From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/sites/tools.inc.php |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/interface/web/sites/tools.inc.php b/interface/web/sites/tools.inc.php
index 1e87ef9..a4314f0 100644
--- a/interface/web/sites/tools.inc.php
+++ b/interface/web/sites/tools.inc.php
@@ -55,7 +55,6 @@
 
 function getClientName($dataRecord) {
     global $app, $conf;
-
     if($_SESSION["s"]["user"]["typ"] != 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
     	// Get the group-id of the user
     	$client_group_id = $_SESSION["s"]["user"]["default_group"];
@@ -66,13 +65,15 @@
 		} elseif (isset($dataRecord['parent_domain_id'])) {
 			$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
 			$client_group_id = $tmp['sys_groupid'];
-      	} else {
+      	} elseif(isset($dataRecord['sys_groupid'])) {
 			$client_group_id = $dataRecord['sys_groupid'];
-      	}
+      	} else {
+			$client_group_id = 0;
+		}
     }
 	
     /* get the name of the client */
-    $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
+    $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . intval($client_group_id));
     $clientName = $tmp['name'];
     if ($clientName == "") $clientName = 'default';
     $clientName = convertClientName($clientName);
@@ -92,12 +93,14 @@
       	} elseif (isset($dataRecord['parent_domain_id'])) {
 			$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
 			$client_group_id = $tmp['sys_groupid'];
-		} else {
+		} elseif(isset($dataRecord['sys_groupid'])) {
 			$client_group_id = $dataRecord['sys_groupid'];
-      	}
+      	} else {
+			$client_group_id = 0;
+		}
     }
     /* get the name of the client */
-    $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $client_group_id);
+    $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . intval($client_group_id));
     $clientID = $tmp['client_id'];
     if ($clientID == '') $clientID = '0';
     return $clientID;
@@ -105,9 +108,9 @@
 
 function convertClientName($name){
 	/**
-	 *  only allow 'a'..'z', '_', '-', '0'..'9'
+	 *  only allow 'a'..'z', '_', '0'..'9'
 	 */
-	$allowed = 'abcdefghijklmnopqrstuvwxyz0123456789_-';
+	$allowed = 'abcdefghijklmnopqrstuvwxyz0123456789_';
 	$res = '';
 	$name = strtolower(trim($name));
 	for ($i=0; $i < strlen($name); $i++){

--
Gitblit v1.9.1