From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.
---
interface/web/sites/database_edit.php | 61 ++++++++++++++++++++++++++----
1 files changed, 53 insertions(+), 8 deletions(-)
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 959b018..c259ff0 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -116,14 +116,10 @@
if ($this->dataRecord['database_name'] != ""){
/* REMOVE the restriction */
- $app->tpl->setVar("database_name", str_replace($dbname_prefix , '', $this->dataRecord['database_name']));
+ $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix));
}
-
- if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
- $app->tpl->setVar("database_name_prefix", $global_config['dbname_prefix']);
- } else {
- $app->tpl->setVar("database_name_prefix", $dbname_prefix);
- }
+
+ $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']));
if($this->id > 0) {
//* we are editing a existing record
@@ -166,7 +162,22 @@
}
}
- }
+ } else {
+ // check if client of database parent domain is client of db user!
+ $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
+ if($this->dataRecord['database_user_id']) {
+ $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_user_id'])."'");
+ if($group['sys_groupid'] != $web_group['sys_groupid']) {
+ $app->error($app->tform->wordbook['database_client_differs_txt']);
+ }
+ }
+ if($this->dataRecord['database_ro_user_id']) {
+ $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_ro_user_id'])."'");
+ if($group['sys_groupid'] != $web_group['sys_groupid']) {
+ $app->error($app->tform->wordbook['database_client_differs_txt']);
+ }
+ }
+ }
parent::onSubmit();
@@ -185,6 +196,9 @@
//* Prevent that the database name and charset is changed
$old_record = $app->tform->getDataRecord($this->id);
+ $dbname_prefix = $app->tools_sites->getPrefix($old_record['database_name_prefix'], $dbname_prefix);
+ $this->dataRecord['database_name_prefix'] = $dbname_prefix;
+
if($old_record["database_name"] != $dbname_prefix . $this->dataRecord["database_name"]) {
$app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />';
}
@@ -192,6 +206,10 @@
$app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />';
}
+ if(!$this->dataRecord['database_user_id']) {
+ $app->tform->errorMessage .= $app->tform->wordbook["database_user_missing_txt"].'<br />';
+ }
+
//* Database username and database name shall not be empty
if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
@@ -230,11 +248,24 @@
// we need remote access rights for this server, so get it's ip address
$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
if($server_config['ip_address']!='') {
+ /*
if($this->dataRecord['remote_access'] != 'y') $this->dataRecord['remote_ips'] = '';
$this->dataRecord['remote_access'] = 'y';
if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) {
$this->dataRecord['remote_ips'] .= ($this->dataRecord['remote_ips'] != '' ? ',' : '') . $server_config['ip_address'];
}
+ */
+
+ if($this->dataRecord['remote_access'] != 'y'){
+ $this->dataRecord['remote_ips'] = $server_config['ip_address'];
+ $this->dataRecord['remote_access'] = 'y';
+ } else {
+ if($this->dataRecord['remote_ips'] != ''){
+ if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) {
+ $this->dataRecord['remote_ips'] .= ',' . $server_config['ip_address'];
+ }
+ }
+ }
}
}
@@ -255,6 +286,7 @@
$app->uses('getconf,tools_sites');
$global_config = $app->getconf->get_global_config('sites');
$dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
+ $this->dataRecord['database_name_prefix'] = $dbname_prefix;
if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
@@ -280,11 +312,24 @@
// we need remote access rights for this server, so get it's ip address
$server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
if($server_config['ip_address']!='') {
+ /*
if($this->dataRecord['remote_access'] != 'y') $this->dataRecord['remote_ips'] = '';
$this->dataRecord['remote_access'] = 'y';
if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) {
$this->dataRecord['remote_ips'] .= ($this->dataRecord['remote_ips'] != '' ? ',' : '') . $server_config['ip_address'];
}
+ */
+
+ if($this->dataRecord['remote_access'] != 'y'){
+ $this->dataRecord['remote_ips'] = $server_config['ip_address'];
+ $this->dataRecord['remote_access'] = 'y';
+ } else {
+ if($this->dataRecord['remote_ips'] != ''){
+ if(preg_match('/(^|,)' . preg_quote($server_config['ip_address'], '/') . '(,|$)/', $this->dataRecord['remote_ips']) == false) {
+ $this->dataRecord['remote_ips'] .= ',' . $server_config['ip_address'];
+ }
+ }
+ }
}
}
--
Gitblit v1.9.1