kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605

This commit is contained in:
Benjamin Sonntag 2016-05-26 18:32:17 +02:00
parent 93ce8ffd0f
commit e806446945
12 changed files with 53 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bureau/admin/adm_domlock.php
View File

@ -35,7 +35,7 @@ if (!$admin->enabled) {
} }
$fields = array ( $fields = array (
"domain" => array ("post", "string", ""), "domain" => array ("request", "string", ""),
); );
getFields($fields); getFields($fields);

2
bureau/admin/adm_donosu.php
View File

@ -35,7 +35,7 @@ if (!$admin->enabled) {
} }
$fields = array ( $fields = array (
"uid" => array ("post", "integer", 0), "uid" => array ("request", "integer", 0),
); );
getFields($fields); getFields($fields);

2
bureau/admin/adm_dosu.php
View File

@ -35,7 +35,7 @@ if (!$admin->enabled) {
} }
$fields = array ( $fields = array (
"uid" => array ("post", "integer", 0), "uid" => array ("request", "integer", 0),
); );
getFields($fields); getFields($fields);

2
bureau/admin/adm_quotaedit.php
View File

@ -37,7 +37,7 @@ if (!$admin->enabled) {
} }
$fields = array ( $fields = array (
"uid" => array ("post", "integer", 0), "uid" => array ("request", "integer", 0),
); );
getFields($fields); getFields($fields);

18
bureau/admin/dom_edit.php
View File

@ -301,6 +301,11 @@ if (!$r['noerase']) {
</form> </form>
</div> </div>
<?php } else { ?>
<div id="tabsdom-params">
<p class="alert alert-info"><?php __("This domain is locked, only a server administrator can unlock it."); ?></p>
</div>
<?php } ?>
<?php if ( $r["dns"] ) { ?> <?php if ( $r["dns"] ) { ?>
<div id="tabsdom-view"> <div id="tabsdom-view">
@ -308,14 +313,21 @@ if (!$r['noerase']) {
<?php __("Here is the actual DNS zone running on the AlternC server. If you just made some changes, you have to wait for it."); ?> <?php __("Here is the actual DNS zone running on the AlternC server. If you just made some changes, you have to wait for it."); ?>
</p> </p>
<div>
<pre><span class="petit" id="divdumpdns"> <pre><span class="petit" id="divdumpdns">
<a target="_blank" href="dom_dnsdump.php?domain=<?php echo urlencode($domain) ?>"><?php __("Click here to view the dump");?></a> <a target="_blank" href="dom_dnsdump.php?domain=<?php echo urlencode($domain) ?>"><?php __("Click here to view the dump");?></a>
</span> </span>
</pre> </pre>
<a href="javascript:force_update_dns_content();"><?php __("Refresh");?></a> </div>
<p>&nbsp;</p>
<p><a class="inb" href="javascript:force_update_dns_content();"><?php __("Refresh");?></a></p>
</div> </div>
<?php } // if dns ?> <?php } // if dns ?>
<?php
if (!$r['noerase']) {
?>
<div id="tabsdom-delete"> <div id="tabsdom-delete">
<h3><?php __("Domain removal"); ?></h3> <h3><?php __("Domain removal"); ?></h3>
@ -327,14 +339,14 @@ if (!$r['noerase']) {
</p> </p>
</form> </form>
</div> <!-- tabsdom-delete --> </div> <!-- tabsdom-delete -->
</div> <!-- tabsdom -->
<?php } else { // noerase <?php } else { // noerase
?> ?>
<div id="tabsdom-params"> <div id="tabsdom-delete">
<p class="alert alert-info"><?php __("This domain is locked, only a server administrator can unlock it."); ?></p> <p class="alert alert-info"><?php __("This domain is locked, only a server administrator can unlock it."); ?></p>
</div> </div>
<?php <?php
} ?> } ?>
</div> <!-- tabsdom -->
<script type="text/javascript"> <script type="text/javascript">
//document.forms['main'].sub.focus(); // not with tabs //document.forms['main'].sub.focus(); // not with tabs

2
bureau/admin/dom_editdns.php
View File

@ -31,7 +31,7 @@ require_once("../class/config.php");
include_once("head.php"); include_once("head.php");
$fields = array ( $fields = array (
"domain" => array ("post", "string", ""), "domain" => array ("request", "string", ""),
"dns" => array ("post", "integer", 1), "dns" => array ("post", "integer", 1),
"email" => array ("post", "integer", 1), "email" => array ("post", "integer", 1),
"ttl" => array ("post", "integer", 86400), "ttl" => array ("post", "integer", 86400),

2
bureau/admin/dom_subdel.php
View File

@ -31,7 +31,7 @@ require_once("../class/config.php");
include_once("head.php"); include_once("head.php");
$fields = array ( $fields = array (
"sub_domain_id" => array ("post", "integer", ""), "sub_domain_id" => array ("request", "integer", ""),
); );
getFields($fields); getFields($fields);

2
bureau/admin/dom_subedit.php
View File

@ -32,7 +32,7 @@ include_once("head.php");
$fields = array ( $fields = array (
"sub_domain_id" => array ("post", "integer", ""), "sub_domain_id" => array ("request", "integer", ""),
); );
getFields($fields); getFields($fields);

