ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2010-10-12 7f2361a0e4fbccb23f16899e7cc8db5193e8e14e 
 interface/web/sites/database_edit.php


@@ -93,12 +93,14 @@


         unset($tmp);


         


         // Fill the client select field


         $sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];


         $sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY name";


         $clients = $app->db->queryAllRecords($sql);


         $client_select = '<option value="'.$client['client_id'].'">'.$client['contact_name'].'</option>';


         $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);


         $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';


         $tmp_data_record = $app->tform->getDataRecord($this->id);


         if(is_array($clients)) {


            foreach( $clients as $client) {


               $selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';


               $selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';


               $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";


            }


         }


@@ -130,12 +132,13 @@


         unset($ips);




         // Fill the client select field


         $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0";


         $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";


         $clients = $app->db->queryAllRecords($sql);


         $client_select = "<option value='0'></option>";


         $tmp_data_record = $app->tform->getDataRecord($this->id);


         if(is_array($clients)) {


            foreach( $clients as $client) {


               $selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';


               $selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';


               $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";


            }


         }


@@ -258,7 +261,18 @@


      


      if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';


      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';




		


      //* Check database name and user against blacklist


      $dbname_blacklist = array($conf['db_database'],'mysql');


      if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';


      }


		


      $dbuser_blacklist = array($conf['db_user'],'mysql','root');


      if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';


      }


		


      if ($app->tform->errorMessage == ''){


         /* restrict the names if there is no error */


            /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */


@@ -284,7 +298,17 @@


      


      if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';


      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';




		


      //* Check database name and user against blacklist


      $dbname_blacklist = array($conf['db_database'],'mysql');


      if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';


      }


		


      $dbuser_blacklist = array($conf['db_user'],'mysql','root');


      if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';


      }




      /* restrict the names */


        /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */