- WebDAV Users: show only domains that run on Apache (because nginx does no...

ftimme

2011-10-11 81d79a79e4b29e9314b64b2e4c49b48ae8319767

 interface/web/sites/database_edit.php

@@ -95,10 +95,12 @@
         // Fill the client select field
         $sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY name";
         $clients = $app->db->queryAllRecords($sql);
         $client_select = '<option value="'.$client['client_id'].'">'.$client['contact_name'].'</option>';
         $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
         $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
         $tmp_data_record = $app->tform->getDataRecord($this->id);
         if(is_array($clients)) {
            foreach( $clients as $client) {
               $selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
               $selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
               $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
            }
         }
@@ -133,9 +135,10 @@
         $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
         $clients = $app->db->queryAllRecords($sql);
         $client_select = "<option value='0'></option>";
         $tmp_data_record = $app->tform->getDataRecord($this->id);
         if(is_array($clients)) {
            foreach( $clients as $client) {
               $selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
               $selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
               $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
            }
         }
@@ -258,14 +261,29 @@
      
      if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';

		
      //* Check database name and user against blacklist
      $dbname_blacklist = array($conf['db_database'],'mysql');
      if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
         $app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
      }
		
      $dbuser_blacklist = array($conf['db_user'],'mysql','root');
      if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
      }
		
      if ($app->tform->errorMessage == ''){
         /* restrict the names if there is no error */
            /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
         $this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
         $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
      }

		
      //* Check for duplicates
      $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
      if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';
		
      parent::onBeforeUpdate();
   }

@@ -284,7 +302,17 @@
      
      if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';

		
      //* Check database name and user against blacklist
      $dbname_blacklist = array($conf['db_database'],'mysql');
      if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
         $app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
      }
		
      $dbuser_blacklist = array($conf['db_user'],'mysql','root');
      if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
      }

      /* restrict the names */
        /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
@@ -292,6 +320,10 @@
         $this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
         $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
      }
		
      //* Check for duplicates
      $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
      if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';

      parent::onBeforeInsert();
   }