postfixadmin-tracker Mailing List for PostfixAdmin (Page 59)
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
postfixadmin-tracker — Postfix Admin tracker notification - READ ONLY!
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(67) |
Nov
(83) |
Dec
(47) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(57) |
Feb
(15) |
Mar
(21) |
Apr
(38) |
May
(27) |
Jun
(38) |
Jul
(35) |
Aug
(50) |
Sep
(8) |
Oct
(9) |
Nov
(59) |
Dec
(59) |
| 2009 |
Jan
(27) |
Feb
(42) |
Mar
(63) |
Apr
(46) |
May
(26) |
Jun
(25) |
Jul
(40) |
Aug
(19) |
Sep
(17) |
Oct
(35) |
Nov
(26) |
Dec
(21) |
| 2010 |
Jan
(11) |
Feb
(19) |
Mar
(40) |
Apr
(25) |
May
(23) |
Jun
(17) |
Jul
(10) |
Aug
(18) |
Sep
(21) |
Oct
(12) |
Nov
(10) |
Dec
(22) |
| 2011 |
Jan
(30) |
Feb
(23) |
Mar
(23) |
Apr
(38) |
May
(32) |
Jun
(19) |
Jul
(20) |
Aug
(36) |
Sep
(11) |
Oct
(28) |
Nov
(4) |
Dec
(4) |
| 2012 |
Jan
(6) |
Feb
(3) |
Mar
(16) |
Apr
(28) |
May
(29) |
Jun
(10) |
Jul
(2) |
Aug
(3) |
Sep
|
Oct
(13) |
Nov
(1) |
Dec
(1) |
| 2013 |
Jan
(11) |
Feb
(7) |
Mar
(29) |
Apr
(2) |
May
(3) |
Jun
(15) |
Jul
(8) |
Aug
(5) |
Sep
(5) |
Oct
(4) |
Nov
(27) |
Dec
(81) |
| 2014 |
Jan
(12) |
Feb
(13) |
Mar
(5) |
Apr
|
May
(41) |
Jun
(16) |
Jul
(7) |
Aug
(10) |
Sep
(24) |
Oct
(50) |
Nov
|
Dec
(2) |
| 2015 |
Jan
(5) |
Feb
(2) |
Mar
(7) |
Apr
(20) |
May
(1) |
Jun
(3) |
Jul
(12) |
Aug
(1) |
Sep
(17) |
Oct
(5) |
Nov
(20) |
Dec
(10) |
| 2016 |
Jan
(10) |
Feb
(11) |
Mar
(22) |
Apr
(30) |
May
(33) |
Jun
(3) |
Jul
|
Aug
(12) |
Sep
(20) |
Oct
(11) |
Nov
(15) |
Dec
(8) |
| 2017 |
Jan
(1) |
Feb
(11) |
Mar
(10) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2018 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
(4) |
Jun
(2) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2007-12-06 21:41:10
|
Patches item #1845743, was opened at 2007-12-06 19:13 Message generated for change (Comment added) made by gingerdog You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1845743&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Accepted Priority: 5 Private: No Submitted By: amsys (amsys) Assigned to: Nobody/Anonymous (nobody) Summary: [ 1844063 ] admin can't delete mailboxes Initial Comment: I didn't tested it, I hope this resolves it :-) [ 1844063 ] admin can't delete mailboxes ---------------------------------------------------------------------- >Comment By: GingerDog (gingerdog) Date: 2007-12-06 21:41 Message: Logged In: YES user_id=1761957 Originator: NO change merged in changeset 259; I couldn't see that this could have made much of a difference, but it seems easier to read now :) (thank you amsys) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1845743&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-06 19:22:46
|
Patches item #1801073, was opened at 2007-09-24 13:47 Message generated for change (Comment added) made by amsys You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1801073&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. >Category: Database Group: None >Status: Deleted >Resolution: Out of Date Priority: 5 Private: No Submitted By: amsys (amsys) Assigned to: Nobody/Anonymous (nobody) Summary: DATABASE_MYSQL.TXT 0.3 Initial Comment: for current revision (no change in functionality) ---------------------------------------------------------------------- >Comment By: amsys (amsys) Date: 2007-12-06 20:22 Message: Logged In: YES user_id=1299438 Originator: YES outdated ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-10-15 07:41 Message: Logged In: YES user_id=1299438 Originator: YES We can get rid of TEXT fields from main structure using LEFT JOINS, this is going to improve performace and clean structure. ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-10-15 07:39 Message: Logged In: YES user_id=1299438 Originator: YES File Added: DB_0.3.TXT.gz ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-09-24 21:11 Message: Logged In: YES user_id=1299438 Originator: YES File Added: 08-new-update.patch.gz ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-09-24 18:48 Message: Logged In: YES user_id=1299438 Originator: YES found one bug and possible improvements. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1801073&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-06 19:21:21
|
Bugs item #1844063, was opened at 2007-12-04 14:16 Message generated for change (Comment added) made by amsys You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1844063&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: admin can't delete mailboxes Initial Comment: on the search result page, when i try to delete a mailbox with a virtual domain's admin account, it gives "Invalid parameter!" error. i checked out delete.php, and it seems the table parameter doesn't get passed. checked out the 'del' link, and indeed, no table parameter in the link (but only on the search results page). if i'm logged in with superadmin, everything is alright. SVN revision 257 ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-12-06 20:21 Message: Logged In: YES user_id=1299438 Originator: NO http://sourceforge.net/tracker/index.php?func=detail&aid=1845743&group_id=191583&atid=937966 Try this, maybe it will work then (didn't tested) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1844063&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-06 19:13:30
|
Patches item #1845743, was opened at 2007-12-06 20:13 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1845743&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: amsys (amsys) Assigned to: Nobody/Anonymous (nobody) Summary: [ 1844063 ] admin can't delete mailboxes Initial Comment: I didn't tested it, I hope this resolves it :-) [ 1844063 ] admin can't delete mailboxes ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1845743&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-05 23:18:07
