); } else { - $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES - ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')"; + $insert_data = array( + "sys_userid" => $sys_userid, + "sys_groupid" => $sys_groupid, + "sys_perm_user" => 'riud', + "sys_perm_group" => 'riud', + "sys_perm_other" => '', + "server_id" => $server_id, + "zone" => $dns_soa_id, + "name" => $hostname, + "type" => 'A', + "data" => $ip_address, + "aux" => '0', + "ttl" => '3600', + "active" => 'Y' + ); $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id'); } diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php index 6c29f766d100d03f548d815f26ffdd6c4956bd37..4dd26afbf6759aa1a001fd773e6fa851c72ba3b1 100644 --- a/interface/web/admin/firewall_edit.php +++ b/interface/web/admin/firewall_edit.php @@ -56,7 +56,7 @@ class page_action extends tform_actions { //* Check if the server has been changed // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) { - $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id); + $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ?", $this->id); if($rec['server_id'] != $this->dataRecord["server_id"]) { //* Add a error message and switch back to old server $app->tform->errorMessage .= $app->lng('The Server can not be changed.'); diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php index 8db725b95fe11c7c453641fd67b3518f4fdab740..0c2502c6c4a4c1ef4b5a8cceaa5bd295ba6e0894 100644 --- a/interface/web/admin/form/directive_snippets.tform.php +++ b/interface/web/admin/form/directive_snippets.tform.php @@ -105,6 +105,17 @@ $form["tabs"]['directive_snippets'] = array ( 'default' => 'y', 'value' => array(0 => 'n', 1 => 'y') ), + 'required_php_snippets' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOXARRAY', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => "SELECT directive_snippets_id,name FROM directive_snippets WHERE type = 'php' AND active = 'y'ORDER BY name", + 'keyfield' => 'directive_snippets_id', + 'valuefield' => 'name' + ), + 'separator' => ',', + ), //################################# // ENDE Datatable fields //################################# diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php index 7827b43f26d57403cfe3b5f3b98184c49310132e..0f78f9d2bf19a524f975545d0661f85f03a51d4a 100644 --- a/interface/web/admin/form/server_config.tform.php +++ b/interface/web/admin/form/server_config.tform.php @@ -182,7 +182,7 @@ $form["tabs"]['server'] = array( 'backup_dir_is_mount' => array( 'datatype' => 'VARCHAR', 'formtype' => 'CHECKBOX', - 'default' => 'n', + 'default' => 'y', 'value' => array(0 => 'n', 1 => 'y') ), 'backup_mode' => array( @@ -327,7 +327,7 @@ $form["tabs"]['mail'] = array( 'datatype' => 'INTEGER', 'formtype' => 'SELECT', 'default' => '2048', - 'value' => array('1024' => 'week (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)') + 'value' => array('1024' => 'weak (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)') ), 'relayhost_password' => array( 'datatype' => 'VARCHAR', @@ -1036,7 +1036,7 @@ $form["tabs"]['web'] = array( 'enable_spdy' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'CHECKBOX', - 'default' => 'n', + 'default' => 'y', 'value' => array ( 0 => 'n', 1 => 'y' diff --git a/interface/web/admin/lib/module.conf.php b/interface/web/admin/lib/module.conf.php index 7f4d19da1abd456a7027fdd6729994edc67b2a90..727f7a2d5555918be7282dd705bf8e2f745f72b4 100644 --- a/interface/web/admin/lib/module.conf.php +++ b/interface/web/admin/lib/module.conf.php @@ -7,6 +7,7 @@ $module['title'] = 'top_menu_system'; $module['template'] = 'module.tpl.htm'; $module['startpage'] = 'admin/server_list.php'; $module['tab_width'] = '60'; +$module['order'] = '90'; $items[] = array( 'title' => 'CP Users', diff --git a/interface/web/admin/list/directive_snippets.list.php b/interface/web/admin/list/directive_snippets.list.php index 37fe89a42d2102861cc9e66a659ac30d213d20a8..078cebf8608ed82d12ad8f5cc1d12d1d5f1990ff 100644 --- a/interface/web/admin/list/directive_snippets.list.php +++ b/interface/web/admin/list/directive_snippets.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
';
+ } else {
+ $logo = '
';
+ }
+ $default_logo = '';
+ $app->tpl->setVar("used_logo", $logo);
+ $app->tpl->setVar("default_logo", $default_logo);
parent::onShowEnd();
}
@@ -165,9 +176,7 @@ class page_action extends tform_actions {
$server_config_array[$section] = $new_config;
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- //$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
- //if($conf['demo_mode'] != true) $app->db->query($sql);
- if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);
+ if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', array("config" => $server_config_str), 'sysini_id', 1);
/*
* If we should use the domain-module, we have to insert all existing domains into the table
@@ -185,26 +194,28 @@ class page_action extends tform_actions {
"FROM web_domain WHERE type NOT IN ('subdomain','vhostsubdomain')";
$app->db->query($sql);
}
+
+ //die(print_r($_FILES));
+ // Logo
+ /*
+ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
+ //print_r($_FILES);
+
+ $path= $_FILES['file']['tmp_name'];
+ $type = pathinfo($path, PATHINFO_EXTENSION);
+ $data = file_get_contents($path);
+ $base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);
+ $app->db->query("UPDATE sys_ini SET custom_logo = ? WHERE sysini_id = ?", $base64, $this->id);
+ }
+ */
// Maintenance mode
if($server_config_array['misc']['maintenance_mode'] == 'y'){
//print_r($_SESSION);
//echo $_SESSION['s']['id'];
- $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
+ $app->db->query("DELETE FROM sys_session WHERE session_id != ?", $_SESSION['s']['id']);
}
}
-
- /*
- function onAfterUpdate() {
- if($this->_js_changed == true) {
- // not the best way, but it works
- header('Content-Type: text/html');
- print '';
- exit;
- }
- }
- */
-
}
$app->tform_actions = new page_action;
diff --git a/interface/web/admin/templates/directive_snippets_edit.htm b/interface/web/admin/templates/directive_snippets_edit.htm
index 7729fc163d8b118e0862a29e511e99a8ed6f375c..21b76867ec12d468ff7371222951e1ef809276aa 100644
--- a/interface/web/admin/templates/directive_snippets_edit.htm
+++ b/interface/web/admin/templates/directive_snippets_edit.htm
@@ -17,6 +17,12 @@
+
\r\n"; } diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php index a072412584f51bb4a4d5b226c20009449df983c5..b4acbd6db136449cb967aa46602684a13ea0188b 100644 --- a/interface/lib/classes/validate_domain.inc.php +++ b/interface/lib/classes/validate_domain.inc.php @@ -88,8 +88,8 @@ class validate_domain { $app->uses('ini_parser,getconf'); $settings = $app->getconf->get_global_config('domains'); if ($settings['use_domain_module'] == 'y') { - $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($check_domain); - $domain_check = $app->db->queryOneRecord($sql); + $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = ?"; + $domain_check = $app->db->queryOneRecord($sql, $check_domain); if(!$domain_check) return; $check_domain = $domain_check['domain']; } @@ -157,24 +157,27 @@ class validate_domain { if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){ if($domain['parent_domain_id'] > 0){ - $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id'])); + $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $domain['parent_domain_id']); } } // check if domain has alias/subdomains - if we move a web to another IP, make sure alias/subdomains are checked as well - $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$app->functions->intval($primary_id)." AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')"); + $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')", $primary_id); $additional_sql1 = ''; $additional_sql2 = ''; + $domain_params = array(); if(is_array($aliassubdomains) && !empty($aliassubdomains)){ foreach($aliassubdomains as $aliassubdomain){ - $additional_sql1 .= " OR d.domain = '".$app->db->quote($aliassubdomain['domain'])."'"; - $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = '".$app->db->quote($aliassubdomain['domain'])."'"; + $additional_sql1 .= " OR d.domain = ?"; + $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = ?"; + $domain_params[] = $aliassubdomain['domain']; } } - $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = '" . $app->db->quote($domain_name) . "'" . $additional_sql1 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : ""); - $checks = $app->db->queryAllRecords($qrystr); + $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = ?" . $additional_sql1 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : ""); + $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id); + $checks = $app->db->queryAllRecords($qrystr, true, $params); if(is_array($checks) && !empty($checks)){ foreach($checks as $check){ if($domain['ip_address'] == '*') return false; @@ -185,8 +188,9 @@ class validate_domain { } if($only_domain == false) { - $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= '" . $app->db->quote($domain_name) . "'" . $additional_sql2 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : ""); - $checks = $app->db->queryAllRecords($qrystr); + $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= ?" . $additional_sql2 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : ""); + $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id); + $checks = $app->db->queryAllRecords($qrystr, true, $params); if(is_array($checks) && !empty($checks)){ foreach($checks as $check){ if($domain['ip_address'] == '*') return false; @@ -207,7 +211,7 @@ class validate_domain { if($_SESSION["s"]["user"]["typ"] != 'admin') { // Get the limits of the client $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); if($client["limit_wildcard"] == 'y') return true; else return false; diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php index 8e0663ecae9dc661df5051163a37a9b9d73a1bea..da8c100adcdb168287b97db8b81be580a36f6d13 100644 --- a/interface/lib/classes/validate_ftpuser.inc.php +++ b/interface/lib/classes/validate_ftpuser.inc.php @@ -50,7 +50,7 @@ class validate_ftpuser { if($primary_id > 0) { //* get parent_domain_id from website - $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'"); + $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $primary_id); if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { @@ -66,7 +66,7 @@ class validate_ftpuser { $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']); } - $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'"); + $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id); if(!is_array($domain_data) || $domain_data["domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php index 2cab1cf44464c563b7296230cd3af6682d906aa3..74824b72ca592ad3b4506fee29f1f219e6d798fd 100644 --- a/interface/lib/classes/validate_systemuser.inc.php +++ b/interface/lib/classes/validate_systemuser.inc.php @@ -95,7 +95,7 @@ class validate_systemuser { if($primary_id > 0) { //* get parent_domain_id from website - $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'"); + $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id); if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { @@ -111,7 +111,7 @@ class validate_systemuser { $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']); } - $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'"); + $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id); if(!is_array($domain_data) || $domain_data["domain_id"] < 1) { $errmsg = $validator['errmsg']; if(isset($app->tform->wordbook[$errmsg])) { diff --git a/interface/lib/plugins/dns_dns_slave_plugin.inc.php b/interface/lib/plugins/dns_dns_slave_plugin.inc.php index aa2e20f9ab4089e5833de379049ee22f416f24a3..8f49ce69d0bc4c855f60a927cc120a38dee8f7ac 100644 --- a/interface/lib/plugins/dns_dns_slave_plugin.inc.php +++ b/interface/lib/plugins/dns_dns_slave_plugin.inc.php @@ -30,19 +30,19 @@ class dns_dns_slave_plugin { // make sure that the record belongs to the client group and not the admin group when a dmin inserts it if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id); } //** When the client group has changed, change also the owner of the record if the owner is not the admin user if($page_form->oldDataRecord && $page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id); + $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); if($tmp["userid"] > 0) { - $app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_slave SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id); } } } diff --git a/interface/lib/plugins/dns_dns_soa_plugin.inc.php b/interface/lib/plugins/dns_dns_soa_plugin.inc.php index 1cada0e932d59510d136542b8a3295933a434e37..8f047bef8b147c354cc400a082b4050a7b4befec 100644 --- a/interface/lib/plugins/dns_dns_soa_plugin.inc.php +++ b/interface/lib/plugins/dns_dns_soa_plugin.inc.php @@ -31,17 +31,17 @@ class dns_dns_soa_plugin { $tmp = $app->db->diffrec($page_form->oldDataRecord, $app->tform->getDataRecord($page_form->id)); if($tmp['diff_num'] > 0) { // Update the serial number of the SOA record - $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$page_form->id); - $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$page_form->id); + $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ?", $page_form->id); + $app->db->query("UPDATE dns_soa SET serial = ? WHERE id = ?", $app->validate_dns->increase_serial($soa["serial"]), $page_form->id); } //** When the client group has changed, change also the owner of the record if the owner is not the admin user if($page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id); + $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); if($tmp["userid"] > 0) { - $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id); - $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$page_form->id); + $app->db->query("UPDATE dns_soa SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id); + $app->db->query("UPDATE dns_rr SET sys_userid = ? WHERE zone = ?", $tmp["userid"], $page_form->id); } } } @@ -49,15 +49,15 @@ class dns_dns_soa_plugin { // make sure that the record belongs to the client group and not the admin group when a dmin inserts it if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'ru' WHERE id = ?", $client_group_id, $page_form->id); // And we want to update all rr records too, that belong to this record - $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id); + $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$page_form->id); + $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $page_form->id); // And we want to update all rr records too, that belong to this record - $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id); + $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id); } } diff --git a/interface/lib/plugins/mail_mail_domain_plugin.inc.php b/interface/lib/plugins/mail_mail_domain_plugin.inc.php index 13f6009ee58d62a84aaf6cc4de54b9c48a5ca4e3..90b1ac15b95033a431d6c75932392eaec0f8652a 100644 --- a/interface/lib/plugins/mail_mail_domain_plugin.inc.php +++ b/interface/lib/plugins/mail_mail_domain_plugin.inc.php @@ -31,23 +31,29 @@ class mail_mail_domain_plugin { // also make sure that the user can not delete entry created by an admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $updates = "sys_groupid = $client_group_id, sys_perm_group = 'ru'"; + $updates = "sys_groupid = ?, sys_perm_group = 'ru'"; + $update_params = array($client_group_id); if ($event_name == 'mail:mail_domain:on_after_update') { - $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id"); + $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1; - $updates = "sys_userid = $client_user_id, $updates"; + $updates .= ", sys_userid = ?"; + $update_params[] = $client_user_id; } - $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id); + $update_params[] = $page_form->id; + $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); $updates = "sys_groupid = $client_group_id, sys_perm_group = 'riud'"; + $update_params = array($client_group_id); if ($event_name == 'mail:mail_domain:on_after_update') { - $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id"); + $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id); $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1; - $updates = "sys_userid = $client_user_id, $updates"; + $updates .= ", sys_userid = ?"; + $update_params[] = $client_user_id; } - $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id); + $update_params[] = $page_form->id; + $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params); } //** If the domain name or owner has been changed, change the domain and owner in all mailbox records @@ -57,9 +63,9 @@ class mail_mail_domain_plugin { $mail_config = $app->getconf->get_server_config($page_form->dataRecord["server_id"], 'mail'); //* Update the mailboxes - $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", "%@" . $page_form->oldDataRecord['domain']); $sys_groupid = $app->functions->intval((isset($page_form->dataRecord['client_group_id']))?$page_form->dataRecord['client_group_id']:$page_form->oldDataRecord['sys_groupid']); - $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid"); + $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid); $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1); if(is_array($mailusers)) { foreach($mailusers as $rec) { @@ -67,46 +73,45 @@ class mail_mail_domain_plugin { $mail_parts = explode("@", $rec['email']); $maildir = str_replace("[domain]", $page_form->dataRecord['domain'], $mail_config["maildir_path"]); $maildir = str_replace("[localpart]", $mail_parts[0], $maildir); - $maildir = $app->db->quote($maildir); - $email = $app->db->quote($mail_parts[0].'@'.$page_form->dataRecord['domain']); - $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']); + $email = $mail_parts[0].'@'.$page_form->dataRecord['domain']; + $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']); } } //* Update the aliases - $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']); if(is_array($forwardings)) { foreach($forwardings as $rec) { - $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination'])); - $source = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source'])); - $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']); + $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']); + $source = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']); + $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']); } } //* Update the mailinglist - $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']); if(is_array($mailing_lists)) { foreach($mailing_lists as $rec) { - $app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']); + $app->db->datalogUpdate('mail_mailinglist', array("sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailinglist_id', $rec['mailinglist_id']); } } //* Update the mailget records - $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']); if(is_array($mail_gets)) { foreach($mail_gets as $rec) { - $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination'])); - $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']); + $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']); + $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']); } } if ($page_form->oldDataRecord["domain"] != $page_form->dataRecord['domain']) { //* Delete the old spamfilter record - $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", "@" . $page_form->oldDataRecord["domain"]); $app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]); unset($tmp); } - $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, '".