From 71c74b1b572f3bdf00ba99009cc23f8f48072a1c Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sat, 08 Mar 2014 11:58:49 -0500
Subject: [PATCH] Fixed: FS#3372 - Web browser password autofill function overwrites settings
---
interface/web/admin/software_package_list.php | 133 +++++++++++++++++++++++---------------------
1 files changed, 69 insertions(+), 64 deletions(-)
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index 72d1817..489b6fb 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -28,8 +28,8 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('admin');
@@ -43,22 +43,22 @@
if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate' ) {
foreach($repos as $repo) {
$client = new SoapClient(null, array('location' => $repo['repo_url'],
- 'uri' => $repo['repo_url']));
-
+ 'uri' => $repo['repo_url']));
+
$packages = $client->get_packages($repo['repo_username'], $repo['repo_password']);
if(is_array($packages)) {
foreach($packages as $p) {
$package_name = $app->db->quote($p['name']);
- $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
-
+ $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
+
$package_title = $app->db->quote($p['title']);
$package_description = $app->db->quote($p['description']);
- $software_repo_id = intval($repo['software_repo_id']);
+ $software_repo_id = $app->functions->intval($repo['software_repo_id']);
$package_type = $app->db->quote($p['type']);
$package_installable = $app->db->quote($p['installable']);
$package_requires_db = $app->db->quote($p['requires_db']);
$package_remote_functions = $app->db->quote($p['remote_functions']);
-
+
if(empty($tmp['package_id'])) {
//$sql = "INSERT INTO software_package (software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db')";
//$app->db->query($sql);
@@ -70,53 +70,53 @@
//$app->db->query($sql);
$update_data = "software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db', package_remote_functions = '$package_remote_functions'";
//echo $update_data;
- $app->db->datalogUpdate('software_package', $update_data, 'package_id',$tmp['package_id']);
+ $app->db->datalogUpdate('software_package', $update_data, 'package_id', $tmp['package_id']);
}
}
}
-
- $packages = $app->db->queryAllRecords("SELECT software_package.package_name, v1, v2, v3, v4 FROM software_package LEFT JOIN software_update ON ( software_package.package_name = software_update.package_name ) GROUP BY package_name ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC");
- if(is_array($packages)) {
- foreach($packages as $p) {
-
- $version = $p['v1'].'.'.$p['v2'].'.'.$p['v3'].'.'.$p['v4'];
- $updates = $client->get_updates($p['package_name'], $version,$repo['repo_username'], $repo['repo_password']);
-
- if(is_array($updates)) {
- foreach($updates as $u) {
-
- $version_array = explode('.',$u['version']);
- $v1 = intval($version_array[0]);
- $v2 = intval($version_array[1]);
- $v3 = intval($version_array[2]);
- $v4 = intval($version_array[3]);
-
- $package_name = $app->db->quote($u['package_name']);
- $software_repo_id = intval($repo['software_repo_id']);
- $update_url = $app->db->quote($u['url']);
- $update_md5 = $app->db->quote($u['md5']);
- $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
- $update_title = $app->db->quote($u['title']);
- $type = $app->db->quote($u['type']);
-
- // Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
- if(!isset($tmp['software_update_id'])) {
- // Insert the update in the datbase
- //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
- //die($sql);
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
+
+ $packages = $app->db->queryAllRecords("SELECT software_package.package_name, v1, v2, v3, v4 FROM software_package LEFT JOIN software_update ON ( software_package.package_name = software_update.package_name ) GROUP BY package_name ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC");
+ if(is_array($packages)) {
+ foreach($packages as $p) {
+
+ $version = $p['v1'].'.'.$p['v2'].'.'.$p['v3'].'.'.$p['v4'];
+ $updates = $client->get_updates($p['package_name'], $version, $repo['repo_username'], $repo['repo_password']);
+
+ if(is_array($updates)) {
+ foreach($updates as $u) {
+
+ $version_array = explode('.', $u['version']);
+ $v1 = $app->functions->intval($version_array[0]);
+ $v2 = $app->functions->intval($version_array[1]);
+ $v3 = $app->functions->intval($version_array[2]);
+ $v4 = $app->functions->intval($version_array[3]);
+
+ $package_name = $app->db->quote($u['package_name']);
+ $software_repo_id = $app->functions->intval($repo['software_repo_id']);
+ $update_url = $app->db->quote($u['url']);
+ $update_md5 = $app->db->quote($u['md5']);
+ $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
+ $update_title = $app->db->quote($u['title']);
+ $type = $app->db->quote($u['type']);
+
+ // Check that we do not have this update in the database yet
+ $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
+ $tmp = $app->db->queryOneRecord($sql);
+ if(!isset($tmp['software_update_id'])) {
+ // Insert the update in the datbase
+ //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
+ //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ //die($sql);
+ //$app->db->query($sql);
+ $insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
$app->db->datalogInsert('software_update', $insert_data, 'software_update_id');
- }
-
- }
- }
- }
- }
+ }
+
+ }
+ }
+ }
+ }
}
}
@@ -124,11 +124,11 @@
/*
if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
$package_name = $app->db->quote($_GET['package']);
- $server_id = intval($_GET['server_id']);
+ $server_id = $app->functions->intval($_GET['server_id']);
$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
$tmp = $app->db->queryOneRecord($sql);
$software_update_id = $tmp['software_update_id'];
-
+
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
@@ -141,43 +141,48 @@
// Loading the template
$app->uses('tpl');
$app->tpl->newTemplate("form.tpl.htm");
-$app->tpl->setInclude('content_tpl','templates/software_package_list.htm');
+$app->tpl->setInclude('content_tpl', 'templates/software_package_list.htm');
$servers = $app->db->queryAllRecords('SELECT server_id, server_name FROM server ORDER BY server_name');
$packages = $app->db->queryAllRecords('SELECT * FROM software_package');
-if(is_array($packages)) {
+if(is_array($packages) && count($packages) > 0) {
foreach($packages as $key => $p) {
$installed_txt = '';
foreach($servers as $s) {
- $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
+ $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
-
+
if($inst['status'] == 'installed') {
$installed_txt .= $s['server_name'].": ".$app->lng("Installed version $version")."<br />";
- } elseif ($inst['status'] == 'installing') {
- $installed_txt .= $s['server_name'].": ".$app->lng("Installation in progress")."<br />";
- } elseif ($inst['status'] == 'failed') {
- $installed_txt .= $s['server_name'].": ".$app->lng("Installation failed")."<br />";
+ } elseif ($inst['status'] == 'installing') {
+ $installed_txt .= $s['server_name'].": ".$app->lng("Installation in progress")."<br />";
+ } elseif ($inst['status'] == 'failed') {
+ $installed_txt .= $s['server_name'].": ".$app->lng("Installation failed")."<br />";
} elseif ($inst['status'] == 'deleting') {
$installed_txt .= $s['server_name'].": ".$app->lng("Deletion in progress")."<br />";
} else {
if($p['package_installable'] == 'no') {
$installed_txt .= $s['server_name'].": ".$app->lng("Package can not be installed.")."<br />";
} else {
- $installed_txt .= $s['server_name'].": <a href=\"#\" onClick=\"loadContent('admin/software_package_install.php?package=".$p["package_name"]."&server_id=".$s["server_id"]."');\">Install now</a><br />";
+ $installed_txt .= $s['server_name'].": <a href=\"#\" onclick=\"loadContent('admin/software_package_install.php?package=".$p["package_name"]."&server_id=".$s["server_id"]."');\">Install now</a><br />";
}
}
}
+ $packages[$key]['software_update_inst_id'] = intval($inst['software_update_inst_id']);
$packages[$key]['installed'] = $installed_txt;
}
+ $app->tpl->setVar('has_packages', 1);
+} else {
+ $app->tpl->setVar('has_packages', 0);
}
-$app->tpl->setLoop('records',$packages);
+$app->tpl->setLoop('records', $packages);
-include_once('lib/lang/en_software_package_list.lng');
+$language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];
+include_once 'lib/lang/'.$language.'_software_package_list.lng';
$app->tpl->setVar($wb);
@@ -185,4 +190,4 @@
$app->tpl->pparse();
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1