| interface/lib/classes/plugin_backuplist.inc.php | ●●●●● patch | view | raw | blame | history | |
| interface/lib/classes/tform.inc.php | ●●●●● patch | view | raw | blame | history | |
| interface/web/sites/ftp_user_edit.php | ●●●●● patch | view | raw | blame | history | |
| interface/web/sites/shell_user_edit.php | ●●●●● patch | view | raw | blame | history |
interface/lib/classes/plugin_backuplist.inc.php
@@ -55,6 +55,12 @@ if(isset($_GET['backup_action'])) { $backup_id = $app->functions->intval($_GET['backup_id']); //* check if the user is owner of the parent domain $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id); if(!$app->tform->checkOwnerPermisssions($this->dataRecord["parent_domain_id"])){ $app->error($app->tform->lng('no_domain_perm')); } if($_GET['backup_action'] == 'download' && $backup_id > 0) { $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'"; $tmp = $app->db->queryOneRecord($sql); interface/lib/classes/tform.inc.php
@@ -1260,7 +1260,7 @@ function getDataRecord($primary_id) { global $app; $escape = '`'; $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r',$this->formDef['db_table']); return $app->db->queryOneRecord($sql); } @@ -1270,70 +1270,6 @@ $app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new); return true; /* // Add backticks for incomplete table names. if(stristr($this->formDef['db_table'],'.')) { $escape = ''; } else { $escape = '`'; } $this->diffrec = array(); // Full diff records for ISPConfig, they have a different format then the simple diffrec $diffrec_full = array(); if(is_array($record_old) && count($record_old) > 0) { foreach($record_old as $key => $val) { //if(isset($record_new[$key]) && $record_new[$key] != $val) { if(!isset($record_new[$key]) || $record_new[$key] != $val) { // Record has changed $diffrec_full['old'][$key] = $val; $diffrec_full['new'][$key] = $record_new[$key]; $this->diffrec[$key] = array( 'new' => $record_new[$key], 'old' => $val); } else { $diffrec_full['old'][$key] = $val; $diffrec_full['new'][$key] = $val; } } } elseif(is_array($record_new)) { foreach($record_new as $key => $val) { if(isset($record_new[$key]) && $record_old[$key] != $val) { // Record has changed $diffrec_full['new'][$key] = $val; $diffrec_full['old'][$key] = $record_old[$key]; $this->diffrec[$key] = array( 'old' => @$record_old[$key], 'new' => $val); } else { $diffrec_full['new'][$key] = $val; $diffrec_full['old'][$key] = $val; } } } //$this->diffrec = $diffrec; // Insert the server_id, if the record has a server_id $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; if(count($this->diffrec) > 0) { $diffstr = addslashes(serialize($diffrec_full)); $username = $app->db->quote($_SESSION["s"]["user"]["username"]); $dbidx = $this->formDef['db_table_idx'].":".$primary_id; // $action = ($action == 'INSERT')?'i':'u'; if($action == 'INSERT') $action = 'i'; if($action == 'UPDATE') $action = 'u'; if($action == 'DELETE') $action = 'd'; $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; $app->db->query($sql); } return true; */ } function getAuthSQL($perm, $table = '') { interface/web/sites/ftp_user_edit.php
@@ -94,6 +94,11 @@ if(isset($this->dataRecord["parent_domain_id"])) { $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); } else { $tmp = $app->tform->getDataRecord($this->id); $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); unset($tmp); } // Set a few fixed values interface/web/sites/shell_user_edit.php
@@ -99,8 +99,17 @@ global $app, $conf; // Get the record of the parent domain $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); if(isset($this->dataRecord["parent_domain_id"])) { $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); } else { $tmp = $app->tform->getDataRecord($this->id); $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r')); if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm"); unset($tmp); } // Set a few fixed values $this->dataRecord["server_id"] = $parent_domain["server_id"];