$app->db->quote($page_form->oldDataRecord['domain'])."', '".$app->db->quote($page_form->dataRecord['domain'])."'), sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE email LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'"); + $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, ?, ?), sys_userid = ?, sys_groupid = ? WHERE email LIKE ?", $page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $client_user_id, $sys_groupid, "%@" . $page_form->oldDataRecord['domain']); } // end if domain name changed } diff --git a/interface/lib/plugins/mail_user_filter_plugin.inc.php b/interface/lib/plugins/mail_user_filter_plugin.inc.php index 8faeab5e83aad6c63b01df88cc35689d36583099..640dab230086183de1f35779315c52f80fe6be8a 100644 --- a/interface/lib/plugins/mail_user_filter_plugin.inc.php +++ b/interface/lib/plugins/mail_user_filter_plugin.inc.php @@ -61,7 +61,7 @@ class mail_user_filter_plugin { function mail_user_filter_edit($event_name, $page_form) { global $app, $conf; - $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]); + $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]); $skip = false; $lines = explode("\n", $mailuser['custom_mailfilter']); $out = ''; @@ -86,8 +86,7 @@ class mail_user_filter_plugin { $out = $new_rule . $out; } - $out = $app->db->quote($out); - $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]); + $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]); } @@ -95,7 +94,7 @@ class mail_user_filter_plugin { function mail_user_filter_del($event_name, $page_form) { global $app, $conf; - $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]); + $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]); $skip = false; $lines = explode("\n", $mailuser['custom_mailfilter']); $out = ''; @@ -111,8 +110,7 @@ class mail_user_filter_plugin { } } - $out = $app->db->quote($out); - $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]); + $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]); } @@ -124,7 +122,7 @@ class mail_user_filter_plugin { global $app, $conf; $app->uses("getconf"); - $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($page_form->dataRecord["mailuser_id"])); + $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]); $mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]), 'mail'); if($mail_config['mail_filter_syntax'] == 'sieve') { diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php index 1a880a1b10a0cd4d67cdc9861dbf917839b01c96..754c249ab9959208beba689b4b9a50971ae2b119 100644 --- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php +++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php @@ -31,13 +31,12 @@ class sites_web_database_user_plugin { // also make sure that the user can not delete entry created by an admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'ru' WHERE database_user_id = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id); + $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $page_form->id); } - //$app->db->query("UPDATE web_database_user SET server_id = '" . $app->functions->intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id); } } diff --git a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php index b65c05bf2cd0546bcf853685a1e02b1278703c4d..aeb5623996009f08e3650628c4e0c871b5b50007 100644 --- a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php +++ b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php @@ -51,11 +51,11 @@ class sites_web_vhost_domain_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id); + $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id); + $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $page_form->id); } // Get configuration for the web system $app->uses("getconf"); @@ -73,15 +73,15 @@ class sites_web_vhost_domain_plugin { // get the ID of the client if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id); $client_id = $app->functions->intval($client["client_id"]); } elseif (isset($page_form->dataRecord["client_group_id"])) { $client_group_id = $page_form->dataRecord["client_group_id"]; - $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval(@$page_form->dataRecord["client_group_id"])); + $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval(@$page_form->dataRecord["client_group_id"])); $client_id = $app->functions->intval($client["client_id"]); } else { $client_group_id = $page_form->dataRecord["client_group_id"]; - $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($page_form->dataRecord["client_group_id"])); + $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval($page_form->dataRecord["client_group_id"])); $client_id = $app->functions->intval($client["client_id"]); } @@ -89,81 +89,81 @@ class sites_web_vhost_domain_plugin { $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1); // Set the values for document_root, system_user and system_group - $system_user = $app->db->quote('web'.$page_form->id); - $system_group = $app->db->quote('client'.$client_id); + $system_user = 'web'.$page_form->id; + $system_group = 'client'.$client_id; $document_root = str_replace("[client_id]", $client_id, $document_root); $document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root); $document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root); $document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root); $document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root); - $document_root = $app->db->quote($document_root); if($event_name == 'sites:web_vhost_domain:on_after_update') { if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) { - $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ? WHERE domain_id = ?"; + $app->db->query($sql, $system_user, $system_group, $document_root, $page_form->id); // Update the FTP user(s) too - $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id'])); + $app->db->datalogUpdate('ftp_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "uid" => $system_user, "gid" => $system_group, "dir" => $document_root), 'ftp_user_id', $app->functions->intval($rec['ftp_user_id'])); } unset($records); unset($rec); // Update the webdav user(s) too - $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('webdav_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'webdav_user_id', $app->functions->intval($rec['webdav_user_id'])); + $app->db->datalogUpdate('webdav_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'webdav_user_id', $app->functions->intval($rec['webdav_user_id'])); } unset($records); unset($rec); // Update the web folder(s) too - $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_folder', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_id', $app->functions->intval($rec['web_folder_id'])); + $app->db->datalogUpdate('web_folder', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_id', $app->functions->intval($rec['web_folder_id'])); } unset($records); unset($rec); //* Update all web folder users - $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_folder_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id'])); + $app->db->datalogUpdate('web_folder_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id'])); } unset($records); unset($rec); // Update the Shell user(s) too - $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id'])); + $app->db->datalogUpdate('shell_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "puser" => $system_user, "pgroup" => $system_group, "dir" => $document_root), 'shell_user_id', $app->functions->intval($rec['shell_user_id'])); } unset($records); unset($rec); // Update the cron(s) too - $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('cron', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'id', $app->functions->intval($rec['id'])); + $app->db->datalogUpdate('cron', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'id', $app->functions->intval($rec['id'])); } unset($records); unset($rec); //* Update all subdomains and alias domains - $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'"; + $update_columns = array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']); if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') { $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$rec['web_folder'], $web_config["php_open_basedir"]); $php_open_basedir = str_replace("[website_domain]/web", $rec['domain'].'/'.$rec['web_folder'], $php_open_basedir); $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $rec['domain'], $php_open_basedir)); + $php_open_basedir = str_replace("[website_domain]", $rec['domain'], $php_open_basedir); - $update_columns .= ", document_root = '".$document_root."', `php_open_basedir` = '".