From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'
---
interface/web/client/client_message.php | 20 ++++++++++++++------
1 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 4275edb..eb8bcdb 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -51,7 +51,10 @@
//* Save data
if(isset($_POST) && count($_POST) > 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
//* Check values
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
@@ -60,12 +63,12 @@
//* Send message
if($error == '') {
if($app->functions->intval($_POST['recipient']) > 0){
- $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
+ $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']);
if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
$tmp_client_ids = explode(',', $circle['client_ids']);
$where = array();
foreach($tmp_client_ids as $tmp_client_id){
- $where[] = 'client_id = '.$tmp_client_id;
+ $where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
}
if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
$sql = "SELECT * FROM client WHERE email != ''".$where_clause;
@@ -120,8 +123,8 @@
if($_SESSION["s"]["user"]["typ"] != 'admin'){
$client_id = $app->functions->intval($_SESSION['s']['user']['client_id']);
if($client_id > 0){
- $sql = "SELECT email FROM client WHERE client_id = ".$client_id;
- $client = $app->db->queryOneRecord($sql);
+ $sql = "SELECT email FROM client WHERE client_id = ?";
+ $client = $app->db->queryOneRecord($sql, $client_id);
if($client['email'] != '') $app->tpl->setVar('sender', $client['email']);
}
}
@@ -146,7 +149,7 @@
//message variables
$message_variables = '';
-$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional') AND Field NOT LIKE 'limit_%'";
+$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional', 'force_suexec', 'default_slave_dnsserver', 'usertheme', 'locked', 'canceled', 'can_use_api', 'tmp_data', 'customer_no_template', 'customer_no_start', 'customer_no_counter', 'added_date', 'added_by') AND Field NOT LIKE 'limit_%'";
$field_names = $app->db->queryAllRecords($sql);
if(!empty($field_names) && is_array($field_names)){
foreach($field_names as $field_name){
@@ -161,6 +164,11 @@
}
$app->tpl->setVar('message_variables', trim($message_variables));
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar('okmsg', $msg);
$app->tpl->setVar('error', $error);
--
Gitblit v1.9.1