Thread: SF.net SVN: postfixadmin:[1744] trunk/functions.inc.php (Page 5)
Brought to you by:
christian_boltz,
gingerdog
From: <chr...@us...> - 2015-02-28 22:30:28
|
Revision: 1744 http://sourceforge.net/p/postfixadmin/code/1744 Author: christian_boltz Date: 2015-02-28 22:30:21 +0000 (Sat, 28 Feb 2015) Log Message: ----------- functions.inc.php: - better formatting in db_quota_text() and db_quota_percent() results (for example, infinity sign instead of / 0 for unlimited) Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2015-02-28 22:26:14 UTC (rev 1743) +++ trunk/functions.inc.php 2015-02-28 22:30:21 UTC (rev 1744) @@ -1322,8 +1322,9 @@ */ function db_quota_text($count, $quota, $fieldname) { return " CASE $quota - WHEN '-1' THEN coalesce($count,0) - ELSE CONCAT(coalesce($count,0), ' / ', $quota) + WHEN '-1' THEN CONCAT(coalesce($count,0), ' / -') + WHEN '0' THEN CONCAT(coalesce($count,0), ' / ', '" . escape_string(html_entity_decode('∞')) . "') + ELSE CONCAT(coalesce($count,0), ' / ', $quota) END AS $fieldname"; } @@ -1335,8 +1336,9 @@ * @return string */ function db_quota_percent($count, $quota, $fieldname) { - return " CASE $quota + return " CASE $quota WHEN '-1' THEN -1 + WHEN '0' THEN -1 ELSE round(100 * coalesce($count,0) / $quota) END AS $fieldname"; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2015-06-13 19:56:28
|
Revision: 1790 http://sourceforge.net/p/postfixadmin/code/1790 Author: christian_boltz Date: 2015-06-13 19:56:26 +0000 (Sat, 13 Jun 2015) Log Message: ----------- functions.inc.php check_domain(): Measure time needed for the nameserver queries, and error_log a warning if the queries need more than 2 seconds in total. Inspired by a question from t-ask on IRC, who suffered from a slow nameserver and had some "fun" to debug it ;-) Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2015-06-08 17:25:37 UTC (rev 1789) +++ trunk/functions.inc.php 2015-06-13 19:56:26 UTC (rev 1790) @@ -207,18 +207,31 @@ // Look for an AAAA, A, or MX record for the domain if(function_exists('checkdnsrr')) { + $start = microtime(true); # check for slow nameservers, part 1 + // AAAA (IPv6) is only available in PHP v. >= 5 - if (version_compare(phpversion(), "5.0.0", ">=")) { - if (checkdnsrr($domain,'AAAA')) return ''; + if (version_compare(phpversion(), "5.0.0", ">=") && checkdnsrr($domain,'AAAA')) { + $retval = ''; + } elseif (checkdnsrr($domain,'A')) { + $retval = ''; + } elseif (checkdnsrr($domain,'MX')) { + $retval = ''; + } else { + $retval = sprintf(Config::lang('pInvalidDomainDNS'), htmlentities($domain)); } - if (checkdnsrr($domain,'A')) return ''; - if (checkdnsrr($domain,'MX')) return ''; - return sprintf(Config::lang('pInvalidDomainDNS'), htmlentities($domain)); + + $end = microtime(true); # check for slow nameservers, part 2 + $time_needed = $end - $start; + if ($time_needed > 2) { + error_log("Warning: slow nameserver - lookup for $domain took $time_needed seconds"); + } + + return $retval; } else { return 'emailcheck_resolve_domain is enabled, but function (checkdnsrr) missing!'; } } - + return ''; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2015-10-02 17:45:17
|
Revision: 1809 http://sourceforge.net/p/postfixadmin/code/1809 Author: christian_boltz Date: 2015-10-02 17:45:16 +0000 (Fri, 02 Oct 2015) Log Message: ----------- functions.inc.php: - gen_show_status(): escape mail addresses in query. Fixes https://sourceforge.net/p/postfixadmin/bugs/356/ (mostly - the edit/delete/... links in list-virtual are double-escaped) In theory this could allow SQL injection, in practise the mail address regex limits this issue to a DOS (creating a mail address with ' caused an invalid query that broke