$php_open_basedir."'"; + $update_columns["document_root"] = $document_root; + $update_columns["php_open_basedir"] = $php_open_basedir; } $app->db->datalogUpdate('web_domain', $update_columns, 'domain_id', $rec['domain_id']); } @@ -171,24 +171,24 @@ class sites_web_vhost_domain_plugin { unset($rec); //* Update all databases - $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id'])); + $app->db->datalogUpdate('web_database', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_id', $app->functions->intval($rec['database_id'])); } //* Update all database users - $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_database_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_user_id', $app->functions->intval($rec['database_user_id'])); + $app->db->datalogUpdate('web_database_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_user_id', $app->functions->intval($rec['database_user_id'])); } unset($records); unset($rec); // Update APS instances - $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]); if(is_array($records) && !empty($records)){ foreach($records as $rec){ - $app->db->datalogUpdate('aps_instances', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', customer_id = '".$app->functions->intval($client_id)."'", 'id', $rec['instance_id']); + $app->db->datalogUpdate('aps_instances', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "customer_id" => $client_id), 'id', $rec['instance_id']); } } unset($records); @@ -198,20 +198,20 @@ class sites_web_vhost_domain_plugin { //* If the domain name has been changed, we will have to change all subdomains + APS instances if(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"]) { - $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE '%.".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE ?", "%." . $page_form->oldDataRecord["domain"]); foreach($records as $rec) { - $subdomain = $app->db->quote(str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain'])); - $app->db->datalogUpdate('web_domain', "domain = '".$subdomain."'", 'domain_id', $rec['domain_id']); + $subdomain = str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']); + $app->db->datalogUpdate('web_domain', array("domain" => $subdomain), 'domain_id', $rec['domain_id']); } unset($records); unset($rec); unset($subdomain); // Update APS instances - $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'"); + $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]); if(is_array($records) && !empty($records)){ foreach($records as $rec){ - $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($page_form->dataRecord["domain"])."'", 'id', $rec['id']); + $app->db->datalogUpdate('aps_instances_settings', array("value" => $page_form->dataRecord["domain"]), 'id', $rec['id']); } } unset($records); @@ -220,35 +220,35 @@ class sites_web_vhost_domain_plugin { //* Set allow_override if empty if($web_rec['allow_override'] == '') { - $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $sql = "UPDATE web_domain SET allow_override = ? WHERE domain_id = ?"; + $app->db->query($sql, $web_config["htaccess_allow_override"], $page_form->id); } //* Set php_open_basedir if empty or domain or client has been changed if(empty($web_rec['php_open_basedir']) || (!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"])) { $php_open_basedir = $web_rec['php_open_basedir']; - $php_open_basedir = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir)); - $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir); + $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $php_open_basedir, $page_form->id); } if(empty($web_rec['php_open_basedir']) || (isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"])) { - $document_root = $app->db->quote(str_replace("[client_id]", $client_id, $document_root)); + $document_root = str_replace("[client_id]", $client_id, $document_root); $php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir)); - $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir); + $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $php_open_basedir, $page_form->id); } //* Change database backup options when web backup options have been changed if(isset($page_form->dataRecord['backup_interval']) && ($page_form->dataRecord['backup_interval'] != $page_form->oldDataRecord['backup_interval'] || $page_form->dataRecord['backup_copies'] != $page_form->oldDataRecord['backup_copies'])) { //* Update all databases - $backup_interval = $app->db->quote($page_form->dataRecord['backup_interval']); + $backup_interval = $page_form->dataRecord['backup_interval']; $backup_copies = $app->functions->intval($page_form->dataRecord['backup_copies']); $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']); + $app->db->datalogUpdate('web_database', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'database_id', $rec['database_id']); } unset($records); unset($rec); @@ -258,36 +258,36 @@ class sites_web_vhost_domain_plugin { //* Change vhost subdomain and alias ip/ipv6 if domain ip/ipv6 has changed if(isset($page_form->dataRecord['ip_address']) && ($page_form->dataRecord['ip_address'] != $page_form->oldDataRecord['ip_address'] || $page_form->dataRecord['ipv6_address'] != $page_form->oldDataRecord['ipv6_address'])) { - $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".$page_form->id); + $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ?", $page_form->id); foreach($records as $rec) { - $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']); + $app->db->datalogUpdate('web_domain', array("ip_address" => $web_rec['ip_address'], "ipv6_address" => $web_rec['ipv6_address']), 'domain_id', $rec['domain_id']); } unset($records); unset($rec); } } else { $php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir)); - - $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]); - $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir); + $htaccess_allow_override = $web_config["htaccess_allow_override"]; + + $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id); } } else { if(isset($page_form->dataRecord["parent_domain_id"]) && $page_form->dataRecord["parent_domain_id"] != $page_form->oldDataRecord["parent_domain_id"]) { - $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = '" . $app->functions->intval($page_form->dataRecord['parent_domain_id']) . "'"); + $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $page_form->dataRecord['parent_domain_id']); // Set the values for document_root, system_user and system_group - $system_user = $app->db->quote($parent_domain['system_user']); - $system_group = $app->db->quote($parent_domain['system_group']); - $document_root = $app->db->quote($parent_domain['document_root']); + $system_user = $parent_domain['system_user']; + $system_group = $parent_domain['system_group']; + $document_root = $parent_domain['document_root']; $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$page_form->dataRecord['web_folder'], $web_config["php_open_basedir"]); $php_open_basedir = str_replace("[website_domain]/web", $page_form->dataRecord['domain'].'/'.$page_form->dataRecord['web_folder'], $php_open_basedir); $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir); - $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir)); - $htaccess_allow_override = $app->db->quote($parent_domain['allow_override']); - $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($parent_domain['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id; - $app->db->query($sql); + $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir); + $htaccess_allow_override = $parent_domain['allow_override']; + $sql = "UPDATE web_domain SET sys_groupid = ?,system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?"; + $app->db->query($sql, $parent_domain['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id); } } } diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php index fd442055623c273d166ba5094f88b76e44c8f222..dcd2df73504fbc638b7e3f9b0121d5c7c4e421c3 100644 --- a/interface/lib/plugins/vm_openvz_plugin.inc.php +++ b/interface/lib/plugins/vm_openvz_plugin.inc.php @@ -41,24 +41,24 @@ class vm_openvz_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } // Set the VEID $tmp = $app->db->queryOneRecord('SELECT MAX(veid) + 1 as newveid FROM openvz_vm'); $veid = ($tmp['newveid'] > 100)?$tmp['newveid']:101; - $app->db->query("UPDATE openvz_vm SET veid = ".$veid." WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET veid = ? WHERE vm_id = ?", $veid, $this->id); unset($tmp); // Apply template values to the advanced tab settings $this->applyTemplate(); // Set the IP address - $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'"); + $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']); // Create the OpenVZ config file and store it in config field $this->makeOpenVZConfig(); @@ -82,11 +82,11 @@ class vm_openvz_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id); + $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id); } if(isset($this->dataRecord["ostemplate_id"]) && $this->oldDataRecord["ostemplate_id"] != $this->dataRecord["ostemplate_id"]) { @@ -94,7 +94,7 @@ class vm_openvz_plugin { } // Set the IP address - if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'"); + if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']); // Create the OpenVZ config file and store it in config field $this->makeOpenVZConfig(); @@ -111,8 +111,8 @@ class vm_openvz_plugin { global $app, $conf; //* Free the IP address - $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id)); - $app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']); + $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ?", $page_form->id); + $app->db->datalogUpdate('openvz_ip', array('vm_id' => 0), 'ip_address_id', $tmp['ip_address_id']); unset($tmp); } @@ -120,29 +120,29 @@ class vm_openvz_plugin { private function applyTemplate() { global $app, $conf; - $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"])); + $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $this->dataRecord["template_id"]); $sql = "UPDATE openvz_vm SET "; - $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', "; - $sql .= "ram = '".