SF.net SVN: postfixadmin:[1566] trunk
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
SF.net SVN: postfixadmin:[1566] trunk
|
From: <chr...@us...> - 2013-11-10 22:22:25
|
Revision: 1566
http://sourceforge.net/p/postfixadmin/code/1566
Author: christian_boltz
Date: 2013-11-10 22:22:22 +0000 (Sun, 10 Nov 2013)
Log Message:
-----------
editactive.php:
- new, small script to change the 'active' status
- also include CSRF protection token
edit.php:
- remove handling of 'active' to make it more readable
*list*.tpl:
- change links to use editactive.php, add CSRF token
configs/menu.conf
- add url_editactive
Modified Paths:
--------------
trunk/configs/menu.conf
trunk/edit.php
trunk/templates/adminlistadmin.tpl
trunk/templates/adminlistdomain.tpl
trunk/templates/list-virtual_alias.tpl
trunk/templates/list-virtual_alias_domain.tpl
trunk/templates/list-virtual_mailbox.tpl
Added Paths:
-----------
trunk/editactive.php
Modified: trunk/configs/menu.conf
===================================================================
--- trunk/configs/menu.conf 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/configs/menu.conf 2013-11-10 22:22:22 UTC (rev 1566)
@@ -1,4 +1,5 @@
url_main = main.php
+url_editactive = editactive.php?table=
# list_admin
url_list_admin = list-admin.php
url_create_admin = edit.php?table=admin
Modified: trunk/edit.php
===================================================================
--- trunk/edit.php 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/edit.php 2013-11-10 22:22:22 UTC (rev 1566)
@@ -19,7 +19,6 @@
* GET parameters:
* table what to edit (*Handler)
* edit item to edit (if net given: a new item will be created)
- * active if given: only change active state to given value (which must be 0 or 1) and return to listview
* additional parameters will be accepted if specified in *Handler->webformConfig()[prefill] when creating a new item
*/
@@ -40,19 +39,13 @@
$new = 0;
if ($edit == "") $new = 1;
-$active = safeget('active');
-
$handler = new $handlerclass($new, $username);
$formconf = $handler->webformConfig();
authentication_require_role($formconf['required_role']);
-if ($active != '0' && $active != '1') {
- $active = ''; # ignore invalid values
-}
-
-if ($edit != '' || $active != '' || $formconf['early_init']) {
+if ($edit != '' || $formconf['early_init']) {
if (!$handler->init($edit)) {
flash_error($handler->errormsg);
header ("Location: " . $formconf['listview']);
@@ -63,7 +56,7 @@
$form_fields = $handler->getStruct();
$id_field = $handler->getId_field();
-if ($_SERVER['REQUEST_METHOD'] == "GET" && $active == '') {
+if ($_SERVER['REQUEST_METHOD'] == "GET") {
if ($edit == '') { # new - prefill fields from URL parameters if allowed in $formconf['prefill']
if ( isset($formconf['prefill']) ) {
foreach ($formconf['prefill'] as $field) {
@@ -113,11 +106,7 @@
}
}
-if ($active != '') {
- $values['active'] = $active;
-}
-
-if ($_SERVER['REQUEST_METHOD'] == "POST" || $active != '') {
+if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($formconf['hardcoded_edit']) && $formconf['hardcoded_edit']) {
$values[$id_field] = $form_fields[$id_field]['default'];
} elseif ($edit != "") {
Added: trunk/editactive.php
===================================================================
--- trunk/editactive.php (rev 0)
+++ trunk/editactive.php 2013-11-10 22:22:22 UTC (rev 1566)
@@ -0,0 +1,61 @@
+<?php
+/**
+ * Postfix Admin
+ *
+ * LICENSE
+ * This source file is subject to the GPL license that is bundled with
+ * this package in the file LICENSE.TXT.
+ *
+ * Further details on the project are available at http://postfixadmin.sf.net
+ *
+ * @version $Id$
+ * @license GNU GPL v2 or later.
+ *
+ * File: delete.php
+ * Used to delete admins, domains, mailboxes, aliases etc.
