From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/admin/system_config_edit.php | 55 ++++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 38 insertions(+), 17 deletions(-)
diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 3c54fc2..f48f11b 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -43,6 +43,7 @@
//* Check permissions for module
$app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_system_config');
// Loading classes
$app->uses('tpl,tform,tform_actions');
@@ -64,6 +65,9 @@
$server_id = $this->id;
$this->dataRecord = $app->getconf->get_global_config($section);
+ if (is_null($this->dataRecord)) {
+ $this->dataRecord = array();
+ }
if ($section == 'domains'){
if (isset($this->dataRecord['use_domain_module'])){
$_SESSION['use_domain_module_old_value'] = $this->dataRecord['use_domain_module'];
@@ -85,13 +89,24 @@
$available_dashlets_txt = '';
$handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');
while ($file = @readdir($handle)) {
- if ($file != '.' && $file != '..' && !is_dir($file)) {
+ if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {
$available_dashlets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.substr($file, 0, -4).']<pre class="addPlaceholderContent" style="display:none;">['.substr($file, 0, -4).'],</pre></a> ';
}
}
if($available_dashlets_txt == '') $available_dashlets_txt = '------';
$app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);
+
+ // Logo
+ $sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = ?", $this->id);
+ if($sys_ini['custom_logo'] != ''){
+ $logo = '<img src="'.$sys_ini['custom_logo'].'" /> <a href="#" class="btn btn-default formbutton-danger formbutton-narrow" style="margin:5px" id="del_custom_logo"><span class="icon icon-delete"></span></a>';
+ } else {
+ $logo = '<img src="'.$sys_ini['default_logo'].'" />';
+ }
+ $default_logo = '<img src="'.$sys_ini['default_logo'].'" />';
+ $app->tpl->setVar("used_logo", $logo);
+ $app->tpl->setVar("default_logo", $default_logo);
parent::onShowEnd();
}
@@ -147,6 +162,12 @@
if($check['cnt'] > 0) {
$new_config['vhost_subdomains'] = 'y';
}
+ } elseif($section == 'sites' && $new_config['vhost_aliasdomains'] != 'y' && $server_config_array['vhost_aliasdomains'] == 'y') {
+ // check for existing vhost aliasdomains, if found the mode cannot be disabled
+ $check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostalias'");
+ if($check['cnt'] > 0) {
+ $new_config['vhost_aliasdomains'] = 'y';
+ }
} elseif($section == 'mail') {
if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['mail']['smtp_pass'];
} elseif($section == 'misc' && $new_config['session_timeout'] != $server_config_array['misc']['session_timeout']) {
@@ -155,9 +176,7 @@
$server_config_array[$section] = $new_config;
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- //$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
- //if($conf['demo_mode'] != true) $app->db->query($sql);
- if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);
+ if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', array("config" => $server_config_str), 'sysini_id', 1);
/*
* If we should use the domain-module, we have to insert all existing domains into the table
@@ -175,26 +194,28 @@
"FROM web_domain WHERE type NOT IN ('subdomain','vhostsubdomain')";
$app->db->query($sql);
}
+
+ //die(print_r($_FILES));
+ // Logo
+ /*
+ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
+ //print_r($_FILES);
+
+ $path= $_FILES['file']['tmp_name'];
+ $type = pathinfo($path, PATHINFO_EXTENSION);
+ $data = file_get_contents($path);
+ $base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);
+ $app->db->query("UPDATE sys_ini SET custom_logo = ? WHERE sysini_id = ?", $base64, $this->id);
+ }
+ */
// Maintenance mode
if($server_config_array['misc']['maintenance_mode'] == 'y'){
//print_r($_SESSION);
//echo $_SESSION['s']['id'];
- $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
+ $app->db->query("DELETE FROM sys_session WHERE session_id != ?", $_SESSION['s']['id']);
}
}
-
- /*
- function onAfterUpdate() {
- if($this->_js_changed == true) {
- // not the best way, but it works
- header('Content-Type: text/html');
- print '<script type="text/javascript">document.location.reload(true);</script>';
- exit;
- }
- }
- */
-
}
$app->tform_actions = new page_action;
--
Gitblit v1.9.1