mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 02:17:34 +00:00
use Request-wrapper-class for every access to $_POST superglobal
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
parent
914204b483
commit
fce310049a
9
2fa.php
9
2fa.php
@ -33,6 +33,7 @@ use Froxlor\FroxlorLogger;
|
||||
use Froxlor\FroxlorTwoFactorAuth;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
use Froxlor\PhpHelper;
|
||||
use Froxlor\User;
|
||||
@ -63,7 +64,7 @@ if ($action == 'delete') {
|
||||
]);
|
||||
Response::standardSuccess('2fa.2fa_removed');
|
||||
} elseif ($action == 'preadd') {
|
||||
$type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
|
||||
$type = Request::post('type_2fa', '0');
|
||||
|
||||
$data = "";
|
||||
if ($type > 0) {
|
||||
@ -107,9 +108,9 @@ if ($action == 'delete') {
|
||||
Response::dynamicError('Select one of the possible values for 2FA');
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
$type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
|
||||
$data = isset($_POST['data_2fa']) ? $_POST['data_2fa'] : '';
|
||||
$code = isset($_POST['codevalidation']) ? $_POST['codevalidation'] : '';
|
||||
$type = Request::post('type_2fa', '0');
|
||||
$data = Request::post('data_2fa', '');
|
||||
$code = Request::post('codevalidation', '');
|
||||
|
||||
// validate
|
||||
$result = $tfa->verifyCode($data, $code, 3);
|
||||
|
@ -106,7 +106,7 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
|
||||
Response::standardError('youcantdeleteyourself');
|
||||
}
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
Admins::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
])->delete();
|
||||
@ -122,9 +122,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Admins::getLocal($userinfo, $_POST)->add();
|
||||
Admins::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -159,9 +159,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ($result['loginname'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Admins::getLocal($userinfo, $_POST)->update();
|
||||
Admins::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -33,6 +33,7 @@
|
||||
|
||||
use Froxlor\FroxlorLogger;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
use Froxlor\UI\HTML;
|
||||
|
||||
@ -42,7 +43,7 @@ require __DIR__ . '/lib/init.php';
|
||||
$horizontal_bar_size = 950; // 1280px window width
|
||||
|
||||
if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {
|
||||
if ($_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
apcu_clear_cache();
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
|
||||
header('Location: ' . $linker->getLink([
|
||||
|
@ -32,6 +32,7 @@ use Froxlor\FileDir;
|
||||
use Froxlor\Install\AutoUpdate;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
|
||||
if ($page != 'error') {
|
||||
@ -110,7 +111,7 @@ if ($page == 'overview') {
|
||||
} // download the new archive
|
||||
elseif ($page == 'getdownload') {
|
||||
// retrieve the new version from the form
|
||||
$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
|
||||
$newversion = Request::post('newversion');
|
||||
|
||||
$result = 6;
|
||||
// valid?
|
||||
@ -130,8 +131,8 @@ elseif ($page == 'getdownload') {
|
||||
]);
|
||||
} // extract and install new version
|
||||
elseif ($page == 'extract') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
$toExtract = isset($_POST['archive']) ? $_POST['archive'] : null;
|
||||
if (Request::post('send') == 'send') {
|
||||
$toExtract = Request::post('archive');
|
||||
$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . Froxlor::getInstallDir());
|
||||
$result = AutoUpdate::extractZip($localArchive);
|
||||
@ -145,7 +146,7 @@ elseif ($page == 'extract') {
|
||||
// redirect to update-page
|
||||
Response::redirectTo('admin_updates.php');
|
||||
} else {
|
||||
$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
|
||||
$toExtract = Request::get('archive');
|
||||
$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
|
||||
}
|
||||
|
||||
@ -192,7 +193,7 @@ elseif ($page == 'extract') {
|
||||
} // display error
|
||||
elseif ($page == 'error') {
|
||||
// retrieve error-number via url-parameter
|
||||
$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
|
||||
$errno = Request::get('errno', 0);
|
||||
|
||||
// 2 = no Zlib
|
||||
// 3 = custom version detected
|
||||
|
@ -93,14 +93,14 @@ if ($userinfo['change_serversettings'] == '1') {
|
||||
asort($distributions_select);
|
||||
}
|
||||
|
||||
if ($distribution != "" && isset($_POST['finish'])) {
|
||||
if ($distribution != "" && !empty(Request::post('finish'))) {
|
||||
$valid_keys = ['http', 'dns', 'smtp', 'mail', 'antispam', 'ftp', 'system', 'distro'];
|
||||
unset($_POST['finish']);
|
||||
unset($_POST['csrf_token']);
|
||||
$params = $_POST;
|
||||
$params = Request::postAll();
|
||||
$params['distro'] = $distribution;
|
||||
$params['system'] = [];
|
||||
foreach ($_POST['system'] as $sysdaemon) {
|
||||
foreach (Request::post('system', []) as $sysdaemon) {
