From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/admin/server_config_edit.php | 60 ++++++++++++++++++++++++++++++++++++++----------------------
1 files changed, 38 insertions(+), 22 deletions(-)
diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index c034da1..4c03e7e 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -38,60 +38,76 @@
* End Form configuration
******************************************/
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_server_config');
+
// Loading classes
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
class page_action extends tform_actions {
-
+
function onShowEdit() {
global $app, $conf;
-
+
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
-
+
if($app->tform->errorMessage == '') {
$app->uses('ini_parser,getconf');
-
+
$section = $this->active_tab;
$server_id = $this->id;
-
- $this->dataRecord = $app->getconf->get_server_config($server_id,$section);
+
+ $this->dataRecord = $app->getconf->get_server_config($server_id, $section);
}
-
- $record = $app->tform->getHTML($this->dataRecord, $this->active_tab,'EDIT');
-
+
+ $record = $app->tform->getHTML($this->dataRecord, $this->active_tab, 'EDIT');
+
$record['id'] = $this->id;
$app->tpl->setVar($record);
}
-
+
function onUpdateSave($sql) {
- global $app,$conf;
-
+ global $app, $conf;
+
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
$app->uses('ini_parser,getconf');
-
+
if($conf['demo_mode'] != true) {
$section = $app->tform->getCurrentTab();
$server_id = $this->id;
-
+
$server_config_array = $app->getconf->get_server_config($server_id);
- $server_config_array[$section] = $app->tform->encode($this->dataRecord,$section);
- $server_config_str = $app->ini_parser->get_ini_string($server_config_array);
-
- $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
+
+ foreach($app->tform->formDef['tabs'][$section]['fields'] as $key => $field) {
+ if ($field['formtype'] == 'CHECKBOX') {
+ if($this->dataRecord[$key] == '') {
+ // if a checkbox is not set, we set it to the unchecked value
+ $this->dataRecord[$key] = $field['value'][0];
+ }
+ }
+ }
+
+ if($app->tform->errorMessage == '') {
+ $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
+ $server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+
+ $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+ } else {
+ $app->error('Security breach!');
+ }
}
}
-
+
}
$app->tform_actions = new page_action;
$app->tform_actions->onLoad();
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1