$app->db->quote($tpl['ram'])."', "; - $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', "; - $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', "; - $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', "; - $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', "; - $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', "; - $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', "; - $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', "; - $sql .= "capability = '".$app->db->quote($tpl['capability'])."' "; - $sql .= "WHERE vm_id = ".$app->functions->intval($this->id); - $app->db->query($sql); + $sql .= "diskspace = ?, "; + $sql .= "ram = ?, "; + $sql .= "ram_burst = ?, "; + $sql .= "cpu_units = ?, "; + $sql .= "cpu_num = ?, "; + $sql .= "cpu_limit = ?, "; + $sql .= "io_priority = ?, "; + $sql .= "nameserver = ?, "; + $sql .= "create_dns = ?, "; + $sql .= "capability = ? "; + $sql .= "WHERE vm_id = ?"; + $app->db->query($sql, $tpl['diskspace'], $tpl['ram'], $tpl['ram_burst'], $tpl['cpu_units'], $tpl['cpu_num'], $tpl['cpu_limit'], $tpl['io_priority'], $tpl['nameserver'], $tpl['create_dns'], $tpl['capability'], $this->id); } private function makeOpenVZConfig() { global $app, $conf; - $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id)); - $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id'])); + $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?",$app->functions->intval($this->id)); + $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?",$app->functions->intval($vm['template_id'])); $burst_ram = $vm['ram_burst']*256; $guar_ram = $vm['ram']*256; @@ -194,12 +194,12 @@ class vm_openvz_plugin { $tpl->setVar('nameserver', $vm['nameserver']); $tpl->setVar('capability', $vm['capability']); - $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id'])); + $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $app->functions->intval($vm['ostemplate_id'])); $tpl->setVar('ostemplate', $tmp['template_file']); unset($tmp); - $openvz_config = $app->db->quote($tpl->grab()); - $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id)); + $openvz_config = $tpl->grab(); + $app->db->query("UPDATE openvz_vm SET config = ? WHERE vm_id = ?", $openvz_config, $app->functions->intval($this->id)); unset($tpl); @@ -208,23 +208,23 @@ class vm_openvz_plugin { private function createDNS() { global $app, $conf; - $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id)); + $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?", $app->functions->intval($this->id)); if($vm['create_dns'] != 'y') return; $full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']); $hostname_parts = explode('.', $full_hostname); - $hostname = $app->db->quote($hostname_parts[0]); + $hostname = $hostname_parts[0]; unset($hostname_parts[0]); - $zone = $app->db->quote((implode('.', $hostname_parts))); + $zone = implode('.', $hostname_parts); unset($hostname_parts); // Find the dns zone - $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'"); - $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'"); + $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $zone); + $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ?", $zone_rec['id'], $hostname); if($zone_rec['id'] > 0) { - $ip_address = $app->db->quote($vm['ip_address']); + $ip_address = $vm['ip_address']; $sys_userid = $app->functions->intval($zone_rec['sys_userid']); $sys_groupid = $app->functions->intval($zone_rec['sys_groupid']); $server_id = $app->functions->intval($zone_rec['server_id']); @@ -232,12 +232,25 @@ class vm_openvz_plugin { if($rr_rec['id'] > 0) { $app->uses('validate_dns'); - $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id'])); + $app->db->datalogUpdate('dns_rr', array("data" => $ip_address), 'id', $app->functions->intval($rr_rec['id'])); $serial = $app->validate_dns->increase_serial($zone_rec['serial']); - $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id'])); + $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $app->functions->intval($zone_rec['id'])); } else { - $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES - ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')"; + $insert_data = array( + "sys_userid" => $sys_userid, + "sys_groupid" => $sys_groupid, + "sys_perm_user" => 'riud', + "sys_perm_group" => 'riud', + "sys_perm_other" => '', + "server_id" => $server_id, + "zone" => $dns_soa_id, + "name" => $hostname, + "type" => 'A', + "data" => $ip_address, + "aux" => '0', + "ttl" => '3600', + "active" => 'Y' + ); $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id'); } diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php index 6c29f766d100d03f548d815f26ffdd6c4956bd37..4dd26afbf6759aa1a001fd773e6fa851c72ba3b1 100644 --- a/interface/web/admin/firewall_edit.php +++ b/interface/web/admin/firewall_edit.php @@ -56,7 +56,7 @@ class page_action extends tform_actions { //* Check if the server has been changed // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) { - $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id); + $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ?", $this->id); if($rec['server_id'] != $this->dataRecord["server_id"]) { //* Add a error message and switch back to old server $app->tform->errorMessage .= $app->lng('The Server can not be changed.'); diff --git a/interface/web/admin/form/directive_snippets.tform.php b/interface/web/admin/form/directive_snippets.tform.php index 8db725b95fe11c7c453641fd67b3518f4fdab740..0c2502c6c4a4c1ef4b5a8cceaa5bd295ba6e0894 100644 --- a/interface/web/admin/form/directive_snippets.tform.php +++ b/interface/web/admin/form/directive_snippets.tform.php @@ -105,6 +105,17 @@ $form["tabs"]['directive_snippets'] = array ( 'default' => 'y', 'value' => array(0 => 'n', 1 => 'y') ), + 'required_php_snippets' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOXARRAY', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => "SELECT directive_snippets_id,name FROM directive_snippets WHERE type = 'php' AND active = 'y'ORDER BY name", + 'keyfield' => 'directive_snippets_id', + 'valuefield' => 'name' + ), + 'separator' => ',', + ), //################################# // ENDE Datatable fields //################################# diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php index 7827b43f26d57403cfe3b5f3b98184c49310132e..0f78f9d2bf19a524f975545d0661f85f03a51d4a 100644 --- a/interface/web/admin/form/server_config.tform.php +++ b/interface/web/admin/form/server_config.tform.php @@ -182,7 +182,7 @@ $form["tabs"]['server'] = array( 'backup_dir_is_mount' => array( 'datatype' => 'VARCHAR', 'formtype' => 'CHECKBOX', - 'default' => 'n', + 'default' => 'y', 'value' => array(0 => 'n', 1 => 'y') ), 'backup_mode' => array( @@ -327,7 +327,7 @@ $form["tabs"]['mail'] = array( 'datatype' => 'INTEGER', 'formtype' => 'SELECT', 'default' => '2048', - 'value' => array('1024' => 'week (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)') + 'value' => array('1024' => 'weak (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)') ), 'relayhost_password' => array( 'datatype' => 'VARCHAR', @@ -1036,7 +1036,7 @@ $form["tabs"]['web'] = array( 'enable_spdy' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'CHECKBOX', - 'default' => 'n', + 'default' => 'y', 'value' => array ( 0 => 'n', 1 => 'y' diff --git a/interface/web/admin/lib/module.conf.php b/interface/web/admin/lib/module.conf.php index 7f4d19da1abd456a7027fdd6729994edc67b2a90..727f7a2d5555918be7282dd705bf8e2f745f72b4 100644 --- a/interface/web/admin/lib/module.conf.php +++ b/interface/web/admin/lib/module.conf.php @@ -7,6 +7,7 @@ $module['title'] = 'top_menu_system'; $module['template'] = 'module.tpl.htm'; $module['startpage'] = 'admin/server_list.php'; $module['tab_width'] = '60'; +$module['order'] = '90'; $items[] = array( 'title' => 'CP Users', diff --git a/interface/web/admin/list/directive_snippets.list.php b/interface/web/admin/list/directive_snippets.list.php index 37fe89a42d2102861cc9e66a659ac30d213d20a8..078cebf8608ed82d12ad8f5cc1d12d1d5f1990ff 100644 --- a/interface/web/admin/list/directive_snippets.list.php +++ b/interface/web/admin/list/directive_snippets.list.php @@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('y' => "
Yes
", 'n' => "No
"));
+ 'value' => array('y' => "".$app->lng('yes_txt')."
", 'n' => "".$app->lng('no_txt')."
"));
$liste["item"][] = array( 'field' => "name",
@@ -82,6 +82,6 @@ $liste["item"][] = array( 'field' => "customer_viewable",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "Yes
", 'n' => "No
"));
+ 'value' => array('y' => "".$app->lng('yes_txt')."
", 'n' => "".$app->lng('no_txt')."
"));
?>
diff --git a/interface/web/admin/list/firewall.list.php b/interface/web/admin/list/firewall.list.php
index 058e86c804cfa730fdbed654b2a6ec18a76a8fff..786b7b848ae756f78a69e987b0af7a98a6cfdfed 100644
--- a/interface/web/admin/list/firewall.list.php
+++ b/interface/web/admin/list/firewall.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "Yes
", 'n' => "No
"));
+ 'value' => array('y' => "".$app->lng('yes_txt')."
", 'n' => "".$app->lng('no_txt')."
"));
$liste["item"][] = array( 'field' => "server_id",
'datatype' => "VARCHAR",
diff --git a/interface/web/admin/list/iptables.list.php b/interface/web/admin/list/iptables.list.php
index ad487e5b6baf5a688561385956414907d32be758..3ad78404ea4c195e8d35cdd79f9fec4338fe1f97 100644
--- a/interface/web/admin/list/iptables.list.php
+++ b/interface/web/admin/list/iptables.list.php
@@ -18,14 +18,14 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array("y" => "Yes
", "n" => "No
"));
+ 'value' => array("y" => "".$app->lng('yes_txt')."
", "n" => "".$app->lng('no_txt')."