|
||||
$params['system'][] = $sysdaemon;
|
||||
}
|
||||
// validate params
|
||||
|
@ -68,9 +68,9 @@ if (($page == 'cronjobs' || $page == 'overview') && $userinfo['change_serversett
|
||||
}
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
if ($result['cronfile'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Cronjobs::getLocal($userinfo, $_POST)->update();
|
||||
Cronjobs::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -119,7 +119,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
|
||||
}
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
$json_result = Customers::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
@ -147,11 +147,11 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
|
||||
}
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
$json_result = Customers::getLocal($userinfo, [
|
||||
'id' => $id,
|
||||
'delete_userfiles' => (isset($_POST['delete_userfiles']) ? (int)$_POST['delete_userfiles'] : 0)
|
||||
'delete_userfiles' => Request::post('delete_userfiles', 0)
|
||||
])->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
@ -167,9 +167,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
|
||||
], $result['loginname']);
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Customers::getLocal($userinfo, $_POST)->add();
|
||||
Customers::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -243,9 +243,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ($result['loginname'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Customers::getLocal($userinfo, $_POST)->update();
|
||||
Customers::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -100,9 +100,9 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
]);
|
||||
|
||||
if ($result['domain'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send' && $alias_check['count'] == 0) {
|
||||
if (Request::post('send') == 'send' && $alias_check['count'] == 0) {
|
||||
try {
|
||||
Domains::getLocal($userinfo, $_POST)->delete();
|
||||
Domains::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -121,9 +121,9 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Domains::getLocal($userinfo, $_POST)->add();
|
||||
Domains::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -355,13 +355,13 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
$usedips[] = $ipsresultrow['id_ipandports'];
|
||||
}
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
// remove ssl ip/ports if set is empty
|
||||
if (!isset($_POST['ssl_ipandport']) || empty($_POST['ssl_ipandport'])) {
|
||||
if (empty(Request::post('ssl_ipandport'))) {
|
||||
$_POST['remove_ssl_ipandport'] = true;
|
||||
}
|
||||
Domains::getLocal($userinfo, $_POST)->update();
|
||||
Domains::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -572,13 +572,13 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'jqGetCustomerPHPConfigs') {
|
||||
$customerid = intval($_POST['customerid']);
|
||||
$customerid = intval(Request::post('customerid'));
|
||||
$allowed_phpconfigs = Customer::getCustomerDetail($customerid, 'allowed_phpconfigs');
|
||||
echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode([]);
|
||||
exit();
|
||||
} elseif ($action == 'jqSpeciallogfileNote') {
|
||||
$domainid = intval($_POST['id']);
|
||||
$newval = intval($_POST['newval']);
|
||||
$domainid = intval(Request::post('id'));
|
||||
$newval = intval(Request::post('newval'));
|
||||
try {
|
||||
$json_result = Domains::getLocal($userinfo, [
|
||||
'id' => $domainid
|
||||
@ -594,9 +594,9 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
echo 0;
|
||||
exit();
|
||||
} elseif ($action == 'import') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
$separator = Validate::validate($_POST['separator'], 'separator');
|
||||
$offset = (int)Validate::validate($_POST['offset'], 'offset', "/[0-9]/i");
|
||||
if (Request::post('send') == 'send') {
|
||||
$separator = Validate::validate(Request::post('separator'), 'separator');
|
||||
$offset = (int)Validate::validate(Request::post('offset'), 'offset', "/[0-9]/i");
|
||||
|
||||
$file_name = $_FILES['file']['tmp_name'];
|
||||
|
||||
@ -636,9 +636,9 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
]);
|
||||
}
|
||||
} elseif ($action == 'duplicate') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Domains::getLocal($userinfo, $_POST)->duplicate();
|
||||
Domains::getLocal($userinfo, Request::postAll())->duplicate();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -201,16 +201,16 @@ if ($page == 'overview') {
|
||||
$languages = Language::getLanguages();
|
||||
|
||||
if (!empty($_POST)) {
|
||||
if ($_POST['send'] == 'changepassword') {
|
||||
$old_password = Validate::validate($_POST['old_password'], 'old password');
|
||||
if (Request::post('send') == 'changepassword') {
|
||||
$old_password = Validate::validate(Request::post('old_password'), 'old password');
|
||||
|
||||
if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
|
||||
Response::standardError('oldpasswordnotcorrect');
|
||||
}
|
||||
|
||||
try {
|
||||
$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
|
||||
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
|
||||
$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
|
||||
$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -244,9 +244,9 @@ if ($page == 'overview') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
|
||||
Response::redirectTo($filename);
|
||||
}
|
||||
} elseif ($_POST['send'] == 'changetheme') {
|
||||
} elseif (Request::post('send') == 'changetheme') {
|
||||
if (Settings::Get('panel.allow_theme_change_admin') == 1) {
|
||||
$theme = Validate::validate($_POST['theme'], 'theme');
|
||||
$theme = Validate::validate(Request::post('theme'), 'theme');
|
||||
try {
|
||||
Admins::getLocal($userinfo, [
|
||||
'id' => $userinfo['adminid'],
|
||||
@ -259,8 +259,8 @@ if ($page == 'overview') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
|
||||
}
|
||||
Response::redirectTo($filename);
|
||||
} elseif ($_POST['send'] == 'changelanguage') {
|
||||
$def_language = Validate::validate($_POST['def_language'], 'default language');
|
||||
} elseif (Request::post('send') == 'changelanguage') {
|
||||
$def_language = Validate::validate(Request::post('def_language'), 'default language');
|
||||
|
||||
if (isset($languages[$def_language])) {
|
||||
try {
|
||||
|
@ -70,7 +70,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['id']) && $result['id'] == $id) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
IpsAndPorts::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
@ -91,9 +91,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
IpsAndPorts::getLocal($userinfo, $_POST)->add();
|
||||
IpsAndPorts::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -119,9 +119,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ($result['ip'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
IpsAndPorts::getLocal($userinfo, $_POST)->update();
|
||||
IpsAndPorts::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -141,7 +141,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'jqCheckIP') {
|
||||
$ip = $_POST['ip'] ?? "";
|
||||
$ip = Request::post('ip', '');
|
||||
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
|
||||
echo json_encode('<div id="ipnote" class="invalid-feedback">'.lng('error.invalidip', [$ip]).'</div>');
|
||||
} elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
|
@ -31,6 +31,7 @@ use Froxlor\UI\Collection;
|
||||
use Froxlor\UI\HTML;
|
||||
use Froxlor\UI\Listing;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
|
||||
if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
|
||||
@ -55,7 +56,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
|
||||
]
|
||||
]);
|
||||
} elseif ($action == 'truncate') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
SysLog::getLocal($userinfo, [
|
||||
'min_to_keep' => 10
|
||||
|
@ -42,11 +42,11 @@ if ($page == 'message') {
|
||||
if ($action == '') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if ($_POST['recipient'] == 0 && $userinfo['customers_see_all'] == '1') {
|
||||
if (Request::post('send') == 'send') {
|
||||
if (Request::post('recipient', -1) == 0 && $userinfo['customers_see_all'] == '1') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
|
||||
$result = Database::query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`");
|
||||
} elseif ($_POST['recipient'] == 1) {
|
||||
} elseif (Request::post('recipient', -1) == 1) {
|
||||
if ($userinfo['customers_see_all'] == '1') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
|
||||
$result = Database::query('SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`");
|
||||
@ -63,8 +63,8 @@ if ($page == 'message') {
|
||||
Response::standardError('norecipientsgiven');
|
||||
}
|
||||
|
||||
$subject = $_POST['subject'];
|
||||
$message = wordwrap($_POST['message'], 70);
|
||||
$subject = Request::post('subject');
|
||||
$message = wordwrap(Request::post('message'), 70);
|
||||
|
||||
if (!empty($message)) {
|
||||
$mailcounter = 0;
|
||||
|
@ -70,7 +70,7 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['id']) && $result['id'] == $id) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
MysqlServer::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
@ -91,9 +91,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
MysqlServer::getLocal($userinfo, $_POST)->add();
|
||||
MysqlServer::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -119,9 +119,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['id']) && $result['id'] == $id) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
MysqlServer::getLocal($userinfo, $_POST)->update();
|
||||
MysqlServer::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Response;
|
||||
|
||||
if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
|
||||
if ($_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
opcache_reset();
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
|
||||
header('Location: ' . $linker->getLink([
|
||||
|
@ -62,9 +62,9 @@ if ($page == 'overview') {
|
||||
|
||||
if ($action == 'add') {
|
||||
if ((int)$userinfo['change_serversettings'] == 1) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
PhpSettings::getLocal($userinfo, $_POST)->add();
|
||||
PhpSettings::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -114,7 +114,7 @@ if ($page == 'overview') {
|
||||
|
||||
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
|
||||
{
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
PhpSettings::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
@ -148,9 +148,9 @@ if ($page == 'overview') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
PhpSettings::getLocal($userinfo, $_POST)->update();
|
||||
PhpSettings::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -200,9 +200,9 @@ if ($page == 'overview') {
|
||||
|
||||
if ($action == 'add') {
|
||||
if ((int)$userinfo['change_serversettings'] == 1) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
FpmDaemons::getLocal($userinfo, $_POST)->add();
|
||||
FpmDaemons::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -239,9 +239,9 @@ if ($page == 'overview') {
|
||||
|
||||
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
|
||||
{
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
FpmDaemons::getLocal($userinfo, $_POST)->delete();
|
||||
FpmDaemons::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -271,9 +271,9 @@ if ($page == 'overview') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
FpmDaemons::getLocal($userinfo, $_POST)->update();
|
||||
FpmDaemons::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -73,7 +73,7 @@ if ($page == '' || $page == 'overview') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['adminid'] == $result['adminid']) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
HostingPlans::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
@ -96,9 +96,9 @@ if ($page == '' || $page == 'overview') {
|
||||
Response::standardError('nopermissionsorinvalidid');
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
HostingPlans::getLocal($userinfo, $_POST)->add();
|
||||
HostingPlans::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -176,9 +176,9 @@ if ($page == '' || $page == 'overview') {
|
||||
}
|
||||
$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
HostingPlans::getLocal($userinfo, $_POST)->update();
|
||||
HostingPlans::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -47,10 +47,10 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');
|
||||
Settings::loadSettingsInto($settings_data);
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$_part = isset($_GET['part']) ? $_GET['part'] : '';
|
||||
if ($_part == '') {
|
||||
$_part = isset($_POST['part']) ? $_POST['part'] : '';
|
||||
$_part = Request::post('part', '');
|
||||
}
|
||||
|
||||
if ($_part != '') {
|
||||
@ -69,12 +69,12 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
}
|
||||
|
||||
// check if the session timeout is too low #815
|
||||
if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] < 60) {
|
||||
if (Request::post('session_sessiontimeout', 0) < 60) {
|
||||
Response::standardError(['session_timeout', 'session_timeout_desc']);
|
||||
}
|
||||
|
||||
try {
|
||||
if (Form::processForm($settings_data, $_POST, [
|
||||
if (Form::processForm($settings_data, Request::postAll(), [
|
||||
'filename' => $filename,
|
||||
'action' => $action,
|
||||
'page' => $page,
|
||||
@ -99,7 +99,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
} else {
|
||||
$_part = isset($_GET['part']) ? $_GET['part'] : '';
|
||||
if ($_part == '') {
|
||||
$_part = isset($_POST['part']) ? $_POST['part'] : '';
|
||||
$_part = Request::post('part', '');
|
||||
}
|
||||
|
||||
$fields = Form::buildForm($settings_data, $_part);
|
||||
@ -140,7 +140,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
'phpinfo' => $phpinfo
|
||||
]);
|
||||
} elseif ($page == 'rebuildconfigs' && $userinfo['change_serversettings'] == '1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "rebuild configfiles");
|
||||
Cronjob::inserttask(TaskId::REBUILD_VHOST);
|
||||
Cronjob::inserttask(TaskId::CREATE_QUOTA);
|
||||
@ -158,7 +158,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
]);
|
||||
}
|
||||
} elseif ($page == 'updatecounters' && $userinfo['change_serversettings'] == '1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "updated resource-counters");
|
||||
$updatecounters = User::updateCounters(true);
|
||||
UI::view('user/resource-counter.html.twig', [
|
||||
@ -170,7 +170,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
]);
|
||||
}
|
||||
} elseif ($page == 'wipecleartextmailpws' && $userinfo['change_serversettings'] == '1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
|
||||
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
|
||||
Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
|
||||
