From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/lib/classes/plugin_backuplist.inc.php | 210 ++++++++++++++++++++++++++++-----------------------
1 files changed, 115 insertions(+), 95 deletions(-)
diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index ac0396b..471560a 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -30,109 +30,129 @@
class plugin_backuplist extends plugin_base {
- var $module;
- var $form;
- var $tab;
- var $record_id;
- var $formdef;
- var $options;
+ var $module;
+ var $form;
+ var $tab;
+ var $record_id;
+ var $formdef;
+ var $options;
- function onShow() {
+ function onShow() {
- global $app;
-
- $listTpl = new tpl;
- $listTpl->newTemplate('templates/web_backup_list.htm');
-
- //* Loading language file
- $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_backup_list.lng";
- include($lng_file);
- $listTpl->setVar($wb);
-
- $message = '';
- $error = '';
-
- if(isset($_GET['backup_action'])) {
- $backup_id = intval($_GET['backup_id']);
-
- if($_GET['backup_action'] == 'download' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
- if($tmp['number'] == 0) {
- $message .= $wb['download_info_txt'];
- $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_download', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
- } else {
- $error .= $wb['download_pending_txt'];
- }
- }
- if($_GET['backup_action'] == 'restore' && $backup_id > 0) {
- $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
- $tmp = $app->db->queryOneRecord($sql);
- if($tmp['number'] == 0) {
- $message .= $wb['restore_info_txt'];
- $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$this->form->dataRecord['server_id'] . ", " .
- time() . ", " .
- "'backup_restore', " .
- "'".$backup_id."', " .
- "'pending', " .
- "''" .
- ")";
- $app->db->query($sql);
- } else {
- $error .= $wb['restore_pending_txt'];
- }
- }
-
+ global $app;
+
+ $listTpl = new tpl;
+ $listTpl->newTemplate('templates/web_backup_list.htm');
+
+ //* Loading language file
+ $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_backup_list.lng";
+ include $lng_file;
+ $listTpl->setVar($wb);
+
+ $message = '';
+ $error = '';
+
+ if(isset($_GET['backup_action'])) {
+ $backup_id = $app->functions->intval($_GET['backup_id']);
+
+ //* check if the user is owner of the parent domain
+ $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ?", $backup_id);
+
+ $check_perm = 'u';
+ if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
+
+ $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL($check_perm), $domain_backup["parent_domain_id"]);
+ if(empty($get_domain) || !$get_domain) {
+ $app->error($app->tform->lng('no_domain_perm'));
+ }
+
+ if($_GET['backup_action'] == 'download' && $backup_id > 0) {
+ $server_id = $this->form->dataRecord['server_id'];
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
+ if($backup['server_id'] > 0) $server_id = $backup['server_id'];
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = ?";
+ $tmp = $app->db->queryOneRecord($sql, $backup_id);
+ if($tmp['number'] == 0) {
+ $message .= $wb['download_info_txt'];
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_download', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
+ } else {
+ $error .= $wb['download_pending_txt'];
}
-
- //* Get the data
- $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." ORDER BY tstamp DESC, backup_type ASC";
- $records = $app->db->queryAllRecords($sql);
+ }
+ if($_GET['backup_action'] == 'restore' && $backup_id > 0) {
+ $server_id = $this->form->dataRecord['server_id'];
+ $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
+ if($backup['server_id'] > 0) $server_id = $backup['server_id'];
+ $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
+ $tmp = $app->db->queryOneRecord($sql);
+ if($tmp['number'] == 0) {
+ $message .= $wb['restore_info_txt'];
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (?, UNIX_TIMESTAMP(), 'backup_restore', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $backup_id);
+ } else {
+ $error .= $wb['restore_pending_txt'];
+ }
+ }
- $bgcolor = "#FFFFFF";
- if(is_array($records)) {
- foreach($records as $rec) {
+ }
- // Change of color
- $bgcolor = ($bgcolor == "#FFFFFF")?"#EEEEEE":"#FFFFFF";
- $rec["bgcolor"] = $bgcolor;
-
- $rec['date'] = date($app->lng('conf_format_datetime'),$rec['tstamp']);
- $rec['backup_type'] = $wb[('backup_type_'.$rec['backup_type'])];
+ //* Get the data
+ $server_ids = array();
+ $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);
+ $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);
+ if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);
+ if(is_array($databases) && !empty($databases)){
+ foreach($databases as $database){
+ if($app->functions->intval($database['server_id']) > 0) $server_ids[] = $app->functions->intval($database['server_id']);
+ }
+ }
+ $server_ids = array_unique($server_ids);
+ $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ? AND server_id IN ? ORDER BY tstamp DESC, backup_type ASC";
+ $records = $app->db->queryAllRecords($sql, $this->form->id, $server_ids);
- $records_new[] = $rec;
- }
- }
+ $bgcolor = "#FFFFFF";
+ if(is_array($records)) {
+ foreach($records as $rec) {
- $listTpl->setLoop('records',@$records_new);
+ // Change of color
+ $bgcolor = ($bgcolor == "#FFFFFF")?"#EEEEEE":"#FFFFFF";
+ $rec["bgcolor"] = $bgcolor;
+
+ $rec['date'] = date($app->lng('conf_format_datetime'), $rec['tstamp']);
+ $rec['backup_type'] = $wb[('backup_type_'.$rec['backup_type'])];
- $listTpl->setVar('parent_id',$this->form->id);
- $listTpl->setVar('msg',$message);
- $listTpl->setVar('error',$error);
+ $rec['download_available'] = true;
+ if($rec['server_id'] != $web['server_id']) $rec['download_available'] = false;
- // Setting Returnto information in the session
- $list_name = 'backup_list';
- // $_SESSION["s"]["list"][$list_name]["parent_id"] = $app->tform_actions->id;
- $_SESSION["s"]["list"][$list_name]["parent_id"] = $this->form->id;
- $_SESSION["s"]["list"][$list_name]["parent_name"] = $app->tform->formDef["name"];
- $_SESSION["s"]["list"][$list_name]["parent_tab"] = $_SESSION["s"]["form"]["tab"];
- $_SESSION["s"]["list"][$list_name]["parent_script"] = $app->tform->formDef["action"];
- $_SESSION["s"]["form"]["return_to"] = $list_name;
-
- return $listTpl->grab();
- }
-
+ if($rec['filesize'] > 0){
+ $rec['filesize'] = $app->functions->currency_format($rec['filesize']/(1024*1024), 'client').' MB';
+ }
+
+ $records_new[] = $rec;
+ }
+ }
+
+ $listTpl->setLoop('records', @$records_new);
+
+ $listTpl->setVar('parent_id', $this->form->id);
+ $listTpl->setVar('msg', $message);
+ $listTpl->setVar('error', $error);
+
+ // Setting Returnto information in the session
+ $list_name = 'backup_list';
+ // $_SESSION["s"]["list"][$list_name]["parent_id"] = $app->tform_actions->id;
+ $_SESSION["s"]["list"][$list_name]["parent_id"] = $this->form->id;
+ $_SESSION["s"]["list"][$list_name]["parent_name"] = $app->tform->formDef["name"];
+ $_SESSION["s"]["list"][$list_name]["parent_tab"] = $_SESSION["s"]["form"]["tab"];
+ $_SESSION["s"]["list"][$list_name]["parent_script"] = $app->tform->formDef["action"];
+ $_SESSION["s"]["form"]["return_to"] = $list_name;
+
+ return $listTpl->grab();
+ }
+
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1