"));
$liste["item"][] = array( 'field' => "server_id",
- 'datatype' => "VARCHAR",
+ 'datatype' => "INTEGER",
'formtype' => "SELECT",
- 'op' => "like",
- 'prefix' => "%",
- 'suffix' => "%",
+ 'op' => "=",
+ 'prefix' => "",
+ 'suffix' => "",
'datasource' => array ( 'type' => "SQL",
'querystring' => "SELECT server_id,server_name FROM server WHERE {AUTHSQL} AND db_server = 1 ORDER BY server_name",
'keyfield'=> "server_id",
diff --git a/interface/web/admin/list/server.list.php b/interface/web/admin/list/server.list.php
index 0290632405d948c77cdcb90eb741fa4617df2458..9ca54c07d5d2df744ac530f6898792264a666d25 100644
--- a/interface/web/admin/list/server.list.php
+++ b/interface/web/admin/list/server.list.php
@@ -63,7 +63,7 @@ $liste['item'][] = array( 'field' => 'mail_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'web_server',
'datatype' => 'VARCHAR',
@@ -72,7 +72,7 @@ $liste['item'][] = array( 'field' => 'web_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'dns_server',
'datatype' => 'VARCHAR',
@@ -81,7 +81,7 @@ $liste['item'][] = array( 'field' => 'dns_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'file_server',
'datatype' => 'VARCHAR',
@@ -90,7 +90,7 @@ $liste['item'][] = array( 'field' => 'file_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'db_server',
'datatype' => 'VARCHAR',
@@ -99,7 +99,7 @@ $liste['item'][] = array( 'field' => 'db_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'vserver_server',
'datatype' => 'VARCHAR',
@@ -108,7 +108,7 @@ $liste['item'][] = array( 'field' => 'vserver_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'xmpp_server',
'datatype' => 'VARCHAR',
@@ -117,6 +117,6 @@ $liste['item'][] = array( 'field' => 'xmpp_server',
'prefix' => '%',
'suffix' => '%',
'width' => '',
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
?>
diff --git a/interface/web/admin/list/server_ip.list.php b/interface/web/admin/list/server_ip.list.php
index dba0c68cb1129b58210479614da81a448b52797e..41ac76e2a9dd67409c9b4a99a29021df789779fa 100644
--- a/interface/web/admin/list/server_ip.list.php
+++ b/interface/web/admin/list/server_ip.list.php
@@ -45,11 +45,11 @@ $liste['auth'] = 'no';
*****************************************************/
$liste['item'][] = array( 'field' => 'server_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
@@ -59,11 +59,11 @@ $liste['item'][] = array( 'field' => 'server_id',
'value' => '');
$liste['item'][] = array( 'field' => 'client_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',
'keyfield'=> 'client_id',
@@ -95,7 +95,7 @@ $liste["item"][] = array( 'field' => "virtualhost",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "Yes
", 'n' => "No
"));
+ 'value' => array('y' => "".$app->lng('yes_txt')."
", 'n' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'virtualhost_port',
diff --git a/interface/web/admin/list/server_php.list.php b/interface/web/admin/list/server_php.list.php
index ce8944d5a85e87ce3a4ae5e3874dd6162c53c85d..2414cb8fec37d2c71ad71081afd8a80a3dce6609 100644
--- a/interface/web/admin/list/server_php.list.php
+++ b/interface/web/admin/list/server_php.list.php
@@ -45,11 +45,11 @@ $liste['auth'] = 'no';
*****************************************************/
$liste['item'][] = array( 'field' => 'server_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',
'keyfield'=> 'server_id',
@@ -59,11 +59,11 @@ $liste['item'][] = array( 'field' => 'server_id',
'value' => '');
$liste['item'][] = array( 'field' => 'client_id',
- 'datatype' => 'VARCHAR',
+ 'datatype' => 'INTEGER',
'formtype' => 'SELECT',
- 'op' => 'like',
- 'prefix' => '%',
- 'suffix' => '%',
+ 'op' => '=',
+ 'prefix' => '',
+ 'suffix' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',
'keyfield'=> 'client_id',
diff --git a/interface/web/admin/list/software_repo.list.php b/interface/web/admin/list/software_repo.list.php
index 2eb3dd520eeb4d74bd39184f39879b9f6e6c237f..824c66d6d9d29f0ae04727cd605535f272573b71 100644
--- a/interface/web/admin/list/software_repo.list.php
+++ b/interface/web/admin/list/software_repo.list.php
@@ -54,7 +54,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('y' => "Yes
", 'n' => "No
"));
+ 'value' => array('y' => "".$app->lng('yes_txt')."
", 'n' => "".$app->lng('no_txt')."
"));
$liste["item"][] = array( 'field' => "repo_name",
'datatype' => "VARCHAR",
diff --git a/interface/web/admin/list/users.list.php b/interface/web/admin/list/users.list.php
index b260c2b3c652f01b5c61c277c58d4c3ae7688dbb..53e3f440a6f6e76f6c79e0eb16610ee0bb45c61c 100644
--- a/interface/web/admin/list/users.list.php
+++ b/interface/web/admin/list/users.list.php
@@ -60,7 +60,7 @@ $liste["item"][] = array( 'field' => "active",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('1' => "Yes
", '0' => "No
"));
+ 'value' => array('1' => "".$app->lng('yes_txt')."
", '0' => "".$app->lng('no_txt')."
"));
$liste['item'][] = array( 'field' => 'username',
'datatype' => 'VARCHAR',
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 32bf0c4333b8973ec352bd7aee2fc07fac5ff633..263400665873c71a00137bcfb8d2e8d423e7bd5a 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -80,15 +80,8 @@ if (1 == 0 && isset($_POST['server_select'])) {
}
foreach ($servers as $serverId) {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- $app->functions->intval($serverId) . ", " .
- time() . ", " .
- "'ispc_update', " .
- "'', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'ispc_update', '', 'pending', '')";
+ $app->db->query($sql, $serverId);
}
$msg = $wb['action_scheduled'];
}
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 61c6c23823689ad99558e2becba462b0905ba3e6..8f48e29f2d472d6937c37e73af54237c3f0f8bd3 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -76,15 +76,8 @@ if (isset($_POST['server_select'])) {
}
foreach ($servers as $serverId) {
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- $app->functions->intval($serverId) . ", " .
- time() . ", " .
- "'os_update', " .
- "'', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'os_update', '', 'pending', '')";
+ $app->db->query($sql, $serverId);
}
$msg = $wb['action_scheduled'];
}
diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index e561b00ac546fd900a48c0b292e1cbd7d2fcb37d..d64b6dd7dbae3b45eeb9c7133268c4689d9c9889 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -96,7 +96,7 @@ class page_action extends tform_actions {
$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
+ $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
}
}
diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php
index 0adf313181a23764852fd72c63baef27b96c6e38..c2e746d5c58fce1e2d2b8a08b8fa92de282b4079 100644
--- a/interface/web/admin/server_edit.php
+++ b/interface/web/admin/server_edit.php
@@ -55,8 +55,8 @@ class page_action extends tform_actions {
global $app, $conf;
// Getting Servers
- $sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
- $mirror_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id,server_name FROM server WHERE server_id != ? ORDER BY server_name";
+ $mirror_servers = $app->db->queryAllRecords($sql, $this->id);
$mirror_server_select = '';
if(is_array($mirror_servers)) {
foreach( $mirror_servers as $mirror_server) {
diff --git a/interface/web/admin/server_ip_edit.php b/interface/web/admin/server_ip_edit.php
index c20f752b86c86c5535fe49a9a37b727ea5c0a469..f7872f4438954d47dc7dbdfbbd495b9032a5fe40 100644
--- a/interface/web/admin/server_ip_edit.php
+++ b/interface/web/admin/server_ip_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
+ $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/server_php_edit.php b/interface/web/admin/server_php_edit.php
index f60ae997a051a92b5d389701debc40db26b184d9..12aacf60b92a687c75c71f33fad9abe5b83cad5a 100644
--- a/interface/web/admin/server_php_edit.php
+++ b/interface/web/admin/server_php_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
- $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
+ $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index dd49f2e0b74ec0be3ec093cf7c548a51647cf46e..ccbfd73ebe6e2c3411f1a1fa32dd579c06b45ccd 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -38,11 +38,11 @@ $app->auth->check_security_permissions('admin_allow_software_packages');
//* This is only allowed for administrators
if(!$app->auth->is_admin()) die('only allowed for administrators.');
-$package_name = $app->db->quote($_REQUEST['package']);
+$package_name = $_REQUEST['package'];
$install_server_id = $app->functions->intval($_REQUEST['server_id']);
-$install_key = $app->db->quote(trim($_REQUEST['install_key']));
+$install_key = trim($_REQUEST['install_key']);
-$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '$package_name'");
+$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $package_name);
$install_key_verified = false;
$message_err = '';
@@ -51,7 +51,7 @@ $message_ok = '';
//* verify the key
if($package['package_installable'] == 'key' && $install_key != '') {
- $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));
+ $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ?", $package['software_repo_id']);
$client = new SoapClient(null, array('location' => $repo['repo_url'],
'uri' => $repo['repo_url']));
@@ -63,7 +63,7 @@ if($package['package_installable'] == 'key' && $install_key != '') {
$message_err = 'Verification of the key failed.';
} else {
// Store the verified key into the database
- $app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
+ $app->db->datalogUpdate('software_package', array("package_key" => $install_key), 'package_id', $package['package_id']);
}
} else {
$message_ok = 'Please enter the software key for the package.';
@@ -71,8 +71,8 @@ if($package['package_installable'] == 'key' && $install_key != '') {
//* Install packages, if all requirements are fullfilled.
