From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/lib/classes/client_templates.inc.php |   69 +++++++++++++++++++++++-----------
 1 files changed, 47 insertions(+), 22 deletions(-)

diff --git a/interface/lib/classes/client_templates.inc.php b/interface/lib/classes/client_templates.inc.php
index bdf9b16..d88628b 100644
--- a/interface/lib/classes/client_templates.inc.php
+++ b/interface/lib/classes/client_templates.inc.php
@@ -49,7 +49,7 @@
 
 		if($old_style == true) {
 			// we have to take care of this in an other way
-			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
 			if(is_array($in_db) && count($in_db) > 0) {
 				foreach($in_db as $item) {
 					if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@
 				if($count > 0) {
 					// add new template to client (includes those from old-style without assigned_template_id)
 					for($i = $count; $i > 0; $i--) {
-						$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
+						$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);
 					}
 				} elseif($count < 0) {
 					// remove old ones
 					for($i = $count; $i < 0; $i++) {
-						$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
+						$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);
 					}
 				}
 			}
 		} else {
 			// we have to take care of this in an other way
-			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
 			if(is_array($in_db) && count($in_db) > 0) {
 				// check which templates were removed from this client
 				foreach($in_db as $item) {
 					if(in_array($item['assigned_template_id'], $used_assigned) == false) {
 						// delete this one
-						$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
+						$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);
 					}
 				}
 			}
@@ -86,7 +86,7 @@
 			if(count($new_tpl) > 0) {
 				foreach($new_tpl as $item) {
 					// add new template to client (includes those from old-style without assigned_template_id)
-					$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
+					$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);
 				}
 			}
 		}
@@ -101,28 +101,31 @@
 	function apply_client_templates($clientId) {
 		global $app;
 
-		include '../client/form/client.tform.php';
-
 		/*
          * Get the master-template for the client
          */
-		$sql = "SELECT template_master, template_additional FROM client WHERE client_id = " . $app->functions->intval($clientId);
-		$record = $app->db->queryOneRecord($sql);
+		$sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";
+		$record = $app->db->queryOneRecord($sql, $clientId);
 		$masterTemplateId = $record['template_master'];
+		$is_reseller = ($record['limit_client'] != 0)?true:false;
+
+		include '../client/form/' . ($is_reseller ? 'reseller' : 'client') . '.tform.php';
 
 		if($record['template_additional'] != '') {
 			// we have to call the update_client_templates function
 			$templates = explode('/', $record['template_additional']);
 			$this->update_client_templates($clientId, $templates);
-			$app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));
+			$app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);
 		}
 
 		/*
          * if the master-Template is custom there is NO changing
          */
 		if ($masterTemplateId > 0){
-			$sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);
-			$limits = $app->db->queryOneRecord($sql);
+			$sql = "SELECT * FROM client_template WHERE template_id = ?";
+			$limits = $app->db->queryOneRecord($sql, $masterTemplateId);
+			if($is_reseller == true && $limits['limit_client'] == 0) $limits['limit_client'] = -1;
+			elseif($is_reseller == false && $limits['limit_client'] != 0) $limits['limit_client'] = 0;
 		} else {
 			// if there is no master template it makes NO SENSE adding sub templates.
 			// adding subtemplates are stored in client limits, so they would add up
@@ -131,21 +134,26 @@
 		}
 
 		/*
-         * Process the additional tempaltes here (add them to the limits
+         * Process the additional templates here (add them to the limits
          * if != -1)
          */
 		$addTpl = explode('/', $additionalTemplateStr);
-		$addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
+		$addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
 		foreach ($addTpls as $addTpl){
 			$item = $addTpl['client_template_id'];
-			$sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);
-			$addLimits = $app->db->queryOneRecord($sql);
+			$sql = "SELECT * FROM client_template WHERE template_id = ?";
+			$addLimits = $app->db->queryOneRecord($sql, $item);
 			$app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);
 			/* maybe the template is deleted in the meantime */
 			if (is_array($addLimits)){
 				foreach($addLimits as $k => $v){
+					if($k == 'limit_client') {
+						if($is_reseller == true && $v == 0) continue;
+						elseif($is_reseller == false && $v != 0) continue;
+					}
+					
 					/* we can remove this condition, but it is easier to debug with it (don't add ids and other non-limit values) */
-					if (strpos($k, 'limit') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec'){
+					if (strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec'){
 						$app->log('Template processing key ' . $k . ' for client ' . $clientId, LOGLEVEL_DEBUG);
 
 						/* process the numerical limits */
@@ -157,6 +165,15 @@
 								/* silent adjustment of the minimum cron frequency to 1 minute */
 								/* maybe this control test should be done via validator definition in tform.php file, but I don't know how */
 								if ($limits[$k] < 1) $limits[$k] = 1;
+								break;
+
+							case 'default_mailserver':
+							case 'default_webserver':
+							case 'default_dnsserver':
+							case 'default_slave_dnsserver':
+							case 'default_dbserver':
+								/* additional templates don't override default server from main template */
+								if ($limits[$k] == 0) $limits[$k] = $v;
 								break;
 
 							default:
@@ -222,16 +239,24 @@
          * Write all back to the database
          */
 		$update = '';
+		$update_values = array();
+		if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.
 		foreach($limits as $k => $v){
-			if ((strpos($k, 'limit') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
+			if (strpos($k, 'default') !== false and $v == 0) {
+				continue; // template doesn't define default server, client's default musn't be changed
+			}
+			if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
 				if ($update != '') $update .= ', ';
-				$update .= '`' . $k . "`='" . $v . "'";
+				$update .= '?? = ?';
+				$update_values[] = $k;
+				$update_values[] = $v;
 			}
 		}
+		$update_values[] = $clientId;
 		$app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);
 		if($update != '') {
-			$sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);
-			$app->db->query($sql);
+			$sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";
+			$app->db->query($sql, true, $update_values);
 		}
 		unset($form);
 	}

--
Gitblit v1.9.1