SF.net SVN: postfixadmin: [101] trunk/functions.inc.php

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 101
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=101&view=rev
Author:   GingerDog
Date:     2007-09-28 12:27:51 -0700 (Fri, 28 Sep 2007)

Log Message:
-----------
functions.inc.php: fix escape_string to handle arrays, move magic_quotes stuff to common.php; add flash message stuff (See also header.php)

Modified Paths:
--------------
    trunk/functions.inc.php

Modified: trunk/functions.inc.php
===================================================================

--- trunk/functions.inc.php	2007-09-27 23:46:59 UTC (rev 100)
+++ trunk/functions.inc.php	2007-09-28 19:27:51 UTC (rev 101)
@@ -98,6 +98,39 @@
 }
 
 
+/**
+ * Add an error message for display on the next page that is rendered.
+ * @param String message to show. 
+ *
+ * Stores string in session. Flushed through header template.
+ * @see _flash_string()
+ */
+function flash_error($string) {
+   _flash_string('error', $string);
+}
+
+/**
+ * Used to display an info message on successful update.
+ * @param String $string
+ * Stores data in sessio.
+ * @see _flash_string()
+ */
+function flash_info($string) {
+   _flash_string('info', $string);
+}
+/**
+ * 'Private' method used for flash_info() and flash_error().
+ */
+function _flash_string($type, $string) {
+   if(!isset($_SESSION['flash'])) {
+      $_SESSION['flash'] = array();
+   }
+   if(!isset($_SESSION['flash'][$type])) {
+      $_SESSION['flash'][$type] = array();
+   }
+   $_SESSION['flash'][$type][] = $string;
+}
+
 //
 // check_language
 // Action: checks what language the browser uses
@@ -232,16 +265,26 @@
 
 
 
-//
-// escape_string
-// Action: Escape a string
-// Call: escape_string (string string)
-//
-(ini_get('magic_quotes_gpc') ? ini_set('magic_quotes_runtime', '0') : '1');
-(ini_get('magic_quotes_gpc') ? ini_set('magic_quotes_sybase', '0') : '1');
+/**
+ * Clean a string, escaping any meta characters that could be
+ * used to disrupt an SQL string. i.e. "'" => "\'" etc.
+ *
+ * @param String (or Array) 
+ * @return String (or Array) of cleaned data, suitable for use within an SQL
+ *    statement.
+ */
 function escape_string ($string)
 {
    global $CONF;
+   // if the string is actually an array, do a recursive cleaning.
+   // Note, the array keys are not cleaned.
+   if(is_array($string)) {
+      $clean = array();
+      foreach($string as $row) {
+         $clean[] = escape_string($row);  
+      }
+      return $clean;
+   }
    if (get_magic_quotes_gpc ())
    {
       $string = stripslashes($string);
@@ -619,23 +662,38 @@
 }
 
 
-
-//
-// list_domains_for_admin
-// Action: Lists all the domains for an admin.
-// Call: list_domains_for_admin (string admin)
-//
+/**
+ * List domains for an admin user. If $username is empty, it returns all
+ * available damains for a user.
+ * Otherwise, it returns only those domains for a particular user.
+ * @param String $username
+ * @return array of domain names.
+ */
 function list_domains_for_admin ($username)
 {
    global $CONF;
    global $table_domain, $table_domain_admins;
    $list = array ();
 
-   $query = "SELECT $table_domain.domain FROM $table_domain LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain WHERE $table_domain_admins.username='$username' AND $table_domain.active='1' AND $table_domain.backupmx='0' ORDER BY $table_domain_admins.domain";
-   if ('pgsql'==$CONF['database_type'])
-   {
-      $query = "SELECT $table_domain.domain FROM $table_domain LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain WHERE $table_domain_admins.username='$username' AND $table_domain.active=true AND $table_domain.backupmx=false ORDER BY $table_domain_admins.domain";
+   $username_sql = '';
+   $active_sql = db_get_boolean(True);
+   $backupmx_sql = db_get_boolean(False);
+   if($username != '') {
+      $query = "SELECT $table_domain.domain, $table_domain_admins.username FROM $table_domain 
+         LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain 
+         WHERE $table_domain_admins.username='$username' 
+         AND $table_domain.active=$active_sql 
+         AND $table_domain.backupmx=$backupmx_sql 
+         ORDER BY $table_domain_admins.domain";
    }
+   else {
+      $query = "SELECT $table_domain.domain FROM $table_domain 
+         LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain 
+         WHERE $table_domain.active=$active_sql 
+         AND $table_domain.backupmx=$backupmx_sql 
+         ORDER BY $table_domain_admins.domain";
+   }
+
    $result = db_query ($query);
    if ($result['rows'] > 0)
    {
@@ -1233,7 +1291,7 @@
       if (function_exists ("pg_pconnect"))
       {
          $connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password'];
-         $link = @pg_pconnect ($connect_string) or die ("<p />DEBUG INFORMATION:<br />Connect: " .  pg_last_error($link) . "$DEBUG_TEXT");
+         $link = @pg_pconnect ($connect_string) or die ("<p />DEBUG INFORMATION:<br />Connect: failed to connect to database. $DEBUG_TEXT");
          pg_set_client_encoding($link, 'UNICODE');
       }
       else


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


