From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/client/client_message.php |   74 ++++++++++++++++++++----------------
 1 files changed, 41 insertions(+), 33 deletions(-)

diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 73c43bb..eb8bcdb 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -27,8 +27,8 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
@@ -41,9 +41,9 @@
 $app->tpl->newTemplate('form.tpl.htm');
 $app->tpl->setInclude('content_tpl', 'templates/client_message.htm');
 
-//* load language file 
+//* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_message.lng';
-include($lng_file);
+include $lng_file;
 $app->tpl->setVar($wb);
 
 $msg = '';
@@ -52,20 +52,23 @@
 //* Save data
 if(isset($_POST) && count($_POST) > 1) {
 	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	//* Check values
 	if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
 	if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
 	if(empty($_POST['message'])) $error .= $wb['message_invalid_error'].'<br />';
-	
+
 	//* Send message
 	if($error == '') {
 		if($app->functions->intval($_POST['recipient']) > 0){
-			$circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
+			$circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']);
 			if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
-				$tmp_client_ids = explode(',',$circle['client_ids']);
+				$tmp_client_ids = explode(',', $circle['client_ids']);
 				$where = array();
 				foreach($tmp_client_ids as $tmp_client_id){
-					$where[] = 'client_id = '.$tmp_client_id;
+					$where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
 				}
 				if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
 				$sql = "SELECT * FROM client WHERE email != ''".$where_clause;
@@ -82,7 +85,7 @@
 				$sql = "SELECT * FROM client WHERE email != '' AND parent_client_id = '$client_id'";
 			}
 		}
-		
+
 		//* Get clients
 		$clients = $app->db->queryAllRecords($sql);
 		if(is_array($clients)) {
@@ -92,37 +95,37 @@
 				$message = $_POST['message'];
 				foreach($client as $key => $val) {
 					switch ($key) {
-						case 'password':
-							$message = str_replace('{'.$key.'}', '---', $message);
-							break;
-						case 'gender':
-							$message = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $message);
-							break;
-						default:
-							$message = str_replace('{'.$key.'}', $val, $message);
+					case 'password':
+						$message = str_replace('{'.$key.'}', '---', $message);
+						break;
+					case 'gender':
+						$message = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $message);
+						break;
+					default:
+						$message = str_replace('{'.$key.'}', $val, $message);
 					}
 				}
-				
+
 				//* Send the email
 				$app->functions->mail($client['email'], $_POST['subject'], $message, $_POST['sender']);
 				$msg .= $client['email'].', ';
 			}
-			$msg = substr($msg,0,-2);
+			$msg = substr($msg, 0, -2);
 		}
-		
+
 	} else {
-		$app->tpl->setVar('sender',$_POST['sender']);
-		$app->tpl->setVar('subject',$_POST['subject']);
-		$app->tpl->setVar('message',$_POST['message']);
+		$app->tpl->setVar('sender', $_POST['sender']);
+		$app->tpl->setVar('subject', $_POST['subject']);
+		$app->tpl->setVar('message', $_POST['message']);
 	}
 } else {
 	// pre-fill Sender field with reseller's email address
 	if($_SESSION["s"]["user"]["typ"] != 'admin'){
 		$client_id = $app->functions->intval($_SESSION['s']['user']['client_id']);
 		if($client_id > 0){
-			$sql = "SELECT email FROM client WHERE client_id = ".$client_id;
-			$client = $app->db->queryOneRecord($sql);
-			if($client['email'] != '') $app->tpl->setVar('sender',$client['email']);
+			$sql = "SELECT email FROM client WHERE client_id = ?";
+			$client = $app->db->queryOneRecord($sql, $client_id);
+			if($client['email'] != '') $app->tpl->setVar('sender', $client['email']);
 		}
 	}
 }
@@ -136,17 +139,17 @@
 		$recipient .= '<option value="'.$circle['circle_id'].'"'.($app->functions->intval($_POST['recipient']) == $circle['circle_id'] ? ' selected="selected"' : '').'>'.$circle['circle_name'].'</option>';
 	}
 }
-$app->tpl->setVar('recipient',$recipient);
+$app->tpl->setVar('recipient', $recipient);
 
 if($_SESSION["s"]["user"]["typ"] == 'admin'){
-	$app->tpl->setVar('form_legend_txt',$wb['form_legend_admin_txt']);
+	$app->tpl->setVar('form_legend_txt', $wb['form_legend_admin_txt']);
 } else {
-	$app->tpl->setVar('form_legend_txt',$wb['form_legend_client_txt']);
+	$app->tpl->setVar('form_legend_txt', $wb['form_legend_client_txt']);
 }
 
 //message variables
 $message_variables = '';
-$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional') AND Field NOT LIKE 'limit_%'";
+$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional', 'force_suexec', 'default_slave_dnsserver', 'usertheme', 'locked', 'canceled', 'can_use_api', 'tmp_data', 'customer_no_template', 'customer_no_start', 'customer_no_counter', 'added_date', 'added_by') AND Field NOT LIKE 'limit_%'";
 $field_names = $app->db->queryAllRecords($sql);
 if(!empty($field_names) && is_array($field_names)){
 	foreach($field_names as $field_name){
@@ -159,10 +162,15 @@
 		}
 	}
 }
-$app->tpl->setVar('message_variables',trim($message_variables));
+$app->tpl->setVar('message_variables', trim($message_variables));
 
-$app->tpl->setVar('okmsg',$msg);
-$app->tpl->setVar('error',$error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
+$app->tpl->setVar('okmsg', $msg);
+$app->tpl->setVar('error', $error);
 
 $app->tpl_defaults();
 $app->tpl->pparse();

--
Gitblit v1.9.1