2
bureau/admin/mail_edit.php
View File

@ -26,7 +26,7 @@ require_once("../class/config.php");
include_once("head.php"); include_once("head.php");
$fields = array ( $fields = array (
"mail_id" =>array ("post","integer",""), "mail_id" =>array ("request","integer",""),
"pass" => array ("post","string",""), "pass" => array ("post","string",""),
"passconf" => array("post","string",""), "passconf" => array("post","string",""),
"quotamb" => array("post","integer",0), "quotamb" => array("post","integer",0),

7
bureau/admin/mem_cm.php
View File

@ -32,9 +32,9 @@ require_once("../class/config_nochk.php");
include_once("head.php"); include_once("head.php");
$fields = array ( $fields = array (
"usr" => array ("post", "integer", 0), "usr" => array ("request", "integer", 0),
"cookie" => array ("post", "string", ""), "cookie" => array ("request", "string", ""),
"cle" => array("post","string",""), "cle" => array("request","string",""),
); );
getFields($fields); getFields($fields);
@ -48,6 +48,7 @@ if (isset($error) && $error) {
} }
?> ?>
<form method="post" action="mem_cm2.php"> <form method="post" action="mem_cm2.php">
<?php csrf_get(); ?>
<table border="1" cellspacing="0" cellpadding="4"> <table border="1" cellspacing="0" cellpadding="4">
<tr><td colspan="2"><input type="hidden" name="usr" value="<?php ehe($usr); ?>" /><input type="hidden" name="cookie" value="<?php ehe($cookie); ?>" /> <tr><td colspan="2"><input type="hidden" name="usr" value="<?php ehe($usr); ?>" /><input type="hidden" name="cookie" value="<?php ehe($cookie); ?>" />
<?php __("Change the email of the account"); ?><br /> <?php __("Change the email of the account"); ?><br />

50
bureau/class/m_mysql.php
View File

@ -588,82 +588,82 @@ class m_mysql {
$dbn = str_replace('_', '\_', $dbn); $dbn = str_replace('_', '\_', $dbn);
$this->dbus->query("Select * from mysql.db where Db= ? and User!= ? ;", array($dbn, $cuid."_myadm")); $this->dbus->query("Select * from mysql.db where Db= ? and User!= ? ;", array($dbn, $cuid."_myadm"));
if (!$db->num_rows()) { if (!$this->dbus->num_rows()) {
$err->raise("mysql",_("Database not found")); $err->raise("mysql",_("Database not found"));
return false; return false;
} }
while ($db->next_record()) { while ($this->dbus->next_record()) {
$variable = $db->Record; $variable = $this->dbus->Record;
if ($variable['User'] == $dbu) { if ($variable['User'] == $dbu) {
$r['Host'] = $db->f('Host'); $r['Host'] = $this->dbus->f('Host');
if ($db->f('Select_priv') !== "Y") { if ($this->dbus->f('Select_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Insert_priv') !== "Y") { if ($this->dbus->f('Insert_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Update_priv') !== "Y") { if ($this->dbus->f('Update_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Delete_priv') !== "Y") { if ($this->dbus->f('Delete_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Create_priv') !== "Y") { if ($this->dbus->f('Create_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Drop_priv') !== "Y") { if ($this->dbus->f('Drop_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('References_priv') !== "Y") { if ($this->dbus->f('References_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Index_priv') !== "Y") { if ($this->dbus->f('Index_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Alter_priv') !== "Y") { if ($this->dbus->f('Alter_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Create_tmp_table_priv') !== "Y") { if ($this->dbus->f('Create_tmp_table_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Lock_tables_priv') !== "Y") { if ($this->dbus->f('Lock_tables_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Create_view_priv') !== "Y") { if ($this->dbus->f('Create_view_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Show_view_priv') !== "Y") { if ($this->dbus->f('Show_view_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Create_routine_priv') !== "Y") { if ($this->dbus->f('Create_routine_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Alter_routine_priv') !== "Y") { if ($this->dbus->f('Alter_routine_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Execute_priv') !== "Y") { if ($this->dbus->f('Execute_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Event_priv') !== "Y") { if ($this->dbus->f('Event_priv') !== "Y") {
return $r; return $r;
} }
if ($db->f('Trigger_priv') !== "Y") { if ($this->dbus->f('Trigger_priv') !== "Y") {
return $r; return $r;
} }
} }
} //endwhile } //endwhile
if (!count($r)) { if (!count($r)) {
$err->raise("mysql",_("Database not found")); $err->raise("mysql",_("Database not found")." (2)");
return false; return false;
} }
if (!$db->query("SELECT name,password from dbusers where name= ? ;", array($dbu))) { if (!$db->query("SELECT name,password from dbusers where name= ? ;", array($dbu))) {
$err->raise("mysql",_("Database not found")); $err->raise("mysql",_("Database not found")." (3)");
return false; return false;
} }
if (!$db->num_rows()) { if (!$db->num_rows()) {
$err->raise("mysql",_("Database not found")); $err->raise("mysql",_("Database not found")." (4)");
return false; return false;
} }
$db->next_record(); $db->next_record();

2
bureau/locales/fr_FR/LC_MESSAGES/messages.po
View File

@ -5230,7 +5230,7 @@ msgstr ""
#: ../class/m_mysql.php:304 #: ../class/m_mysql.php:304
msgid "An error occured. The database could not be created" msgid "An error occured. The database could not be created"
msgstr "Une erreur est survenur, la base de données n'a pas pu être créée" msgstr "Une erreur est survenue, la base de données n'a pas pu être créée"
#: ../class/m_mysql.php:322 #: ../class/m_mysql.php:322
msgid "The database was not found. I can't delete it" msgid "The database was not found. I can't delete it"