if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = ? ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
+ $tmp = $app->db->queryOneRecord($sql, $package_name);
$software_update_id = $tmp['software_update_id'];
//* if package requires a DB and there is no data for a db in config, then we create this data now
@@ -91,7 +91,7 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
'database_host' => 'localhost');
$package_config_str = $app->ini_parser->get_ini_string($package_config_array);
$package['package_config'] = $package_config_str;
- $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
+ $app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);
}
}
@@ -105,7 +105,7 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
if(!isset($package_config_array['remote_api'])) {
$remote_user = 'ispapp'.$package['package_id'];
$remote_password = md5(mt_rand());
- $remote_functions = $app->db->quote($package['package_remote_functions']);
+ $remote_functions = $package['package_remote_functions'];
$package_config_array['remote_api'] = array(
'remote_hostname' => $_SERVER['HTTP_HOST'],
@@ -116,19 +116,23 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
$package_config_str = $app->ini_parser->get_ini_string($package_config_array);
$package['package_config'] = $package_config_str;
$remote_password_md5 = md5($remote_password);
- $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
+ $app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);
$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
- (1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";
-
- $app->db->query($sql);
+ (1, 1, 'riud', 'riud', '', ?, ?, ?)";
+ $app->db->query($sql, $remote_user, $remote_password_md5, $remote_functions);
}
}
//* Add the record to start the install process
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
+ $insert_data = array(
+ "package_name" => $package_name,
+ "server_id" => $install_server_id,
+ "software_update_id" => $software_update_id,
+ "status" => 'installing'
+ );
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
$message_ok = 'Starting package installation '."".$app->lng('next')."";
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index f7bf25b9c24de6e40db966fcc1d095993a0e7f3c..5e552dbee7b9497c26bf17571c561cb85c4efbe9 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -48,27 +48,40 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
$packages = $client->get_packages($repo['repo_username'], $repo['repo_password']);
if(is_array($packages)) {
foreach($packages as $p) {
- $package_name = $app->db->quote($p['name']);
- $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
+ $package_name = $p['name'];
+ $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = ?", $package_name);
- $package_title = $app->db->quote($p['title']);
- $package_description = $app->db->quote($p['description']);
+ $package_title = $p['title'];
+ $package_description = $p['description'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $package_type = $app->db->quote($p['type']);
- $package_installable = $app->db->quote($p['installable']);
- $package_requires_db = $app->db->quote($p['requires_db']);
- $package_remote_functions = $app->db->quote($p['remote_functions']);
+ $package_type = $p['type'];
+ $package_installable = $p['installable'];
+ $package_requires_db = $p['requires_db'];
+ $package_remote_functions = $p['remote_functions'];
if(empty($tmp['package_id'])) {
- //$sql = "INSERT INTO software_package (software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db')";
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db,package_remote_functions) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db','$package_remote_functions')";
+ $insert_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_name" => $package_name,
+ "package_title" => $package_title,
+ "package_description" => $package_description,
+ "package_type" => $package_type,
+ "package_installable" => $package_installable,
+ "package_requires_db" => $package_requires_db,
+ "package_remote_functions" => $package_remote_functions
+ );
$app->db->datalogInsert('software_package', $insert_data, 'package_id');
$packages_added++;
} else {
- //$sql = "UPDATE software_package SET software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db' WHERE package_name = '$package_name'";
- //$app->db->query($sql);
- $update_data = "software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db', package_remote_functions = '$package_remote_functions'";
+ $update_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_title" => $package_title,
+ "package_description" => $package_description,
+ "package_type" => $package_type,
+ "package_installable" => $package_installable,
+ "package_requires_db" => $package_requires_db,
+ "package_remote_functions" => $package_remote_functions
+ );
//echo $update_data;
$app->db->datalogUpdate('software_package', $update_data, 'package_id', $tmp['package_id']);
}
@@ -91,25 +104,31 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
$v3 = $app->functions->intval($version_array[2]);
$v4 = $app->functions->intval($version_array[3]);
- $package_name = $app->db->quote($u['package_name']);
+ $package_name = $u['package_name'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $update_url = $app->db->quote($u['url']);
- $update_md5 = $app->db->quote($u['md5']);
- $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
- $update_title = $app->db->quote($u['title']);
- $type = $app->db->quote($u['type']);
+ $update_url = $u['url'];
+ $update_md5 = $u['md5'];
+ $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';
+ $update_title = $u['title'];
+ $type = $u['type'];
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
- // Insert the update in the datbase
- //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
- //die($sql);
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ $insert_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_name" => $package_name,
+ "update_url" => $update_url,
+ "update_md5" => $update_md5,
+ "update_dependencies" => $update_dependencies,
+ "update_title" => $update_title,
+ "v1" => $v1,
+ "v2" => $v2,
+ "v3" => $v3,
+ "v4" => $v4,
+ "type" => $type
+ );
$app->db->datalogInsert('software_update', $insert_data, 'software_update_id');
}
@@ -120,23 +139,6 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
}
}
-//* Install packages, if GET Request
-/*
-if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
- $package_name = $app->db->quote($_GET['package']);
- $server_id = $app->functions->intval($_GET['server_id']);
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
- $software_update_id = $tmp['software_update_id'];
-
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
- // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
- $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
-}
-*/
-
-
-
// Show the list in the interface
// Loading the template
$app->uses('tpl');
@@ -150,7 +152,7 @@ if(is_array($packages) && count($packages) > 0) {
foreach($packages as $key => $p) {
$installed_txt = '';
foreach($servers as $s) {
- $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
+ $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = ? AND server_id = ?", $p["package_name"], $s["server_id"]);
$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
if($inst['status'] == 'installed') {
diff --git a/interface/web/admin/software_update_list.php b/interface/web/admin/software_update_list.php
index 321c42bc139f01791a11881d61cf87b1c8f437ec..c987e9e04bebe9606a45cbac217d5c40925a7947 100644
--- a/interface/web/admin/software_update_list.php
+++ b/interface/web/admin/software_update_list.php
@@ -72,23 +72,23 @@ if(is_array($repos)) {
$v3 = $app->functions->intval($version_array[2]);
