From e09e6888ed70b1c17d290df68742d47db89bb2b4 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 08 Feb 2009 09:59:18 -0500
Subject: [PATCH] Fixed: client can create database through phpmyadmin
---
interface/lib/classes/tform.inc.php | 87 +++++++++++++++++++++++++++----------------
1 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index dbb17fa..4bf2269 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -56,9 +56,6 @@
*
* Hint: The auto increment (ID) filed of the table has not be be definied eoarately.
*
-* @package form
-* @author Till Brehm
-* @version 1.1
*/
class tform {
@@ -133,14 +130,15 @@
$this->module = $module;
$wb = array();
+ include_once(ISPC_ROOT_PATH.'/lib/lang/'.$_SESSION['s']['language'].'.lng');
if($module == '') {
- if(is_file("lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng")) {
- include_once("lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng");
- }
+ $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng";
+ if(!file_exists($lng_file)) $lng_file = "lib/lang/en_".$this->formDef["name"].".lng";
+ include($lng_file);
} else {
- if(is_file("../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng")) {
- include_once("../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng");
- }
+ $lng_file = "../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng";
+ if(!file_exists($lng_file)) $lng_file = "../$module/lib/lang/en_".$this->formDef["name"].".lng";
+ include($lng_file);
}
$this->wordbook = $wb;
@@ -247,7 +245,7 @@
$app->uses($datasource_class);
$values = $app->$datasource_class->$datasource_function($field, $record);
} else {
- $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n";
+ $this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
}
}
@@ -527,7 +525,7 @@
$field['regex'] .= 's';
if(!preg_match($field['regex'], $record[$key])) {
$errmsg = $field['errmsg'];
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
}
}
@@ -561,9 +559,9 @@
if(!preg_match($validator['regex'], $field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
@@ -573,9 +571,9 @@
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else {
@@ -583,9 +581,9 @@
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
}
@@ -594,9 +592,9 @@
if(empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
@@ -604,9 +602,9 @@
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
@@ -615,9 +613,9 @@
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
@@ -625,11 +623,29 @@
if(!is_numeric($field_value) || $field_value <= 0){
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ break;
+ case 'ISIPV4':
+ $vip=1;
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $groups=explode(".",$field_value);
+ foreach($groups as $group){
+ if($group<0 OR $group>255)
+ $vip=0;
+ }
+ }else{$vip=0;}
+ if($vip==0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
break;
case 'CUSTOM':
// Calls a custom class to validate this record
@@ -639,7 +655,7 @@
$app->uses($validator_class);
$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
} else {
- $this->errorMessage .= "Custom validator class or function is empty<br>\r\n";
+ $this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
}
break;
default:
@@ -671,9 +687,9 @@
// checking permissions
if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
if($action == "INSERT") {
- if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.<br>\r\n";
+ if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.<br />\r\n";
} else {
- if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.<br>\r\n";
+ if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.<br />\r\n";
}
}
@@ -906,8 +922,8 @@
$escape = '`';
}
- $diffrec = array();
-
+ $this->diffrec = array();
+ /*
if(is_array($record_new) && count($record_new) > 0) {
foreach($record_new as $key => $val) {
if(@$record_old[$key] != $val) {
@@ -926,7 +942,7 @@
}
}
$this->diffrec = $diffrec;
-
+ */
// Full diff records for ISPConfig, they have a different format then the simple diffrec
$diffrec_full = array();
@@ -938,6 +954,8 @@
// Record has changed
$diffrec_full['old'][$key] = $val;
$diffrec_full['new'][$key] = $record_new[$key];
+ $this->diffrec[$key] = array( 'new' => $record_new[$key],
+ 'old' => $val);
} else {
$diffrec_full['old'][$key] = $val;
$diffrec_full['new'][$key] = $val;
@@ -949,6 +967,8 @@
// Record has changed
$diffrec_full['new'][$key] = $val;
$diffrec_full['old'][$key] = $record_old[$key];
+ $this->diffrec[$key] = array( 'old' => @$record_old[$key],
+ 'new' => $val);
} else {
$diffrec_full['new'][$key] = $val;
$diffrec_full['old'][$key] = $val;
@@ -956,12 +976,13 @@
}
}
+ //$this->diffrec = $diffrec;
// Insert the server_id, if the record has a server_id
$server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
if(isset($record_new["server_id"])) $server_id = $record_new["server_id"];
if(count($this->diffrec) > 0) {
- $diffstr = $app->db->quote(serialize($diffrec_full));
+ $diffstr = addslashes(serialize($diffrec_full));
$username = $app->db->quote($_SESSION["s"]["user"]["username"]);
$dbidx = $this->formDef['db_table_idx'].":".$primary_id;
// $action = ($action == 'INSERT')?'i':'u';
--
Gitblit v1.9.1