|
Feature Requests item #1843281, was opened at 2007-12-03 12:42 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1843281&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None >Group: SVN (please specify revision!) Status: Open >Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) >Summary: language chooser Initial Comment: Hello all I have installed postfixadmin and set the language to nl, this works on a dutch browser, all text is translated like it should. But if i use a English browser the translations are not done, it all stays English. Is this desired behavior? and am i missing something in the config file regards, Johan ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-12-06 00:18 Message: Logged In: YES user_id=593261 Originator: NO Good point - having a language selector would be a good idea. Possible location: login page Technical implementation: a) set a cookie b) ignore the Accept-Language header if the language cookie is set ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-12-05 15:15 Message: Logged In: NO Well i think it would be more logic that if you do not set language that it defaults to the browser but if you set the language that it stick to that language regardless of the browser language. now i only can use nl if i am behind an nl browser. If i am behind an polish browser i am lost. regards, Johan ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-12-03 13:25 Message: Logged In: YES user_id=593261 Originator: NO Yes, this is desired behaviour. Postfixadmin checks the Accept-Language HTTP header and then uses the requested language. (Hint: Most browsers have a "preferred language" setting.) Do you need a different behaviour (like enforcing a language independent of the Accept-Language header)? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1843281&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-05 14:15:09
|
Bugs item #1843281, was opened at 2007-12-03 03:42 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1843281&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Closed Resolution: Works For Me Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: language Initial Comment: Hello all I have installed postfixadmin and set the language to nl, this works on a dutch browser, all text is translated like it should. But if i use a English browser the translations are not done, it all stays English. Is this desired behavior? and am i missing something in the config file regards, Johan ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-12-05 06:15 Message: Logged In: NO Well i think it would be more logic that if you do not set language that it defaults to the browser but if you set the language that it stick to that language regardless of the browser language. now i only can use nl if i am behind an nl browser. If i am behind an polish browser i am lost. regards, Johan ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-12-03 04:25 Message: Logged In: YES user_id=593261 Originator: NO Yes, this is desired behaviour. Postfixadmin checks the Accept-Language HTTP header and then uses the requested language. (Hint: Most browsers have a "preferred language" setting.) Do you need a different behaviour (like enforcing a language independent of the Accept-Language header)? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1843281&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-04 13:16:48
|
Bugs item #1844063, was opened at 2007-12-04 05:16 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1844063&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: admin can't delete mailboxes Initial Comment: on the search result page, when i try to delete a mailbox with a virtual domain's admin account, it gives "Invalid parameter!" error. i checked out delete.php, and it seems the table parameter doesn't get passed. checked out the 'del' link, and indeed, no table parameter in the link (but only on the search results page). if i'm logged in with superadmin, everything is alright. SVN revision 257 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1844063&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-03 12:25:53
|
Bugs item #1843281, was opened at 2007-12-03 12:42 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1843281&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Works For Me Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: language Initial Comment: Hello all I have installed postfixadmin and set the language to nl, this works on a dutch browser, all text is translated like it should. But if i use a English browser the translations are not done, it all stays English. Is this desired behavior? and am i missing something in the config file regards, Johan ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-12-03 13:25 Message: Logged In: YES user_id=593261 Originator: NO Yes, this is desired behaviour. Postfixadmin checks the Accept-Language HTTP header and then uses the requested language. (Hint: Most browsers have a "preferred language" setting.) Do you need a different behaviour (like enforcing a language independent of the Accept-Language header)? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1843281&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-03 11:41:59
|
