From fc0edb2f00bcdc6baaaa29f9041e82f3003b9b44 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Sun, 07 Jun 2015 12:16:19 -0400
Subject: [PATCH] Merge branch 'master' into 'master'

---
 interface/web/tools/resync.php |   62 ++++++++++++++++++++++++------
 1 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 6a85b18..ef47fd7 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -51,6 +51,14 @@
 class page_action extends tform_actions {
 
 	//* called during onShowEnd
+	/*
+	* @param array $server_rec
+	* @param string $server_type
+	* @param string or array $search
+	*
+	* @return array
+	*/
+
 	private function create_list($server_rec, $server_type, $search) {
 
 		$server_count = 0;
@@ -98,7 +106,7 @@
         			'index_field' =>  'mailuser_id',
         			'server_type' => 'mail',
 					'server_id' => $server_id,
-    			),
+				),
 			);
 		}
 		if($type == 'mail_filter') {
@@ -116,6 +124,20 @@
 					'index_field' => 'filter_id',
         			'server_type' => 'mail',
     			),
+				'spamfilter_policy' => array (
+					'index_field' => 'id',
+					'server_type' => 'mail',
+				),
+				'spamfilter_users' => array (
+					'index_field' => 'id',
+					'server_type' => 'mail',
+					'server_id' => $server_id,
+				),
+				'spamfilter_wblist' => array (
+					'index_field' => 'wblist_id',
+					'server_type' => 'mail',
+					'server_id' => $server_id,
+				),
 			);
 		}
 		if($type == 'web'  ) {
@@ -182,8 +204,8 @@
 		//* firewall
 		$array_out = array();
 		foreach($server_data as $db_table => $data) {
-			$sql = @(isset($data['server_id']))?"SELECT * FROM $db_table WHERE server_id = $server_id":"SELECT * FROM $db_table";;
-			$records = $app->db->queryAllRecords($sql);
+			$sql = @(isset($data['server_id']))?"SELECT * FROM ?? WHERE server_id = ?":"SELECT * FROM ??";
+			$records = $app->db->queryAllRecords($sql, $db_table, $server_id);
 			if (!empty($records)) array_push($array_out, $db_table);
 		}
 
@@ -232,7 +254,7 @@
 			}
 
 			//* mailfilter
-			$server_list = $this->create_list($mail_server_rec, 'mail_filter', array('mail_access', 'mail_content_filter', 'mail_user_filter'));
+			$server_list = $this->create_list($mail_server_rec, 'mail_filter', array('mail_access', 'mail_content_filter', 'mail_user_filter','spamfilter_users', 'spamfilter_wblist'));
 			$options_servers = $server_list[0];$server_count = $server_list[1];
 			unset($server_list);
 			if (isset($options_servers)) {	//* server with data found
@@ -252,6 +274,7 @@
 				$app->tpl->setVar('mailinglist_found', 1);
 				unset($options_servers);
 			}
+
 		}
 
 		//* fetch web-server
@@ -368,6 +391,10 @@
 			}
 		}
 
+		$csrf_token = $app->auth->csrf_token_get('tools_resync');
+		$app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+		$app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
+
 		parent::onShowEnd();
 	}
 			
@@ -377,23 +404,23 @@
 
 		$server_name = array();
 		if ( $server_id == 0 ) { //* resync multiple server
-			$temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ".$server_type."_server = 1 AND active = 1 AND mirror_server_id = 0");
+			$temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ?? = 1 AND active = 1 AND mirror_server_id = 0", $server_type."_server");
 			foreach ($temp as $server) {
 				$temp_id .= $server['server_id'].',';
 				$server_name[$server['server_id']] = $server['server_name'];
 			}
+			if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');
 		} else {
 			$temp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $server_id);
 			$server_name[$server_id] = $temp['server_name'];
 		}		
 		unset($temp);
 
