Thread: SF.net SVN: postfixadmin: [115] trunk/edit-vacation.php
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
postfixadmin-svn
|
From: <Gin...@us...> - 2007-10-02 12:49:00
|
Revision: 115
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=115&view=rev
Author: GingerDog
Date: 2007-10-02 05:49:00 -0700 (Tue, 02 Oct 2007)
Log Message:
-----------
edit-vacation.php: fix handling of empty goto field; fix handling of vacation editing if done by "someone else"
Modified Paths:
--------------
trunk/edit-vacation.php
Modified: trunk/edit-vacation.php
===================================================================
--- trunk/edit-vacation.php 2007-10-02 12:48:21 UTC (rev 114)
+++ trunk/edit-vacation.php 2007-10-02 12:49:00 UTC (rev 115)
@@ -37,23 +37,29 @@
require_once('common.php');
-$SESSID_USERNAME = authentication_get_username();
-
if($CONF['vacation'] == 'NO') {
header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
exit(0);
}
-$vacation_domain = $CONF['vacation_domain'];
-$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
-$vacation_goto = $vacation_goto . '@' . $vacation_domain;
-
+$SESSID_USERNAME = authentication_get_username();
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1];
-if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
-if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
+// only allow admins to change someone else's 'stuff'
+if(authentication_has_role('admin')) {
+ if (isset($_GET['username'])) $fUsername = escape_string ($_GET['username']);
+ if (isset($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
+}
+else {
+ $fUsername = $SESSID_USERNAME;
+ $fDomain = $USERID_DOMAIN;
+}
+$vacation_domain = $CONF['vacation_domain'];
+$vacation_goto = preg_replace('/@/', '#', $fUsername);
+$vacation_goto = $vacation_goto . '@' . $vacation_domain;
+
$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
if ($_SERVER['REQUEST_METHOD'] == "GET")
@@ -69,6 +75,7 @@
}
$tUseremail = $fUsername;
+ $tDomain = $fDomain;
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
@@ -82,14 +89,14 @@
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
- if (isset ($_GET['domain'])) {
+ if(authentication_has_role('admin') && isset($_GET['domain'])) {
$fDomain = escape_string ($_GET['domain']);
}
else {
$fDomain = $USERID_DOMAIN;
}
- if (isset ($_GET['username'])) {
- $fUsername = escape_string ($_GET['username']);
+ if(authentication_has_role('admin') && isset ($_GET['username'])) {
+ $fUsername = escape_string($_GET['username']);
}
else {
$fUsername = authentication_get_username();
@@ -117,12 +124,17 @@
{
$row = db_array ($result['result']);
$goto = $row['goto'];
-
//only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$vacation_goto,/", '', $goto);
$goto= preg_replace ( "/,$vacation_goto/", '', $goto);
-
- $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
+ $goto= preg_replace ( "/$vacation_goto/", '', $goto);
+ if($goto == '') {
+ $sql = "DELETE FROM $table_alias WHERE address = '$fUsername'";
+ }
+ else {
+ $sql = "UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'";
+ }
+ $result = db_query($sql);
if ($result['rows'] != 1)
{
$error = 1;
@@ -142,18 +154,22 @@
$row = db_array ($result['result']);
$goto = $row['goto'];
}
-
- ($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
+ $Active = db_get_boolean(True);
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
if ($result['rows'] != 1)
{
$error = 1;
}
-
- $goto = $goto . "," . $vacation_goto;
-
- $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
+ if($goto == '') {
+ $goto = $vacation_goto;
+ $sql = "INSERT INTO $table_alias (goto, address, domain, modified) VALUES ('$goto', '$fUsername', '$fDomain', NOW())";
+ }
+ else {
+ $goto = $goto . "," . $vacation_goto;
+ $sql = "UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'";
+ }
+ $result = db_query ($sql);
if ($result['rows'] != 1)
{
$error = 1;
@@ -173,7 +189,6 @@
$tMessage = $PALANG['pVacation_result_error'];
}
-$tUseremail = $SESSID_USERNAME;
include ("$incpath/templates/header.tpl");
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <chr...@us...> - 2007-11-04 01:00:45
|
Revision: 187
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=187&view=rev
Author: christian_boltz
Date: 2007-11-03 18:00:50 -0700 (Sat, 03 Nov 2007)
Log Message:
-----------
edit-vacation.php:
- changed redirect targets to list-virtual.php
Modified Paths:
--------------
trunk/edit-vacation.php
Modified: trunk/edit-vacation.php
===================================================================
--- trunk/edit-vacation.php 2007-11-04 00:54:09 UTC (rev 186)
+++ trunk/edit-vacation.php 2007-11-04 01:00:50 UTC (rev 187)
@@ -38,7 +38,7 @@
require_once('common.php');
if($CONF['vacation'] == 'NO') {
- header("Location: " . $CONF['postfix_admin_url'] . "/main.php"); # TODO
+ header("Location: " . $CONF['postfix_admin_url'] . "/list-virtual.php");
exit(0);
}
@@ -60,7 +60,7 @@
$vacation_goto = preg_replace('/@/', '#', $fUsername);
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
-$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php'; # TODO
+$fCanceltarget = $CONF['postfix_admin_url'] . "/list-virtual.php?domain=$fDomain";
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <chr...@us...> - 2007-11-12 00:14:11
|
Revision: 212
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=212&view=rev
Author: christian_boltz
Date: 2007-11-11 16:14:16 -0800 (Sun, 11 Nov 2007)
Log Message:
-----------
- Always display the $_POST data if available (tSubject and tBody were
not set, resulting in the default vacation texts displayed)
Modified Paths:
--------------
trunk/edit-vacation.php
Modified: trunk/edit-vacation.php
===================================================================
--- trunk/edit-vacation.php 2007-11-11 23:36:46 UTC (rev 211)
+++ trunk/edit-vacation.php 2007-11-12 00:14:16 UTC (rev 212)
@@ -84,10 +84,12 @@
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
- if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
- if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
- if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
- if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
+ $tSubject = safepost('fSubject');
+ $fSubject = escape_string ( $tSubject);
+ $tBody = safepost('fBody');
+ $fBody = escape_string ( $tBody);
+ $fChange = escape_string (safepost('fChange'));
+ $fBack = escape_string (safepost('fBack'));
if(authentication_has_role('admin') && isset($_GET['domain'])) {
$fDomain = escape_string ($_GET['domain']);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <chr...@us...> - 2008-02-26 20:27:11
|
Revision: 302
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=302&view=rev
Author: christian_boltz
Date: 2008-02-26 12:27:15 -0800 (Tue, 26 Feb 2008)
Log Message:
-----------
edit-vacation.php:
- fix: text changes when setting up vacation message were ignored if the
user had used vacation before (UPDATE statement did only change active
state, not subject and body)
Modified Paths:
--------------
trunk/edit-vacation.php
Modified: trunk/edit-vacation.php
===================================================================
--- trunk/edit-vacation.php 2008-02-26 19:44:27 UTC (rev 301)
+++ trunk/edit-vacation.php 2008-02-26 20:27:15 UTC (rev 302)
@@ -160,7 +160,7 @@
// insert a duplicate
$result = db_query("SELECT * FROM $table_vacation WHERE email = '$fUsername'");
if($result['rows'] == 1) {
- $result = db_query("UPDATE $table_vacation SET active = $Active, created = NOW() WHERE email = '$fUsername'");
+ $result = db_query("UPDATE $table_vacation SET active = $Active, subject = '$fSubject', body = '$fBody', created = NOW() WHERE email = '$fUsername'");
}
else {
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X