$v4 = $app->functions->intval($version_array[3]);
- $package_name = $app->db->quote($u['package_name']);
+ $package_name = $u['package_name'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $update_url = $app->db->quote($u['url']);
- $update_md5 = $app->db->quote($u['md5']);
- $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
- $update_title = $app->db->quote($u['title']);
- $type = $app->db->quote($u['type']);
+ $update_url = $u['url'];
+ $update_md5 = $u['md5'];
+ $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';
+ $update_title = $u['title'];
+ $type = $u['type'];
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
// Insert the update in the datbase
$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ VALUES ($software_repo_id, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
//die($sql);
- $app->db->query($sql);
+ $app->db->query($sql, $package_name, $update_url, $update_md5, $update_dependencies, $update_title, $v1, $v2, $v3, $v4, $type);
}
}
@@ -101,12 +101,16 @@ if(is_array($repos)) {
//* Install packages, if GET Request
if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
- $package_name = $app->db->quote($_GET['package']);
+ $package_name = $_GET['package'];
$server_id = $app->functions->intval($_GET['server_id']);
$software_update_id = $app->functions->intval($_GET['id']);
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
- // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
+ $insert_data = array(
+ "package_name" => $package_name,
+ "server_id" => $server_id,
+ "software_update_id" => $software_update_id,
+ "status" => 'installing'
+ );
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
}
@@ -162,12 +166,12 @@ if(is_array($installed_packages)) {
foreach($installed_packages as $ip) {
// Get version number of the latest installed version
- $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
- $lu = $app->db->queryOneRecord($sql);
+ $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
+ $lu = $app->db->queryOneRecord($sql, $server_id);
// Get all installable updates
- $sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
- $updates = $app->db->queryAllRecords($sql);
+ $sql = "SELECT * FROM software_update WHERE v1 >= ? AND v2 >= ? AND v3 >= ? AND v4 >= ? AND package_name = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
+ $updates = $app->db->queryAllRecords($sql, $lu['v1'], $lu['v2'], $lu['v3'], $lu['v4'], $ip['package_name']);
//die($sql);
if(is_array($updates)) {
diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 7108f2707a8aa31bf498b143305dd2f127c8ae89..f48f11b7ed5faf17521c4cb4b18f003568fefdd4 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -89,13 +89,24 @@ class page_action extends tform_actions {
$available_dashlets_txt = '';
$handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');
while ($file = @readdir($handle)) {
- if ($file != '.' && $file != '..' && !is_dir($file)) {
+ if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {
$available_dashlets_txt .= '['.substr($file, 0, -4).'] ';
}
}
if($available_dashlets_txt == '') $available_dashlets_txt = '------';
$app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);
+
+ // Logo
+ $sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = ?", $this->id);
+ if($sys_ini['custom_logo'] != ''){
+ $logo = '
+
+
+ {tmpl_var name='required_php_snippets'}
+
@@ -48,15 +54,19 @@
if (jQuery('#type').val() != 'nginx' && jQuery('#type').val() != 'apache') {
jQuery('#customer_viewable').closest('div.ctrlHolder:visible').hide();
- }else {
+ jQuery('.php:visible').hide();
+ } else {
jQuery('#customer_viewable').closest('div.ctrlHolder:hidden').show();
+ jQuery('.php:hidden').show();
}
jQuery('#type').change(function(){
if (jQuery(this).val() != 'nginx' && jQuery(this).val() != 'apache') {
jQuery('#customer_viewable').closest('div.ctrlHolder:visible').hide();
+ jQuery('.php:visible').hide();
} else {
jQuery('#customer_viewable').closest('div.ctrlHolder:hidden').show();
+ jQuery('.php:hidden').show();
}
if(jQuery(this).val() == 'nginx'){
jQuery('.nginx:hidden').show();
diff --git a/interface/web/admin/templates/directive_snippets_list.htm b/interface/web/admin/templates/directive_snippets_list.htm
index 3aae3f3615bd03c44996ca81afe04762ef6f54b2..bf43d42428a7616b1daaae233d167b9d68e4a863 100644
--- a/interface/web/admin/templates/directive_snippets_list.htm
+++ b/interface/web/admin/templates/directive_snippets_list.htm
@@ -37,7 +37,7 @@
{tmpl_var name="type"}
{tmpl_var name="customer_viewable"}
-
+
diff --git a/interface/web/admin/templates/firewall_list.htm b/interface/web/admin/templates/firewall_list.htm
index f60294ebdb59095702a39b034725f838c2aa9814..ac85f7e4fe1ae1b584315b0401bba1373e05a97a 100644
--- a/interface/web/admin/templates/firewall_list.htm
+++ b/interface/web/admin/templates/firewall_list.htm
@@ -40,7 +40,7 @@
{tmpl_var name="tcp_port"}
{tmpl_var name="udp_port"}
-
+
diff --git a/interface/web/admin/templates/groups_list.htm b/interface/web/admin/templates/groups_list.htm
index f18ee8251d523c9216f137291f93ac97d81b9c3c..d53ee58b249d19934cc34f5dc44771ea9874fa90 100644
--- a/interface/web/admin/templates/groups_list.htm
+++ b/interface/web/admin/templates/groups_list.htm
@@ -35,7 +35,7 @@
{tmpl_var name="name"}
{tmpl_var name="description"}
-
+
diff --git a/interface/web/admin/templates/iptables_list.htm b/interface/web/admin/templates/iptables_list.htm
index 379f587dfe21e9b940269303c6db387fa3ff588f..e1fcb3dc034564c4701446a8769009a42d7a7634 100644
--- a/interface/web/admin/templates/iptables_list.htm
+++ b/interface/web/admin/templates/iptables_list.htm
@@ -51,7 +51,7 @@
{tmpl_var name="state"}
{tmpl_var name="target"}
-
+
diff --git a/interface/web/admin/templates/language_import.htm b/interface/web/admin/templates/language_import.htm
index 9b1c249bc5b160cfaa2532e7caccd250ce72e543..8bd653c13e8a33217e830ba187233bd1034c709d 100644
--- a/interface/web/admin/templates/language_import.htm
+++ b/interface/web/admin/templates/language_import.htm
@@ -23,7 +23,7 @@
-
+
diff --git a/interface/web/admin/templates/remote_user_list.htm b/interface/web/admin/templates/remote_user_list.htm
index 1b483456ad778bcb989ca37651936c3989560748..de65c64536cabab9d86d2286d7889ed2cc6e0f3c 100644
--- a/interface/web/admin/templates/remote_user_list.htm
+++ b/interface/web/admin/templates/remote_user_list.htm
@@ -33,7 +33,7 @@
{tmpl_var name="remote_userid"}
{tmpl_var name="remote_username"}
-
+
diff --git a/interface/web/admin/templates/server_config_list.htm b/interface/web/admin/templates/server_config_list.htm
index 5f6a2dc976cc91b82bedfb69e51f09c8522cc1f6..ef0935552af746e10252b01a63f2063668dea312 100644
--- a/interface/web/admin/templates/server_config_list.htm
+++ b/interface/web/admin/templates/server_config_list.htm
@@ -24,7 +24,7 @@
{tmpl_var name="server_name"}
-
+
diff --git a/interface/web/admin/templates/server_ip_list.htm b/interface/web/admin/templates/server_ip_list.htm
index 7aa218227c71e614cdea6a6f65306bdbf830b4ed..373bc4c6da3c743fd16c59e9c6aa66c4f8771b3a 100644
--- a/interface/web/admin/templates/server_ip_list.htm
+++ b/interface/web/admin/templates/server_ip_list.htm
@@ -45,7 +45,7 @@
{tmpl_var name="virtualhost"}
{tmpl_var name="virtualhost_port"}
-
+
diff --git a/interface/web/admin/templates/server_list.htm b/interface/web/admin/templates/server_list.htm
index 016b0cd1df8a5f1263ffbdfecc68f5e5ec2805a8..893872eed03038ce3d516d53d60e9e21c470394e 100644
--- a/interface/web/admin/templates/server_list.htm
+++ b/interface/web/admin/templates/server_list.htm
@@ -45,19 +45,19 @@
{tmpl_var name="vserver_server"}
{tmpl_var name="xmpp_server"}
-
+
- {tmpl_var name='globalsearch_noresults_text_txt'}
+ {tmpl_var name='globalsearch_noresults_text_txt'}
-