SF.net SVN: postfixadmin:[1064] trunk/edit-domain.php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1064
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1064&view=rev
Author:   christian_boltz
Date:     2011-05-31 21:47:02 +0000 (Tue, 31 May 2011)

Log Message:
-----------
edit-domain.php:
- changed UPDATE query to db_update()
  This should also fix 
  https://sourceforge.net/tracker/?func=detail&aid=3306933&group_id=191583&atid=937964
- replaced various isset($_POST[...]) with safepost() calls

Modified Paths:
--------------
    trunk/edit-domain.php

Modified: trunk/edit-domain.php
===================================================================

--- trunk/edit-domain.php	2011-05-25 22:07:40 UTC (rev 1063)
+++ trunk/edit-domain.php	2011-05-31 21:47:02 UTC (rev 1064)
@@ -59,19 +59,12 @@
 {
     if (isset ($_GET['domain'])) $domain = escape_string ($_GET['domain']);
 
-    if (isset ($_POST['fDescription'])) $fDescription = escape_string ($_POST['fDescription']);
-    if (isset ($_POST['fAliases'])) $fAliases = intval($_POST['fAliases']);
-    if (isset ($_POST['fMailboxes'])) $fMailboxes = intval($_POST['fMailboxes']);
-    if (isset ($_POST['fMaxquota'])) {
-        $fMaxquota = intval($_POST['fMaxquota']);
-    } else {
-        $fMaxquota = 0;
-    }
-    if (isset ($_POST['fDomainquota'])) {
-        $fDomainquota = intval($_POST['fDomainquota']);
-    } else {
-        $fDomainquota = $CONF['domain_quota_default'];
-    }
+    $fDescription   =       safepost('fDescription');
+    $fAliases       = (int) safepost('fAliases');
+    $fMailboxes     = (int) safepost('fMailboxes');
+    $fMaxquota      = (int) safepost('fMaxquota', 0);
+    $fDomainquota   = (int) safepost('fDomainquota', $CONF['domain_quota_default']);
+    # TODO: check for / error out on values < -1
 
     $fTransport = $CONF['transport_default'];
     if($CONF['transport'] != 'NO' && isset ($_POST['fTransport'])) {
@@ -102,19 +95,26 @@
         $sqlActive = db_get_boolean(False);
     }
 
-    $sqltransport = "";
+    $db_values = array(
+       'description'=> $fDescription,
+       'aliases'    => $fAliases,
+       'mailboxes'  => $fMailboxes,
+       'maxquota'   => $fMaxquota,
+       'quota'      => $fDomainquota,
+       'backupmx'   => $sqlBackupmx,
+       'active'     => $sqlActive,
+    );
+
     if($CONF['transport'] != 'NO') { # only change transport if it is allowed in config. Otherwise, keep the old value.
-       $sqltransport = "transport='$fTransport',";
+        $db_values['transport'] =$fTransport;
     }
 
-    $result = db_query ("UPDATE $table_domain SET description='$fDescription',aliases=$fAliases,mailboxes=$fMailboxes,maxquota=$fMaxquota,quota=$fDomainquota,$sqltransport backupmx='$sqlBackupmx',active='$sqlActive',modified=NOW() WHERE domain='$domain'");
-    if ($result['rows'] == 1)
-    {
+    $result = db_update('domain', 'domain', $domain, $db_values);
+
+    if ($result == 1) {
         header ("Location: list-domain.php");
         exit;
-    }
-    else
-    {
+    } else {
         $tMessage = $PALANG['pAdminEdit_domain_result_error'];
     }
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