Bugs item #1843281, was opened at 2007-12-03 03:42 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1843281&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: language Initial Comment: Hello all I have installed postfixadmin and set the language to nl, this works on a dutch browser, all text is translated like it should. But if i use a English browser the translations are not done, it all stays English. Is this desired behavior? and am i missing something in the config file regards, Johan ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1843281&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-12-02 19:23:32
|
Feature Requests item #1839070, was opened at 2007-11-27 00:52 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839070&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 3 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) >Summary: wrap templates into functions Initial Comment: Template files should be renamed to *.php to avoid that they are downloadable from any postfixadmin installation. Initially suggested by Jan Örnstedt (ornstedt) in http://sourceforge.net/tracker/index.php?func=detail&aid=1838327&group_id=191583&atid=937964 Note: When we do this, we also have to add a check for a constant (not: variable) and exit if it is not set. Something like "define postfixadmin=1" in common.php. Reason: Otherwise attackers could execute the templates and maybe do unexpected things with them. Note 2: Ideally, all template code should be wrapped into functions. This allows better control of global variable usage. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-12-02 20:23 Message: Logged In: YES user_id=593261 Originator: YES GingerDog renamed the template files in the meanwhile. A security check against direct access to the templates is needed, because with *.php template files an attacker is able to find out the path of your postfixadmin installation ("Undefined variable: PALANG in /path/to/postfixadmin/templates/users_vacation.php on line 25") which makes things worse than before :-( I just prepended all template files with (as one line) <?php if( !defined('POSTFIXADMIN') ) die( "This file cannot be used standalone." ); ?> and added define('POSTFIXADMIN', 1); to common.php. Commited to SVN r256 Advantage over checking $_SERVER or another variable: Constants can't be injected via register_globals. The remaining part in this feature request is "wrap all templates into functions" - updating the summary... ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-27 14:32 Message: Logged In: YES user_id=498787 Originator: NO Borrowed from another project... /** * security check to prevent hackers from directly accessing this file */ if (strstr($_SERVER["SCRIPT_NAME"],"sendmail.php")) { print "Why do you want to do that?"; exit; } And a .htaccess file order allow,deny deny from all Cheers Jan ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839070&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-29 01:52:21
|
Patches item #1834023, was opened at 2007-11-18 14:59 Message generated for change (Comment added) made by ornstedt You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1834023&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Languages Group: None Status: Open Resolution: Accepted Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Updated swedish translation Initial Comment: Hi, I have gone through the swedish translation and done a lot of changes. However it is not a complete translation. As I havn't got a working fetch mail I can't translate that part very well. There was a lot of bugs in the previous translation. Such as the mismatch with 0 and -1. These have been corrected. If I get the time I will submit more updates. Here is a svn diff. ---------------------------------------------------------------------- >Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-29 02:52 Message: Logged In: YES user_id=498787 Originator: YES I think we should change the meaning of the translation. As I have just confirmed. Saying anything about the mailbox being created is utterly false... We only know that we handed it over to postfix. We don't know if something trips it up on the way to the mailbox. As it did in my case ;-) A misconfigured postfix setting. Still the webpage let us believe that everything was fine. And from a "message delivery" perspective it is correct. However we have no idea if the mbox has been created or not. Unless we check the postfix queue or log files. So leave it as is and change it to "Message has been sent" or something similar. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 21:48 Message: Logged In: YES user_id=593261 Originator: NO translation update commited to SVN r245 - thanks! Regarding pSendmail_result_success: You are right, this message is not really correct. The problem is that it is used in multiple places: - create-mailbox.php - here the message is correct, because sending the welcome mail creates the mailbox - sendmail.php and broadcast-message.php - those are not about mailbox creation and should show a different message In case your latest patch has changed the meaning of the message, please undo this change to have it consistent with the other languages. I'll introduce another $PALANG string which really says "The message has been sent!" (except if you have a better idea, I'll wait until tomorrow ;-) ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-27 01:50 Message: Logged In: YES user_id=498787 Originator: YES More translations. I don't agree with this translation: $PALANG['pSendmail_result_success'] = 'The mailbox has been created!'; If and email has been sent to an alias there is no creation of a mailbox. Cheers Jan File Added: lang.diff ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-19 18:16 Message: Logged In: YES user_id=593261 Originator: NO No problem ;-) I'll close the tracker item for now, it should be reopened automatically when you add a comment or a file. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-11-19 14:14 Message: Logged In: NO Sorry for the confusion. Just a comment no new files yet. Can't promise any update before weekend. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-19 13:58 Message: Logged In: YES user_id=593261 Originator: NO Hmm, was your comment about the first set of translations you did or did you forget to attach the new patch? ;-) ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-18 21:54 Message: Logged In: YES user_id=498787 Originator: YES Regarding Fetch mail. I did change a lot of the previous translations because they where translated litterly which didn't work out very well. I believe the new translations are better. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-18 20:33 Message: Logged In: YES user_id=593261 Originator: NO Thanks for the translations and fixes! Commited to SVN (r233). Regarding fetchmail: you should be able to translate it without knowing much about fetchmail. Just translate word by word - that's what all translators do. And make sure it sounds like some computer terms ;-)) Seriously: Translating the error messages and field descriptions word by word shouldn't be a problem. If unsure, don't translate the pFetchmail_field_* texts. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1834023&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-28 00:51:15
|
Bugs item #1839084, was opened at 2007-11-27 01:40 Message generated for change (Settings changed) made by ornstedt You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839084&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) >Status: Open Resolution: Fixed Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Bugs in stylesheet.css Initial Comment: Below a patch to resolv the issues. However I am no master on stylesheets and I wonder why sendmail and broadcast mail is not inheriting the correct fonts. If I specificly add font declarations to .flat it works but not otherwise. Cheers Jan Index: stylesheet.css =================================================================== --- stylesheet.css (revision 244) +++ stylesheet.css (arbetskopia) @@ -1,7 +1,7 @@ body { background: #ffffff; color: #000000; - font-family: BitStream Vera Sans, Verdana, Arial, Helvetica, sans-serif; + font-family: "BitStream Vera Sans", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; font-weight: normal; text-align: center; @@ -22,9 +22,9 @@ } table { - // border-spacing: 0; - // padding: 0; - border-collapse: collapse; //for IE + /* border-spacing: 0; */ + /* padding: 0; */ + border-collapse: collapse; /* for IE */ } .button { ---------------------------------------------------------------------- >Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-28 01:51 Message: Logged In: YES user_id=498787 Originator: YES Maybe I was a bit unclear. This patch was only for the syntax errors. However there is still an issue with the stylesheets if the intention is that the fonts should be the same as in the "body" object. If you type the same text both in the Subject and in the body of the sendmail form you will notice the difference. Cheers Jan ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-28 00:25 Message: Logged In: YES user_id=593261 Originator: NO Indeed, the CSS file has some syntax errors. Thanks for your patch - commited to SVN r249 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839084&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 23:25:04
|
Bugs item #1839084, was opened at 2007-11-27 01:40 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839084&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Bugs in stylesheet.css Initial Comment: Below a patch to resolv the issues. However I am no master on stylesheets and I wonder why sendmail and broadcast mail is not inheriting the correct fonts. If I specificly add font declarations to .flat it works but not otherwise. Cheers Jan Index: stylesheet.css =================================================================== --- stylesheet.css (revision 244) +++ stylesheet.css (arbetskopia) @@ -1,7 +1,7 @@ body { background: #ffffff; color: #000000; - font-family: BitStream Vera Sans, Verdana, Arial, Helvetica, sans-serif; + font-family: "BitStream Vera Sans", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; font-weight: normal; text-align: center; @@ -22,9 +22,9 @@ } table { - // border-spacing: 0; - // padding: 0; - border-collapse: collapse; //for IE + /* border-spacing: 0; */ + /* padding: 0; */ + border-collapse: collapse; /* for IE */ } .button { ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-28 00:25 Message: Logged In: YES user_id=593261 Originator: NO Indeed, the CSS file has some syntax errors. Thanks for your patch - commited to SVN r249 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839084&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 22:21:08
|