list-virtual) Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2015-09-28 20:45:58 UTC (rev 1808) +++ trunk/functions.inc.php 2015-10-02 17:45:16 UTC (rev 1809) @@ -1755,9 +1755,9 @@ list(/*NULL*/,$stat_domain) = explode('@',$g); $stat_delimiter = ""; if (!empty($CONF['recipient_delimiter'])) { - $stat_delimiter = "OR address = '" . preg_replace($delimiter_regex, "@", $g) . "'"; + $stat_delimiter = "OR address = '" . escape_string(preg_replace($delimiter_regex, "@", $g)) . "'"; } - $stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '@$stat_domain' $stat_delimiter"); + $stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '" . escape_string($g) . "' OR address = '@" . escape_string($stat_domain) . "' $stat_delimiter"); if ($stat_result['rows'] == 0) { $stat_ok = 0; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2016-04-25 11:23:36
|
Revision: 1834 http://sourceforge.net/p/postfixadmin/code/1834 Author: christian_boltz Date: 2016-04-25 11:23:35 +0000 (Mon, 25 Apr 2016) Log Message: ----------- functions.inc.php: - fix db_quota_text() for postgresql (concat() vs. ||) https://sourceforge.net/p/postfixadmin/bugs/370/ Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2016-04-11 23:54:34 UTC (rev 1833) +++ trunk/functions.inc.php 2016-04-25 11:23:35 UTC (rev 1834) @@ -1345,8 +1345,8 @@ * @return string */ function db_quota_text($count, $quota, $fieldname) { - if (db_sqlite()) { - // SQLite uses || to concatenate strings + if (db_pgsql() || db_sqlite()) { + // SQLite and PostgreSQL use || to concatenate strings return " CASE $quota WHEN '-1' THEN (coalesce($count,0) || ' / -') WHEN '0' THEN (coalesce($count,0) || ' / " . escape_string(html_entity_decode('∞')) . "') This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2016-05-15 21:14:04
|
Revision: 1838 http://sourceforge.net/p/postfixadmin/code/1838 Author: christian_boltz Date: 2016-05-15 21:14:01 +0000 (Sun, 15 May 2016) Log Message: ----------- functions.inc.php: - pacrypt(): don't stripslashes($pw) because this breaks passwords with backslashes. This stripslashes() existed since forever, but probably became harmful with all the rewrites in the last years. https://sourceforge.net/p/postfixadmin/bugs/349/ Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2016-05-15 20:04:21 UTC (rev 1837) +++ trunk/functions.inc.php 2016-05-15 21:14:01 UTC (rev 1838) @@ -866,7 +866,6 @@ */ function pacrypt ($pw, $pw_db="") { global $CONF; - $pw = stripslashes($pw); $password = ""; $salt = ""; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2016-05-16 09:27:39
|
Revision: 1839 http://sourceforge.net/p/postfixadmin/code/1839 Author: christian_boltz Date: 2016-05-16 09:27:36 +0000 (Mon, 16 May 2016) Log Message: ----------- functions.inc.php: - check_domain(): someone had the great idea to allow punicode even in TLDs, so we better allow it. https://sourceforge.net/p/postfixadmin/feature-requests/93/ Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2016-05-15 21:14:01 UTC (rev 1838) +++ trunk/functions.inc.php 2016-05-16 09:27:36 UTC (rev 1839) @@ -198,7 +198,7 @@ * TODO: skip DNS check if the domain exists in PostfixAdmin? */ function check_domain ($domain) { - if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,13}$/i', ($domain))) { + if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([-0-9A-Z]){2,13}$/i', ($domain))) { return sprintf(Config::lang('pInvalidDomainRegex'), htmlentities($domain)); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2016-09-09 19:43:20
|
