From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/lib/classes/validate_systemuser.inc.php | 52 +++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 39 insertions(+), 13 deletions(-)
diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php
index 6df3a45..74824b7 100644
--- a/interface/lib/classes/validate_systemuser.inc.php
+++ b/interface/lib/classes/validate_systemuser.inc.php
@@ -29,6 +29,16 @@
*/
class validate_systemuser {
+
+ function get_error($errmsg) {
+ global $app;
+
+ if(isset($app->tform->wordbook[$errmsg])) {
+ return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ } else {
+ return $errmsg."<br>\r\n";
+ }
+ }
/*
Validator function to check if a given user is ok.
@@ -36,11 +46,15 @@
function check_sysuser($field_name, $field_value, $validator) {
global $app;
+ //* Skip Test if we have the placeholder input of the remote APi for the web_domain system_user field here.
+ if($field_name == 'system_user' && $field_value == '-') return '';
+
+ //* Check the input
$errmsg = $validator['errmsg'];
$check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false;
if($app->functions->is_allowed_user(trim(strtolower($field_value)),$check_names) == false) {
- return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ return $this->get_error($errmsg);
}
}
@@ -50,11 +64,14 @@
function check_sysgroup($field_name, $field_value, $validator) {
global $app;
+ //* Skip Test if we have the placeholder input of the remote APi for the web_domain system_group field here.
+ if($field_name == 'system_group' && $field_value == '-') return '';
+
$errmsg = $validator['errmsg'];
$check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false;
if($app->functions->is_allowed_group(trim(strtolower($field_value)),$check_names) == false) {
- return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ return $this->get_error($errmsg);
}
}
@@ -63,8 +80,11 @@
*/
function shelluser_dir($field_name, $field_value, $validator) {
global $app;
-
- if($app->tform->primary_id == 0) {
+
+ $primary_id = (isset($app->tform->primary_id) && $app->tform->primary_id > 0)?$app->tform->primary_id:$app->remoting_lib->primary_id;
+ $primary_id = $app->functions->intval($primary_id);
+
+ if($primary_id == 0 && !isset($app->remoting_lib->dataRecord['parent_domain_id'])) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
@@ -73,18 +93,25 @@
}
}
-
- $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($app->tform->primary_id)."'");
- if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {
- $errmsg = $validator['errmsg'];
- if(isset($app->tform->wordbook[$errmsg])) {
- return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ if($primary_id > 0) {
+ //* get parent_domain_id from website
+ $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);
+ if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {
+ $errmsg = $validator['errmsg'];
+ if(isset($app->tform->wordbook[$errmsg])) {
+ return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ } else {
+ return $errmsg."<br>\r\n";
+ }
} else {
- return $errmsg."<br>\r\n";
+ $parent_domain_id = $shell_data["parent_domain_id"];
}
+ } else {
+ //* get parent_domain_id from dataRecord when we have a insert operation trough remote API
+ $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
}
- $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($shell_data["parent_domain_id"])."'");
+ $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -115,6 +142,5 @@
}
}
}
-
}
--
Gitblit v1.9.1