Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Zvonimir
ISPConfig 3
Commits
bfc77147
Commit
bfc77147
authored
Aug 14, 2014
by
Marius Cramer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixes: FS#3364 - client_add does not check that reseller is actually reseller
additionally fixes this for client_update
parent
a5e225d6
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
37 additions
and
5 deletions
+37
-5
interface/lib/classes/remoting.inc.php
interface/lib/classes/remoting.inc.php
+37
-5
No files found.
interface/lib/classes/remoting.inc.php
View file @
bfc77147
...
...
@@ -1415,13 +1415,30 @@ class remoting {
public
function
client_add
(
$session_id
,
$reseller_id
,
$params
)
{
global
$app
;
if
(
!
$this
->
checkPerm
(
$session_id
,
'client_add'
))
{
$this
->
server
->
fault
(
'permission_denied'
,
'You do not have the permissions to access this function.'
);
return
false
;
}
if
(
!
isset
(
$params
[
'parent_client_id'
])
||
$params
[
'parent_client_id'
]
==
0
)
$params
[
'parent_client_id'
]
=
$reseller_id
;
$affected_rows
=
$this
->
klientadd
(
'../client/form/'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
>
0
?
'reseller'
:
'client'
)
.
'.tform.php'
,
$reseller_id
,
$params
);
if
(
$params
[
'parent_client_id'
])
{
// check if this one is reseller
$check
=
$app
->
db
->
queryOneRecord
(
'SELECT `limit_client` FROM `client` WHERE `client_id` = '
.
intval
(
$client_id
));
if
(
$check
[
'limit_client'
]
==
0
)
{
$this
->
server
->
fault
(
'Invalid reseller'
,
'Selected client is not a reseller.'
);
return
false
;
}
if
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
!=
0
)
{
$this
->
server
->
fault
(
'Invalid reseller'
,
'Reseller cannot be client of another reseller.'
);
return
false
;
}
}
$affected_rows
=
$this
->
klientadd
(
'../client/form/'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
!=
0
?
'reseller'
:
'client'
)
.
'.tform.php'
,
$reseller_id
,
$params
);
return
$affected_rows
;
}
...
...
@@ -1437,9 +1454,25 @@ class remoting {
}
$app
->
uses
(
'remoting_lib'
);
$app
->
remoting_lib
->
loadFormDef
(
'../client/form/'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
>
0
?
'reseller'
:
'client'
)
.
'.tform.php'
);
$app
->
remoting_lib
->
loadFormDef
(
'../client/form/'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
!=
0
?
'reseller'
:
'client'
)
.
'.tform.php'
);
$old_rec
=
$app
->
remoting_lib
->
getDataRecord
(
$client_id
);
if
(
!
isset
(
$params
[
'parent_client_id'
])
||
$params
[
'parent_client_id'
]
==
0
)
$params
[
'parent_client_id'
]
=
$reseller_id
;
if
(
$params
[
'parent_client_id'
])
{
// check if this one is reseller
$check
=
$app
->
db
->
queryOneRecord
(
'SELECT `limit_client` FROM `client` WHERE `client_id` = '
.
intval
(
$client_id
));
if
(
$check
[
'limit_client'
]
==
0
)
{
$this
->
server
->
fault
(
'Invalid reseller'
,
'Selected client is not a reseller.'
);
return
false
;
}
if
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
!=
0
)
{
$this
->
server
->
fault
(
'Invalid reseller'
,
'Reseller cannot be client of another reseller.'
);
return
false
;
}
}
// we need the previuos templates assigned here
$this
->
oldTemplatesAssigned
=
$app
->
db
->
queryAllRecords
(
'SELECT * FROM `client_template_assigned` WHERE `client_id` = '
.
$client_id
);
if
(
!
is_array
(
$this
->
oldTemplatesAssigned
)
||
count
(
$this
->
oldTemplatesAssigned
)
<
1
)
{
...
...
@@ -1462,8 +1495,7 @@ class remoting {
}
if
(
!
isset
(
$params
[
'parent_client_id'
])
||
$params
[
'parent_client_id'
]
==
0
)
$params
[
'parent_client_id'
]
=
$reseller_id
;
$affected_rows
=
$this
->
updateQuery
(
'../client/form/'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
>
0
?
'reseller'
:
'client'
)
.
'.tform.php'
,
$reseller_id
,
$client_id
,
$params
,
'client:'
.
(
$reseller_id
?
'reseller'
:
'client'
)
.
':on_after_update'
);
$affected_rows
=
$this
->
updateQuery
(
'../client/form/'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
!=
0
?
'reseller'
:
'client'
)
.
'.tform.php'
,
$reseller_id
,
$client_id
,
$params
,
'client:'
.
(
$params
[
'parent_client_id'
]
?
'reseller'
:
'client'
)
.
':on_after_update'
);
$app
->
remoting_lib
->
ispconfig_sysuser_update
(
$params
,
$client_id
);
...
...
@@ -3195,7 +3227,7 @@ class remoting {
$this
->
id
=
$insert_id
;
$this
->
dataRecord
=
$params
;
$app
->
plugin
->
raiseEvent
(
'client:'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
>
0
?
'reseller'
:
'client'
)
.
':on_after_insert'
,
$this
);
$app
->
plugin
->
raiseEvent
(
'client:'
.
(
isset
(
$params
[
'limit_client'
])
&&
$params
[
'limit_client'
]
!=
0
?
'reseller'
:
'client'
)
.
':on_after_insert'
,
$this
);
/*
if($app->db->errorMessage != '') {
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment