From c3ebdeed170faad291ce81cfe7bea46f1d68fb2b Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 19 Jan 2010 06:56:03 -0500
Subject: [PATCH] FS#997 - SOAP: Wrong DB entry for the remote method mail_user_filter_xxx
---
interface/lib/classes/remoting_lib.inc.php | 88 ++++++++++++++++++++++++++++++++++++++------
1 files changed, 76 insertions(+), 12 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0908275..f5b88a5 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -26,6 +26,12 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--UPDATED 08.2009--
+Full SOAP support for ISPConfig 3.1.4 b
+Updated by Arkadiusz Roch & Artur Edelman
+Copyright (c) Tri-Plex technology
+
*/
/**
@@ -58,14 +64,10 @@
*
* Hinweis:
* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
-*
-* @package form
-* @author Till Brehm
-* @version 1.1
*/
class remoting_lib {
-
+
/**
* Definition of the database atble (array)
* @var tableDef
@@ -291,14 +293,14 @@
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = addslashes($record[$key]);
+ $new_record[$key] = mysql_real_escape_string($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -317,7 +319,7 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = addslashes($record[$key]);
+ $new_record[$key] = mysql_real_escape_string($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -371,7 +373,7 @@
}
break;
case 'UNIQUE':
- if($this->action == 'NEW') {
+ if($this->action == 'INSERT') {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -584,15 +586,77 @@
return $sql;
}
+
+ function getDeleteSQL($primary_id) {
+
+ if(stristr($this->formDef['db_table'],'.')) {
+ $escape = '';
+ } else {
+ $escape = '`';
+ }
+
+ $sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ return $sql;
+ }
function getDataRecord($primary_id) {
global $app;
$escape = '`';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
- return $app->db->queryOneRecord($sql);
+ if(@is_numeric($primary_id)) {
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ return $app->db->queryOneRecord($sql);
+ } elseif (@is_array($primary_id)) {
+ $sql_where = '';
+ foreach($primary_id as $key => $val) {
+ $key = $app->db->quote($key);
+ $val = $app->db->quote($val);
+ $sql_where .= "$key = '$val' AND ";
+ }
+ $sql_where = substr($sql_where,0,-5);
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
+ return $app->db->queryAllRecords($sql);
+ } else {
+ $this->errorMessage = 'The ID must be either an integer or an array.';
+ return array();
+ }
+
+
+ }
+
+ function ispconfig_sysuser_add($params,$insert_id){
+ global $app,$sql1;
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
+ $modules = 'mail,sites,dns,tools';
+ $startmodule = 'mail';
+ $usertheme = $app->db->quote($params["usertheme"]);
+ $type = 'user';
+ $active = 1;
+ $insert_id = intval($insert_id);
+ $language = $app->db->quote($params["language"]);
+ $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+ $groups = $groupid;
+ $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+ VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
+ $app->db->query($sql1);
}
+ function ispconfig_sysuser_update($params,$client_id){
+ global $app;
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
+ $client_id = intval($client_id);
+ $sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+
+ function ispconfig_sysuser_delete($client_id){
+ global $app;
+ $client_id = intval($client_id);
+ $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
function datalogSave($action,$primary_id, $record_old, $record_new) {
global $app,$conf;
@@ -681,4 +745,4 @@
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1