Bugs item #1839061, was opened at 2007-11-27 00:21 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839061&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: SVN (please specify revision!) >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: edit-alias.php fails if first line of recipients is empty Initial Comment: (SVN r241) edit-alias.php fails with "You didn\'t enter anything at To" ($PALANG['pEdit_alias_goto_text_error1']) if the first line is blank - even if the next lines contain valid recipient addresses. Happens with both edit-alias.php and users/edit-alias.php. Funnily enough, clicking the submit button again fixes the problem because the input field is trim()med. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 23:21 Message: Logged In: YES user_id=593261 Originator: YES edit-alias.php fixed in r248. Solution: first cleanup whitespace, then check if it is empty. The other way round doesn't work reliable ;-) ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 22:58 Message: Logged In: YES user_id=593261 Originator: YES fixed in users/edit-alias.php in SVN r247. edit-alias.php is different: It doesn't error out on empty lines, but adds multiple commas to the database if a line is empty. And it allows a basically empty goto if it contains an additional linebreak :-( ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839061&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 21:58:26
|
Bugs item #1839061, was opened at 2007-11-27 00:21 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839061&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: edit-alias.php fails if first line of recipients is empty Initial Comment: (SVN r241) edit-alias.php fails with "You didn\'t enter anything at To" ($PALANG['pEdit_alias_goto_text_error1']) if the first line is blank - even if the next lines contain valid recipient addresses. Happens with both edit-alias.php and users/edit-alias.php. Funnily enough, clicking the submit button again fixes the problem because the input field is trim()med. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 22:58 Message: Logged In: YES user_id=593261 Originator: YES fixed in users/edit-alias.php in SVN r247. edit-alias.php is different: It doesn't error out on empty lines, but adds multiple commas to the database if a line is empty. And it allows a basically empty goto if it contains an additional linebreak :-( ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839061&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 21:42:30
|
Bugs item #1839063, was opened at 2007-11-27 00:22 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839063&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: SVN (please specify revision!) >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: users/edit-alias.php: mailbox not removed from alias targets Initial Comment: (SVN r241) The users/edit-alias.php has option buttons where the user can choose if an alias should (also) point to the local mailbox. But: The mailbox name is not removed from the textfield - therefore mails will always go to the mailbox unless someone removes it from the text field. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 22:42 Message: Logged In: YES user_id=593261 Originator: YES fixed in SVN r246 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839063&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 20:47:59
|
Patches item #1834023, was opened at 2007-11-18 14:59 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1834023&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Languages Group: None Status: Open Resolution: Accepted Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Updated swedish translation Initial Comment: Hi, I have gone through the swedish translation and done a lot of changes. However it is not a complete translation. As I havn't got a working fetch mail I can't translate that part very well. There was a lot of bugs in the previous translation. Such as the mismatch with 0 and -1. These have been corrected. If I get the time I will submit more updates. Here is a svn diff. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 21:48 Message: Logged In: YES user_id=593261 Originator: NO translation update commited to SVN r245 - thanks! Regarding pSendmail_result_success: You are right, this message is not really correct. The problem is that it is used in multiple places: - create-mailbox.php - here the message is correct, because sending the welcome mail creates the mailbox - sendmail.php and broadcast-message.php - those are not about mailbox creation and should show a different message In case your latest patch has changed the meaning of the message, please undo this change to have it consistent with the other languages. I'll introduce another $PALANG string which really says "The message has been sent!" (except if you have a better idea, I'll wait until tomorrow ;-) ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-27 01:50 Message: Logged In: YES user_id=498787 Originator: YES More translations. I don't agree with this translation: $PALANG['pSendmail_result_success'] = 'The mailbox has been created!'; If and email has been sent to an alias there is no creation of a mailbox. Cheers Jan File Added: lang.diff ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-19 18:16 Message: Logged In: YES user_id=593261 Originator: NO No problem ;-) I'll close the tracker item for now, it should be reopened automatically when you add a comment or a file. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-11-19 14:14 Message: Logged In: NO Sorry for the confusion. Just a comment no new files yet. Can't promise any update before weekend. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-19 13:58 Message: Logged In: YES user_id=593261 Originator: NO Hmm, was your comment about the first set of translations you did or did you forget to attach the new patch? ;-) ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-18 21:54 Message: Logged In: YES user_id=498787 Originator: YES Regarding Fetch mail. I did change a lot of the previous translations because they where translated litterly which didn't work out very well. I believe the new translations are better. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-18 20:33 Message: Logged In: YES user_id=593261 Originator: NO Thanks for the translations and fixes! Commited to SVN (r233). Regarding fetchmail: you should be able to translate it without knowing much about fetchmail. Just translate word by word - that's what all translators do. And make sure it sounds like some computer terms ;-)) Seriously: Translating the error messages and field descriptions word by word shouldn't be a problem. If unsure, don't translate the pFetchmail_field_* texts. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1834023&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 13:32:24