-		if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');
-		$sql = "SELECT * FROM $db_table";
-		if ($db_table != "mail_user_filter") $sql .= " WHERE server_id IN (".$server_id.") ";
+		$sql = "SELECT * FROM ??";
+		if ($db_table != "mail_user_filter" && $db_table != "spamfilter_policy") $sql .= " WHERE server_id IN (".$server_id.") ";
 		$sql .= $opt;
 		if ($active) $sql .= " AND active = 'y'"; 
-		$records = $app->db->queryAllRecords($sql);
+		$records = $app->db->queryAllRecords($sql, $db_table);
 
 		return array($records, $server_name);
 	}			
@@ -418,7 +445,12 @@
 
     function onSubmit() {
         global $app;
-
+		
+		if(isset($_POST) && count($_POST) > 1) {
+			//* CSRF Check
+			$app->auth->csrf_token_check();
+		}
+		
 		//* all services
 		if($this->dataRecord['resync_all'] == 1) {
 			$this->dataRecord['resync_sites'] = 1;
@@ -475,6 +507,7 @@
 		//* maildomains
 		if($this->dataRecord['resync_mail'] == 1) 
 			$msg .= $this->do_resync('mail_domain', 'domain_id', 'mail', $this->dataRecord['mail_server_id'], 'domain',  $app->tform->wordbook['do_mail_txt']);
+			$msg .= $this->do_resync('spamfilter_policy', 'id', 'mail', $this->dataRecord['mail_server_id'], '',  $app->tform->wordbook['do_mail_spamfilter_policy_txt'], false);
 
 		//* mailbox
 		if($this->dataRecord['resync_mailbox'] == 1) {
@@ -487,6 +520,9 @@
 			$msg .= $this->do_resync('mail_access', 'access_id', 'mail', $this->dataRecord['mailbox_server_id'], '',  $app->tform->wordbook['do_mail_access_txt']);
 			$msg .= $this->do_resync('mail_content_filter', 'content_filter_id', 'mail', $this->dataRecord['mailbox_server_id'], '',  $app->tform->wordbook['do_mail_contentfilter_txt']);
 			$msg .= $this->do_resync('mail_user_filter', 'filter_id', 'mail', $this->dataRecord['mailbox_server_id'], '',  $app->tform->wordbook['do_mail_userfilter_txt'], false);
+			//* spam
+			$msg .= $this->do_resync('spamfilter_users', 'id', 'mail', $this->dataRecord['mailbox_server_id'], '',  $app->tform->wordbook['do_mail_spamfilter_txt'], false);
+			$msg .= $this->do_resync('spamfilter_wblist', 'wblist_id', 'mail', $this->dataRecord['mailbox_server_id'], '',  $app->tform->wordbook['do_mail_spamfilter_txt']) 	;
 		}
 
 		//* mailinglists
@@ -511,13 +547,13 @@
 					if(!empty($rr_records)) {
 						foreach($rr_records as $rec) {
 							$new_serial = $app->validate_dns->increase_serial($rec['serial']);
-							$app->db->datalogUpdate('dns_rr', "serial = '".$new_serial."'", 'id', $rec['id']);
+							$app->db->datalogUpdate('dns_rr', array("serial" => $new_serial), 'id', $rec['id']);
 						}
 					} else { 
 						$msg .= $app->tform->wordbook['no_results_txt'].'<br>';
 					}
 					$new_serial = $app->validate_dns->increase_serial($soa_rec['serial']);
-					$app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $soa_rec['id']);
+					$app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $soa_rec['id']);
 					$msg .= '['.$server_name[$soa_rec['server_id']].'] '.$soa_rec['origin'].' ('.count($rr_records).')<br>';
 				}
 			else $msg .= $app->tform->wordbook['no_results_txt'].'<br>'; 
@@ -529,7 +565,7 @@
 		if($this->dataRecord['resync_client'] == 1) {
         	$db_table = 'client';
         	$index_field = 'client_id';
-        	$records = $app->db->queryAllRecords("SELECT * FROM ".$db_table);
+        	$records = $app->db->queryAllRecords("SELECT * FROM ??", $db_table);
 			$msg .= '<b>'.$app->tform->wordbook['do_clients_txt'].'</b><br>';
 			if(!empty($records)) {
 	        	$tform_def_file = '../client/form/client.tform.php';

--
Gitblit v1.9.1