From 68b702b680cd7eacb5f6f3aaa3ef87e24fb0bd0d Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 09 Jul 2014 06:50:33 -0400
Subject: [PATCH] Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

---
 interface/lib/classes/validate_domain.inc.php |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php
index 3135c7a..788b34b 100644
--- a/interface/lib/classes/validate_domain.inc.php
+++ b/interface/lib/classes/validate_domain.inc.php
@@ -118,7 +118,7 @@
 
 		if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){
 			if($domain['parent_domain_id'] > 0){
-				$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$domain['parent_domain_id']);
+				$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));
 			}
 		}
 
@@ -137,7 +137,8 @@
 		//if($check['cnt'] > 0) return false;
 
 		// we can have the same domain on different servers or different IPs, so we have to check for identical domains on the same IP (or wildcard IPs)
-		$checks = $app->db->queryAllRecords("SELECT * FROM `web_domain` WHERE (`domain` = '" . $app->db->quote($domain_name) . "'".$additional_sql1.") AND `server_id` = ".intval($domain['server_id'])." AND `domain_id` != " . $app->functions->intval($primary_id).($additional_sql1 != '' ? " AND `parent_domain_id` != ".$app->functions->intval($primary_id) : ""));
+		$checks = $app->db->queryAllRecords("SELECT * FROM `web_domain` WHERE (`domain` = '" . $app->db->quote($domain_name) . "'".$additional_sql1.") AND `server_id` = ".intval($domain['server_id'])." AND `domain_id` != " . $app->functions->intval($primary_id).($additional_sql1 != '' && $domain['parent_domain_id'] > 0 ? " AND `parent_domain_id` != ".$app->functions->intval($primary_id) : ""));
+		
 
 		if(is_array($checks) && !empty($checks)){
 			foreach($checks as $check){
@@ -207,7 +208,7 @@
 			//$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE CONCAT(`subdomain`, '.', `domain`) = '" . $app->db->quote($domain_name) . "' AND `domain_id` != " . $app->functions->intval($primary_id));
 			//if($check['cnt'] > 0) return false;
 			// we can have the same domain on different servers or different IPs, so we have to check for identical domains on the same IP (or wildcard IPs)
-			$checks = $app->db->queryAllRecords("SELECT * FROM `web_domain` WHERE (CONCAT(`subdomain`, '.', `domain`) = '" . $app->db->quote($domain_name) . "'".$additional_sql2.") AND `server_id` = ".intval($domain['server_id'])." AND `domain_id` != " . $app->functions->intval($primary_id).($additional_sql2 != '' ? " AND `parent_domain_id` != ".$app->functions->intval($primary_id) : ""));
+			$checks = $app->db->queryAllRecords("SELECT * FROM `web_domain` WHERE (CONCAT(`subdomain`, '.', `domain`) = '" . $app->db->quote($domain_name) . "'".$additional_sql2.") AND `server_id` = ".intval($domain['server_id'])." AND `domain_id` != " . $app->functions->intval($primary_id).($additional_sql2 != '' && $domain['parent_domain_id'] > 0 ? " AND `parent_domain_id` != ".$app->functions->intval($primary_id) : ""));
 			if(is_array($checks) && !empty($checks)){
 				foreach($checks as $check){
 					if($domain['ip_address'] == '*') return false;
@@ -217,7 +218,7 @@
 					// if alias/subdomain: check IP addresses of parent domain
 					if($check['ip_address'] == '' || $check['ipv6_address'] == ''){
 						if($check['parent_domain_id'] > 0){
-							$check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$check['parent_domain_id']);
+							$check_parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ".$app->functions->intval($check['parent_domain_id']));
 						}
 					}
 
@@ -282,7 +283,7 @@
 
 		if($_SESSION["s"]["user"]["typ"] != 'admin') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
 			if($client["limit_wildcard"] == 'y') return true;

--
Gitblit v1.9.1