|
Feature Requests item #1839070, was opened at 2007-11-27 00:52 Message generated for change (Comment added) made by ornstedt You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839070&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 3 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: rename templates to *.php and other template enhancements Initial Comment: Template files should be renamed to *.php to avoid that they are downloadable from any postfixadmin installation. Initially suggested by Jan Örnstedt (ornstedt) in http://sourceforge.net/tracker/index.php?func=detail&aid=1838327&group_id=191583&atid=937964 Note: When we do this, we also have to add a check for a constant (not: variable) and exit if it is not set. Something like "define postfixadmin=1" in common.php. Reason: Otherwise attackers could execute the templates and maybe do unexpected things with them. Note 2: Ideally, all template code should be wrapped into functions. This allows better control of global variable usage. ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-27 14:32 Message: Logged In: YES user_id=498787 Originator: NO Borrowed from another project... /** * security check to prevent hackers from directly accessing this file */ if (strstr($_SERVER["SCRIPT_NAME"],"sendmail.php")) { print "Why do you want to do that?"; exit; } And a .htaccess file order allow,deny deny from all Cheers Jan ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839070&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 00:50:13
|
Patches item #1834023, was opened at 2007-11-18 14:59 Message generated for change (Comment added) made by ornstedt You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1834023&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Languages Group: None >Status: Open Resolution: Accepted Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Updated swedish translation Initial Comment: Hi, I have gone through the swedish translation and done a lot of changes. However it is not a complete translation. As I havn't got a working fetch mail I can't translate that part very well. There was a lot of bugs in the previous translation. Such as the mismatch with 0 and -1. These have been corrected. If I get the time I will submit more updates. Here is a svn diff. ---------------------------------------------------------------------- >Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-27 01:50 Message: Logged In: YES user_id=498787 Originator: YES More translations. I don't agree with this translation: $PALANG['pSendmail_result_success'] = 'The mailbox has been created!'; If and email has been sent to an alias there is no creation of a mailbox. Cheers Jan File Added: lang.diff ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-19 18:16 Message: Logged In: YES user_id=593261 Originator: NO No problem ;-) I'll close the tracker item for now, it should be reopened automatically when you add a comment or a file. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-11-19 14:14 Message: Logged In: NO Sorry for the confusion. Just a comment no new files yet. Can't promise any update before weekend. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-19 13:58 Message: Logged In: YES user_id=593261 Originator: NO Hmm, was your comment about the first set of translations you did or did you forget to attach the new patch? ;-) ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-18 21:54 Message: Logged In: YES user_id=498787 Originator: YES Regarding Fetch mail. I did change a lot of the previous translations because they where translated litterly which didn't work out very well. I believe the new translations are better. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-11-18 20:33 Message: Logged In: YES user_id=593261 Originator: NO Thanks for the translations and fixes! Commited to SVN (r233). Regarding fetchmail: you should be able to translate it without knowing much about fetchmail. Just translate word by word - that's what all translators do. And make sure it sounds like some computer terms ;-)) Seriously: Translating the error messages and field descriptions word by word shouldn't be a problem. If unsure, don't translate the pFetchmail_field_* texts. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1834023&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 00:40:28
|