Revision: 1858 http://sourceforge.net/p/postfixadmin/code/1858 Author: christian_boltz Date: 2016-09-09 19:43:18 +0000 (Fri, 09 Sep 2016) Log Message: ----------- db_connect(): drop unused variable $succes(s) One of the variable names had a typo [1], and since those variables are unused, the best way is to drop them. [1] reported by tfarina, https://github.com/postfixadmin/postfixadmin/issues/15 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2016-08-25 18:56:02 UTC (rev 1857) +++ trunk/functions.inc.php 2016-09-09 19:43:18 UTC (rev 1858) @@ -1250,7 +1250,7 @@ if ($link) { @mysql_query("SET CHARACTER SET utf8",$link); @mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'",$link); - $succes = @mysql_select_db ($CONF['database_name'], $link) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQL Select Database: " . mysql_error () . "$DEBUG_TEXT"); + @mysql_select_db ($CONF['database_name'], $link) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQL Select Database: " . mysql_error () . "$DEBUG_TEXT"); } } else { $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 3.x / 4.0 functions not available! (php5-mysql installed?)<br />database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; @@ -1261,7 +1261,7 @@ if ($link) { @mysqli_query($link,"SET CHARACTER SET utf8"); @mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'"); - $success = @mysqli_select_db ($link, $CONF['database_name']) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error ($link) . "$DEBUG_TEXT"); + @mysqli_select_db ($link, $CONF['database_name']) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error ($link) . "$DEBUG_TEXT"); } } else { $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2016-11-01 15:45:47
|
Revision: 1878 http://sourceforge.net/p/postfixadmin/code/1878 Author: christian_boltz Date: 2016-11-01 15:45:45 +0000 (Tue, 01 Nov 2016) Log Message: ----------- db_where_clause(): allow NULL and NOTNULL searchmodes Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2016-10-31 20:15:31 UTC (rev 1877) +++ trunk/functions.inc.php 2016-11-01 15:45:45 UTC (rev 1878) @@ -1688,11 +1688,13 @@ * db_where_clause * Action: builds and returns a WHERE clause for database queries. All given conditions will be AND'ed. * Call: db_where_clause (array $conditions, array $struct) - * param array $conditios: array('field' => 'value', 'field2' => 'value2, ...) + * param array $condition: array('field' => 'value', 'field2' => 'value2, ...) * param array $struct - field structure, used for automatic bool conversion * param string $additional_raw_where - raw sniplet to include in the WHERE part - typically needs to start with AND * param array $searchmode - operators to use (=, <, > etc.) - defaults to = if not specified for a field (see * $allowed_operators for available operators) + * Note: the $searchmode operator will only be used if a $condition for that field is set. + * This also means you'll need to set a (dummy) condition for NULL and NOTNULL. */ function db_where_clause($condition, $struct, $additional_raw_where = '', $searchmode = array()) { if (!is_array($condition)) { @@ -1705,7 +1707,7 @@ die('db_where_cond: parameter $struct is not an array!'); } - $allowed_operators = explode(' ', '< > >= <= = != <> CONT LIKE'); + $allowed_operators = explode(' ', '< > >= <= = != <> CONT LIKE NULL NOTNULL'); $where_parts = array(); $having_parts = array(); @@ -1726,7 +1728,15 @@ die('db_where_clause: Invalid searchmode for ' . $field); } } - $querypart = $field . $operator . "'" . escape_string($value) . "'"; + + if ($operator == "NULL") { + $querypart = $field . ' IS NULL'; + } elseif ($operator == "NOTNULL") { + $querypart = $field . ' IS NOT NULL'; + } else { + $querypart = $field . $operator . "'" . escape_string($value) . "'"; + } + if($struct[$field]['select'] != '') { $having_parts[$field] = $querypart; } else { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |