From 71c74b1b572f3bdf00ba99009cc23f8f48072a1c Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sat, 08 Mar 2014 11:58:49 -0500
Subject: [PATCH] Fixed: FS#3372 - Web browser password autofill function overwrites settings
---
interface/web/sites/web_vhost_subdomain_edit.php | 73 ++++++++++++++++++++++--------------
1 files changed, 44 insertions(+), 29 deletions(-)
diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index 403e85f..14f6b8e 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -203,7 +203,7 @@
$php_directive_snippets_txt = '';
if(is_array($php_directive_snippets) && !empty($php_directive_snippets)){
foreach($php_directive_snippets as $php_directive_snippet){
- $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$php_directive_snippet['snippet'].'</pre></a> ';
+ $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
}
}
if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------';
@@ -214,7 +214,7 @@
$apache_directive_snippets_txt = '';
if(is_array($apache_directive_snippets) && !empty($apache_directive_snippets)){
foreach($apache_directive_snippets as $apache_directive_snippet){
- $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$apache_directive_snippet['snippet'].'</pre></a> ';
+ $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
}
}
if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------';
@@ -226,7 +226,7 @@
$nginx_directive_snippets_txt = '';
if(is_array($nginx_directive_snippets) && !empty($nginx_directive_snippets)){
foreach($nginx_directive_snippets as $nginx_directive_snippet){
- $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$nginx_directive_snippet['snippet'].'</pre></a> ';
+ $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
}
}
if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
@@ -237,7 +237,7 @@
$proxy_directive_snippets_txt = '';
if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
foreach($proxy_directive_snippets as $proxy_directive_snippet){
- $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$proxy_directive_snippet['snippet'].'</pre></a> ';
+ $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -246,13 +246,17 @@
$ssl_domain_select = '';
$tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$this->id);
- $ssl_domains = array($tmp["domain"], 'www.'.$tmp["domain"]);
+ $ssl_domains = array($tmp["domain"], 'www.'.$tmp["domain"], '*.'.$tmp["domain"]);
if(is_array($ssl_domains)) {
foreach( $ssl_domains as $ssl_domain) {
$selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
$ssl_domain_select .= "<option value='$ssl_domain' $selected>$ssl_domain</option>\r\n";
}
}
+ $app->tpl->setVar("ssl_domain", $ssl_domain_select);
+ unset($ssl_domain_select);
+ unset($ssl_domains);
+ unset($ssl_domain);
if($this->id > 0) {
$app->tpl->setVar('fixed_folder', 'y');
@@ -261,11 +265,6 @@
$app->tpl->setVar('fixed_folder', 'n');
$app->tpl->setVar('server_id_value', $parent_domain['server_id']);
}
-
- $app->tpl->setVar("ssl_domain", $ssl_domain_select);
- unset($ssl_domain_select);
- unset($ssl_domains);
- unset($ssl_domain);
$tmp_txt = ($this->dataRecord['traffic_quota_lock'] == 'y')?'<b>('.$app->tform->lng('traffic_quota_exceeded_txt').')</b>':'';
$app->tpl->setVar("traffic_quota_exceeded_txt", $tmp_txt);
@@ -308,6 +307,17 @@
}
$app->tpl->setVar("domain", $this->dataRecord["domain"]);
+ // check for configuration errors in sys_datalog
+ if($this->id > 0) {
+ $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$app->functions->intval($this->id)."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
+ if(is_array($datalog) && !empty($datalog)){
+ if(trim($datalog['error']) != ''){
+ $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
+ $app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
+ }
+ }
+ }
+
parent::onShowEnd();
}
@@ -338,6 +348,11 @@
if($app->tform->getCurrentTab() == 'domain') {
+ // Check that domain (the subdomain part) is not empty
+ if(!preg_match('/^[a-zA-Z0-9].*/',$this->dataRecord['domain'])) {
+ $app->tform->errorMessage .= $app->tform->lng("subdomain_error_empty")."<br />";
+ }
+
/* check if the domain module is used - and check if the selected domain can be used! */
$app->uses('ini_parser,getconf');
$settings = $app->getconf->get_global_config('domains');
@@ -384,21 +399,21 @@
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
- if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
- if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = '-';
- if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
- if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
- if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
- if($client['force_suexec'] != 'n') $this->dataRecord['suexec'] = 'y';
- if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
- if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
- if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';
+ if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = 'n';
+ if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = 'n';
+ if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = 'n';
+ if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = 'n';
+ if($client['limit_python'] != 'y') $this->dataRecord['python'] = 'n';
+ if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
+ if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = 'n';
+ if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = 'n';
+ if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = 'n';
// only generate quota and traffic warnings if value has changed
if($this->id > 0) {
$old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
} else {
- $old_web_values = $_POST;
+ $old_web_values = array();
}
//* Check the traffic quota of the client
@@ -445,15 +460,15 @@
$this->dataRecord['web_folder'] = $tmp['web_folder']; // cannot be changed!
// set the settings to current if not provided (or cleared due to limits)
- if($this->dataRecord['cgi'] == '-') $this->dataRecord['cgi'] = $tmp['cgi'];
- if($this->dataRecord['ssi'] == '-') $this->dataRecord['ssi'] = $tmp['ssi'];
- if($this->dataRecord['perl'] == '-') $this->dataRecord['perl'] = $tmp['perl'];
- if($this->dataRecord['ruby'] == '-') $this->dataRecord['ruby'] = $tmp['ruby'];
- if($this->dataRecord['python'] == '-') $this->dataRecord['python'] = $tmp['python'];
- if($this->dataRecord['suexec'] == '-') $this->dataRecord['suexec'] = $tmp['suexec'];
- if($this->dataRecord['errordocs'] == '-') $this->dataRecord['errordocs'] = $tmp['errordocs'];
- if($this->dataRecord['subdomain'] == '-') $this->dataRecord['subdomain'] = $tmp['subdomain'];
- if($this->dataRecord['ssl'] == '-') $this->dataRecord['ssl'] = $tmp['ssl'];
+ if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
+ if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];
+ if($this->dataRecord['perl'] == 'n') $this->dataRecord['perl'] = $tmp['perl'];
+ if($this->dataRecord['ruby'] == 'n') $this->dataRecord['ruby'] = $tmp['ruby'];
+ if($this->dataRecord['python'] == 'n') $this->dataRecord['python'] = $tmp['python'];
+ if($this->dataRecord['suexec'] == 'n') $this->dataRecord['suexec'] = $tmp['suexec'];
+ if($this->dataRecord['errordocs'] == 'n') $this->dataRecord['errordocs'] = $tmp['errordocs'];
+ if($this->dataRecord['subdomain'] == 'n') $this->dataRecord['subdomain'] = $tmp['subdomain'];
+ if($this->dataRecord['ssl'] == 'n') $this->dataRecord['ssl'] = $tmp['ssl'];
unset($tmp);
// When the record is inserted
--
Gitblit v1.9.1