Bugs item #1839084, was opened at 2007-11-27 01:40 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839084&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Bugs in stylesheet.css Initial Comment: Below a patch to resolv the issues. However I am no master on stylesheets and I wonder why sendmail and broadcast mail is not inheriting the correct fonts. If I specificly add font declarations to .flat it works but not otherwise. Cheers Jan Index: stylesheet.css =================================================================== --- stylesheet.css (revision 244) +++ stylesheet.css (arbetskopia) @@ -1,7 +1,7 @@ body { background: #ffffff; color: #000000; - font-family: BitStream Vera Sans, Verdana, Arial, Helvetica, sans-serif; + font-family: "BitStream Vera Sans", Verdana, Arial, Helvetica, sans-serif; font-size: 11px; font-weight: normal; text-align: center; @@ -22,9 +22,9 @@ } table { - // border-spacing: 0; - // padding: 0; - border-collapse: collapse; //for IE + /* border-spacing: 0; */ + /* padding: 0; */ + border-collapse: collapse; /* for IE */ } .button { ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1839084&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 00:24:27
|
Feature Requests item #1839068, was opened at 2007-11-27 00:45 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839068&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. >Category: Languages >Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jesper R. Meyer (jespermeyer) Assigned to: Nobody/Anonymous (nobody) >Summary: rename "From" and "To" in alias list/edit Initial Comment: I've translated the new strings and made some more updates to the Danish language file for rev. 230. @Christian: You are absolutely right about the translation of 'exit' in request 1828916, nice observation! I don't know if this should be a separate request, but may I suggest changing the following strings in en.lang? $PALANG['pOverview_alias_address'] = 'From'; $PALANG['pOverview_alias_goto'] = 'To'; $PALANG['pCreate_alias_goto'] = 'To'; To: $PALANG['pOverview_alias_address'] = 'Alias'; $PALANG['pOverview_alias_goto'] = 'Recipient'; $PALANG['pCreate_alias_goto'] = 'Recipient'; I think it makes the Virtual List and the add alias page more meningfull. Actually, the added Danish translation includes this change already... Regards, Jesper ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 01:24 Message: Logged In: YES user_id=593261 Originator: NO da.lang commited to SVN r244 - thanks! BTW: I introduced $PALANG['cancel'] because I'm quite sure exit is misleading in the english text already and therefore in more translations. Regarding renaming "From" and "To": Basically you are right, especially "From" could be misleading. However I have to think more about the wording - what about "address" instead of "Alias"? "To" isn't misleading IMHO, but replacing it with "Recipient" is not a problem. However, I'll probably postpone this change after the 2.2 release (except for Danish ;-) -> renaming to 'rename "From" and "To" in alias list/edit' and moving to feature requests ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839068&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-27 00:02:11
|
Bugs item #1838864, was opened at 2007-11-26 18:44 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1838864&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v 2.1 >Status: Closed >Resolution: Duplicate Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: mysql_real_escape_string need a resource identifier Initial Comment: In according with the PHP Manual, mysql_real_escape_string funcion needs a resource link identifier QUOTE: The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated. mysql_real_escape_string is used into the function escape_string and no $link is available so the escaping fails ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 01:02 Message: Logged In: YES user_id=593261 Originator: NO This is fixed since a quite long time: http://sourceforge.net/tracker/index.php?func=detail&aid=1743279&group_id=191583&atid=937964 Please upgrade to 2.2rc1 or the latest SVN version. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1838864&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-26 23:59:03
|
Bugs item #1838327, was opened at 2007-11-26 01:29 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1838327&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: SVN (please specify revision!) >Status: Closed >Resolution: Fixed Priority: 1 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Inconsistent include statements Initial Comment: The code is quite inconsisten in the include statements. Se example below. I suggest to use one type of reference in all places and not mix them. I strongly suggest removing the variable from the include statement as this variable can be manipulated from a webform. See example below: edit-domain.php:include ("templates/header.tpl"); edit-domain.php:include ("templates/menu.tpl"); edit-domain.php:include ("templates/admin_edit-domain.tpl"); edit-domain.php:include ("templates/footer.tpl"); edit-mailbox.php:include ("$incpath/templates/header.tpl"); edit-mailbox.php:include ("$incpath/templates/menu.tpl"); edit-mailbox.php:include ("$incpath/templates/edit-mailbox.tpl"); edit-mailbox.php:include ("$incpath/templates/footer.tpl"); edit-vacation.php:include ("$incpath/templates/header.tpl"); edit-vacation.php:include ("$incpath/templates/menu.tpl"); edit-vacation.php:include ("$incpath/templates/edit-vacation.tpl"); edit-vacation.php:include ("$incpath/templates/footer.tpl"); fetchmail.php:include ("./templates/header.tpl"); fetchmail.php:include ("./templates/menu.tpl"); fetchmail.php:include ("./templates/fetchmail.tpl"); fetchmail.php:include ("./templates/footer.tpl"); Secondly I suggest changing thoose template names to have a php ending as you can today browse the source code in if you type in the file name... Perhaps add a .htaccess file. Or even better move the template directory outside the web root. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-11-27 00:59 Message: Logged In: YES user_id=593261 Originator: NO Some words on $incpath: - $incpath is secure because it is set in common.php, which is included by all files using this variable. So even register_globals = on would never have any effect - the reason for introducing $incpath was the merging of admin/ with / - since the merging is done, it is no longer needed - exception: common.php - users/ will break if you remove $incpath from it To make the story short: I removed $incpath from all files except common.php (see above) - commited to SVN r243. I also tested the affected files to verify that they still work. Regarding your example with $tempfile: If register_globals is on, PHP imports the global variables when _starting_ the script, not in the middle of it. So if your example script really modifies $tempfile in the middle, you must do something realy silly like while(list($varname, $varvalue) = each($_REQUEST)) { $$varname = $varvalue; } or simply $tempfile = $_POST['tempfile']. Needless to say that you can't secure such code with register_globals = off Regarding template files: Yes, on the long term we should rename them to *.php. However, I don't see security problems because they only contain some code to generate the output. Most users won't modify the templates, therefore an attacker could also download the same code on sourceforge ;-) In fact, simply renaming the templates would reduce security because the attacker could execute them... Since renaming template files is the only thing left in this report, I opened a new tracker item for it: http://sourceforge.net/tracker/index.php?func=detail&aid=1839070&group_id=191583&atid=937967 and will close this one as fixed. If you want to respond about the template renaming, please do it in the new tracker item. For all other parts, respond here. And please open separate tracker items for each problem you report next time ;-) ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2007-11-26 08:41 Message: Logged In: YES user_id=1761957 Originator: NO Hi, I agree that the code is not consistent, and adding a .htaccess could be a good idea - however there should be no inherent security problem if someone can view the template; after all, they could view the source code to any part of the app via sourceforge.net... The variable (e.g. $incpath) can NOT be manipulated from the URL - as <code>register_globals</code> is not needed/required for PostfixAdmin, and should be turned off by default (it's also explicitly set in common.php). I have made a change to common.php which will result in postfixadmin aborting if register_globals is turned on. thanks David ---------------------------------------------------------------------- Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-26 01:31 Message: Logged In: YES user_id=498787 Originator: YES $tempfile = "12345.tmp"; ... # do something with $tempfile here # and some form processing ... unlink ($tempfile); Even if you handle $tempfile safely before unlinking it, the last statement is still very dangerous. An attacker can craft his or her own form containing a field similar to: <input type=hidden name="tempfile" value="../../../etc/passwd"> PHP will insert the field name in the global namespace as $tempfile, thus overwriting the original value of the variable. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1838327&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-26 23:51:59
|
Feature Requests item #1839070, was opened at 2007-11-27 00:52 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839070&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 3 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: rename templates to *.php and other template enhancements Initial Comment: Template files should be renamed to *.php to avoid that they are downloadable from any postfixadmin installation. Initially suggested by Jan Örnstedt (ornstedt) in http://sourceforge.net/tracker/index.php?func=detail&aid=1838327&group_id=191583&atid=937964 Note: When we do this, we also have to add a check for a constant (not: variable) and exit if it is not set. Something like "define postfixadmin=1" in common.php. Reason: Otherwise attackers could execute the templates and maybe do unexpected things with them. Note 2: Ideally, all template code should be wrapped into functions. This allows better control of global variable usage. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1839070&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2007-11-26 23:45:07
|
Patches item #1839068, was opened at 2007-11-27 00:45 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1839068&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Languages Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jesper R. Meyer (jespermeyer) Assigned to: Nobody/Anonymous (nobody) Summary: updated da.lang Initial Comment: I've translated the new strings and made some more updates to the Danish language file for rev. 230. @Christian: You are absolutely right about the translation of 'exit' in request 1828916, nice observation! I don't know if this should be a separate request, but may I suggest changing the following strings in en.lang? $PALANG['pOverview_alias_address'] = 'From'; $PALANG['pOverview_alias_goto'] = 'To'; $PALANG['pCreate_alias_goto'] = 'To'; To: $PALANG['pOverview_alias_address'] = 'Alias'; $PALANG['pOverview_alias_goto'] = 'Recipient'; $PALANG['pCreate_alias_goto'] = 'Recipient'; I think it makes the Virtual List and the add alias page more meningfull. Actually, the added Danish translation includes this change already... Regards, Jesper ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1839068&group_id=191583 |
700 messages has been excluded from this view by a project administrator.
