From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.
---
interface/web/dns/dns_slave_edit.php | 23 +++++++++++++++++------
1 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 5e7df85..2a5247a 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -128,7 +128,7 @@
// When the record is updated
if($this->id > 0) {
// restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ".intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ".$app->functions->intval($this->id));
$this->dataRecord["server_id"] = $tmp["server_id"];
unset($tmp);
// When the record is inserted
@@ -158,16 +158,27 @@
parent::onSubmit();
}
+ function onInsert() {
+ global $app, $conf;
+
+ // Check if record is existing already
+ $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$this->dataRecord["origin"]."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));
+
+ if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);
+
+ parent::onInsert();
+ }
+
function onAfterInsert() {
global $app, $conf;
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
- $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
- $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$this->id);
}
@@ -180,17 +191,17 @@
// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
- $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
- $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$this->id);
}
//** When the client group has changed, change also the owner of the record if the owner is not the admin user
if($this->oldDataRecord["client_group_id"] != $this->dataRecord["client_group_id"] && $this->dataRecord["sys_userid"] != 1) {
- $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
if($tmp["userid"] > 0) {
$app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$this->id);
--
Gitblit v1.9.1