From 5af0cfd99a13fda9afad3380b0c50a3428acd299 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 03 Jun 2015 12:14:07 -0400
Subject: [PATCH] Extended the CSRF check.

---
 interface/web/sites/database_edit.php |   50 ++++----------------------------------------------
 1 files changed, 4 insertions(+), 46 deletions(-)

diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 0f2f5f2..ffc6844 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -251,14 +251,6 @@
 			// we need remote access rights for this server, so get it's ip address
 			$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
 			if($server_config['ip_address']!='') {
-				/*
-                if($this->dataRecord['remote_access'] != 'y') $this->dataRecord['remote_ips'] = '';
-                $this->dataRecord['remote_access'] = 'y';
-                if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) {
-                    $this->dataRecord['remote_ips'] .= ($this->dataRecord['remote_ips'] != '' ? ',' : '') . $server_config['ip_address'];
-                }
-				*/
-
 				if($this->dataRecord['remote_access'] != 'y'){
 					$this->dataRecord['remote_ips'] = $server_config['ip_address'];
 					$this->dataRecord['remote_access'] = 'y';
@@ -338,14 +330,6 @@
 			// we need remote access rights for this server, so get it's ip address
 			$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
 			if($server_config['ip_address']!='') {
-				/*
-                if($this->dataRecord['remote_access'] != 'y') $this->dataRecord['remote_ips'] = '';
-                $this->dataRecord['remote_access'] = 'y';
-                if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) {
-                    $this->dataRecord['remote_ips'] .= ($this->dataRecord['remote_ips'] != '' ? ',' : '') . $server_config['ip_address'];
-                }
-				*/
-
 				if($this->dataRecord['remote_access'] != 'y'){
 					$this->dataRecord['remote_ips'] = $server_config['ip_address'];
 					$this->dataRecord['remote_access'] = 'y';
@@ -390,10 +374,6 @@
 	function onInsertSave($sql) {
 		global $app, $conf;
 
-		$app->uses('sites_database_plugin');
-
-		//$app->sites_database_plugin->processDatabaseInsert($this);
-
 		$app->db->query($sql);
 		if($app->db->errorMessage != '') die($app->db->errorMessage);
 		$new_id = $app->db->insertID();
@@ -405,9 +385,6 @@
 		global $app;
 		if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(), $this->id)) {
 
-			$app->uses('sites_database_plugin');
-			//$app->sites_database_plugin->processDatabaseUpdate($this);
-
 			$app->db->query($sql);
 			if($app->db->errorMessage != '') die($app->db->errorMessage);
 		}
@@ -416,34 +393,15 @@
 	function onAfterInsert() {
 		global $app, $conf;
 
-		if($this->dataRecord["parent_domain_id"] > 0) {
-			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
-
-			//* The Database user shall be owned by the same group then the website
-			$sys_groupid = $app->functions->intval($web['sys_groupid']);
-			$backup_interval = $app->db->quote($web['backup_interval']);
-			$backup_copies = $app->functions->intval($web['backup_copies']);
-
-			$sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
-			$app->db->query($sql);
-		}
+		$app->uses('sites_database_plugin');
+		$app->sites_database_plugin->processDatabaseInsert($this);
 	}
 
 	function onAfterUpdate() {
 		global $app, $conf;
 
-		if($this->dataRecord["parent_domain_id"] > 0) {
-			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
-
-			//* The Database user shall be owned by the same group then the website
-			$sys_groupid = $app->functions->intval($web['sys_groupid']);
-			$backup_interval = $app->db->quote($web['backup_interval']);
-			$backup_copies = $app->functions->intval($web['backup_copies']);
-
-			$sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
-			$app->db->query($sql);
-		}
-
+		$app->uses('sites_database_plugin');
+		$app->sites_database_plugin->processDatabaseUpdate($this);
 	}
 
 }

--
Gitblit v1.9.1