+ *
+ * Template File: none
+ */
+
+require_once('common.php');
+
+if (safeget('token') != $_SESSION['PFA_token']) die('Invalid token!');
+
+$username = authentication_get_username(); # enforce login
+
+$id = safeget('id');
+$table = safeget('table');
+$active = safeget('active');
+
+$handlerclass = ucfirst($table) . 'Handler';
+
+if ( !preg_match('/^[a-z]+$/', $table) || !file_exists("model/$handlerclass.php")) { # validate $table
+ die ("Invalid table name given!");
+}
+
+$handler = new $handlerclass(0, $username);
+
+$formconf = $handler->webformConfig();
+
+authentication_require_role($formconf['required_role']);
+
+if ($handler->init($id)) { # errors will be displayed as last step anyway, no need for duplicated code ;-)
+ if ($active != '0' && $active != '1') {
+ die(Config::Lang('invalid_parameter'));
+ }
+
+ $values['active'] = $active;
+
+ if ( $handler->set(array('active' => $active)) ) {
+ $handler->store();
+ }
+}
+
+flash_error($handler->errormsg);
+flash_info($handler->infomsg);
+
+header ("Location: " . $formconf['listview']);
+exit;
+
+/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
+?>
Property changes on: trunk/editactive.php
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+Id
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Modified: trunk/templates/adminlistadmin.tpl
===================================================================
--- trunk/templates/adminlistadmin.tpl 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/templates/adminlistadmin.tpl 2013-11-10 22:22:22 UTC (rev 1566)
@@ -18,8 +18,8 @@
{/if}
</td>
<td>{$admin.modified}</td>
- <td><a href="{#url_edit_admin#}&edit={$admin.username|escape:"url"}&active={if ($admin.active==0)}1{else}0{/if}">{$admin._active}</a></td>
- <td><a href="{#url_edit_admin#}&edit={$admin.username|escape:"url"}">{$PALANG.edit}</a></td>
+ <td><a href="{#url_editactive#}admin&id={$admin.username|escape:"url"}&active={if ($admin.active==0)}1{else}0{/if}&token={$smarty.session.PFA_token|escape:"url"}">{$admin._active}</a></td>
+ <td><a href="{#url_edit_admin#}&edit={$admin.username|escape:"url"}">{$PALANG.edit}</a></td>
<td><a href="{#url_delete#}?table=admin&delete={$admin.username|escape:"url"}&token={$smarty.session.PFA_token|escape:"url"}"
onclick="return confirm ('{$PALANG.confirm}{$PALANG.admin}: {$admin.username}');">{$PALANG.del}</a></td>
</tr>
Modified: trunk/templates/adminlistdomain.tpl
===================================================================
--- trunk/templates/adminlistdomain.tpl 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/templates/adminlistdomain.tpl 2013-11-10 22:22:22 UTC (rev 1566)
@@ -33,7 +33,7 @@
{if $CONF.transport==YES}<td>{$domain.transport}</td>{/if}
<td>{$domain._backupmx}</td>
<td>{$domain.modified}</td>
- <td><a href="{#url_edit_domain#}&edit={$domain.domain|escape:"url"}&active={if ($domain.active==0)}1{else}0{/if}">{$domain._active}</a></td>
+ <td><a href="{#url_editactive#}domain&id={$domain.domain|escape:"url"}&active={if ($domain.active==0)}1{else}0{/if}&token={$smarty.session.PFA_token|escape:"url"}">{$domain._active}</a></td>
<td><a href="{#url_edit_domain#}&edit={$domain.domain|escape:"url"}">{$PALANG.edit}</a></td>
<td><a href="{#url_delete#}?table=domain&delete={$domain.domain|escape:"url"}&token={$smarty.session.PFA_token|escape:"url"}"
onclick="return confirm ('{$PALANG.confirm_domain}{$PALANG.domain}: {$domain.domain}')">{$PALANG.del}</a></td>
Modified: trunk/templates/list-virtual_alias.tpl
===================================================================
--- trunk/templates/list-virtual_alias.tpl 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/templates/list-virtual_alias.tpl 2013-11-10 22:22:22 UTC (rev 1566)
@@ -37,7 +37,7 @@
{/if}
<td>{$item.modified}</td>
{if $check_alias_owner[$i]==true}
- <td><a href="{#url_create_alias#}&edit={$item.address|escape:"url"}&active={if ($item.active==0)}1{else}0{/if}"
+ <td><a href="{#url_editactive#}alias&id={$item.address|escape:"url"}&active={if ($item.active==0)}1{else}0{/if}&token={$smarty.session.PFA_token|escape:"url"}"
>{if $item.active==1}{$PALANG.YES}{else}{$PALANG.NO}{/if}</a></td>
<td><a href="{#url_create_alias#}&edit={$item.address|escape:"url"}">{$PALANG.edit}</a></td>
<td><a href="delete.php?table=alias&delete={$item.address|escape:"url"}&token={$smarty.session.PFA_token|escape:"url"}"
Modified: trunk/templates/list-virtual_alias_domain.tpl
===================================================================
--- trunk/templates/list-virtual_alias_domain.tpl 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/templates/list-virtual_alias_domain.tpl 2013-11-10 22:22:22 UTC (rev 1566)
@@ -30,7 +30,7 @@
{/if}
{if $item.target_domain != $fDomain}</a>{/if}</td>
<td>{$item.modified}</td>
- <td><a href="{#url_create_alias_domain#}&edit={$item.alias_domain|escape:"url"}&active={if ($item.active==0)}1{else}0{/if}">{if $item.active==1}{$PALANG.YES}{else}{$PALANG.NO}{/if}</a></td>
+ <td><a href="{#url_editactive#}aliasdomain&id={$item.alias_domain|escape:"url"}&active={if ($item.active==0)}1{else}0{/if}&token={$smarty.session.PFA_token|escape:"url"}">{if $item.active==1}{$PALANG.YES}{else}{$PALANG.NO}{/if}</a></td>
<td><a href="{#url_create_alias_domain#}&edit={$item.alias_domain|escape:"url"}">{$PALANG.edit}</a></td>
<td><a href="{#url_delete#}?table=aliasdomain&delete={$item.alias_domain|escape:"url"}&token={$smarty.session.PFA_token|escape:"url"}"
onclick="return confirm ('{$PALANG.confirm}{$PALANG.pOverview_get_alias_domains}: {$item.alias_domain} -> {$item.target_domain}');">{$PALANG.del}</a></td>
Modified: trunk/templates/list-virtual_mailbox.tpl
===================================================================
--- trunk/templates/list-virtual_mailbox.tpl 2013-11-10 22:00:16 UTC (rev 1565)
+++ trunk/templates/list-virtual_mailbox.tpl 2013-11-10 22:22:22 UTC (rev 1566)
@@ -66,7 +66,7 @@
</td>
{/if}
<td>{$item.modified}</td>
- <td><a href="{#url_create_mailbox#}&edit={$item.username|escape:"url"}&active={if ($item.active==0)}1{else}0{/if}"
+ <td><a href="{#url_editactive#}mailbox&id={$item.username|escape:"url"}&active={if ($item.active==0)}1{else}0{/if}&token={$smarty.session.PFA_token|escape:"url"}"
>{if $item.active==1}{$PALANG.YES}{else}{$PALANG.NO}{/if}</a></td>
{if $CONF.vacation_control_admin===YES && $CONF.vacation===YES}
{if $item.v_active!==-1}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