@ -181,7 +181,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
]);
|
||||
}
|
||||
} elseif ($page == 'wipequotas' && $userinfo['change_serversettings'] == '1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all mailquotas");
|
||||
|
||||
// Set the quota to 0 which means unlimited
|
||||
@ -194,7 +194,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
]);
|
||||
}
|
||||
} elseif ($page == 'enforcequotas' && $userinfo['change_serversettings'] == '1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
// Fetch all accounts
|
||||
$result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`");
|
||||
|
||||
@ -233,7 +233,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
}
|
||||
} elseif ($page == 'integritycheck' && $userinfo['change_serversettings'] == '1') {
|
||||
$integrity = new IntegrityCheck();
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$integrity->fixAll();
|
||||
} elseif (isset($_GET['action']) && $_GET['action'] == "fix") {
|
||||
HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
|
||||
@ -287,7 +287,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
exit();
|
||||
} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
|
||||
// import
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
// get uploaded file
|
||||
if (isset($_FILES["import_file"]["tmp_name"])) {
|
||||
$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
|
||||
@ -330,8 +330,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
||||
$note_type = 'info';
|
||||
$note_msg = lng('admin.smtptestnote');
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
|
||||
if (Request::post('send') == 'send') {
|
||||
$test_addr = Request::post('test_addr');
|
||||
|
||||
// Initialize the mailingsystem
|
||||
$testmail = new PHPMailer(true);
|
||||
|
@ -192,7 +192,7 @@ if ($action == '') {
|
||||
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($result['varname'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$del_stmt = Database::prepare("
|
||||
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
|
||||
WHERE `adminid` = :adminid
|
||||
@ -228,7 +228,7 @@ if ($action == '') {
|
||||
if (Database::num_rows() > 0) {
|
||||
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$del_stmt = Database::prepare("
|
||||
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
|
||||
WHERE `adminid` = :adminid AND `id` = :id");
|
||||
@ -251,13 +251,13 @@ if ($action == '') {
|
||||
Response::standardError('templatenotfound');
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['prepare']) && $_POST['prepare'] == 'prepare') {
|
||||
if (Request::post('prepare') == 'prepare') {
|
||||
// email templates
|
||||
$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
|
||||
$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
|
||||
if (!array_key_exists($language, $languages)) {
|
||||
Response::standardError('templatelanguageinvalid');
|
||||
}
|
||||
$template = Validate::validate($_POST['template'], 'template');
|
||||
$template = Validate::validate(Request::post('template'), 'template');
|
||||
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT COUNT(*) as def FROM `" . TABLE_PANEL_TEMPLATES . "`
|
||||
@ -289,15 +289,15 @@ if ($action == '') {
|
||||
'formdata' => $template_add_data['template_add'],
|
||||
'replacers' => $template_add_data['template_replacers']
|
||||
]);
|
||||
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && !isset($_POST['filesend'])) {
|
||||
} elseif (Request::post('send') == 'send' && empty(Request::post('filesend'))) {
|
||||
// email templates
|
||||
$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
|
||||
$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
|
||||
if (!array_key_exists($language, $languages)) {
|
||||
Response::standardError('templatelanguageinvalid');
|
||||
}
|
||||
$template = Validate::validate($_POST['template'], 'template');
|
||||
$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
|
||||
$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
|
||||
$template = Validate::validate(Request::post('template'), 'template');
|
||||
$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
|
||||
$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
|
||||
$templates = [];
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
|
||||
@ -347,10 +347,10 @@ if ($action == '') {
|
||||
'page' => $page
|
||||
]);
|
||||
}
|
||||
} elseif (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
|
||||
} elseif (Request::post('filesend') == 'filesend') {
|
||||
// file templates
|
||||
$template = Validate::validate($_POST['template'], 'template');
|
||||
$filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
|
||||
$template = Validate::validate(Request::post('template'), 'template');
|
||||
$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
|
||||
|
||||
$ins_stmt = Database::prepare("
|
||||
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
|
||||
@ -483,9 +483,9 @@ if ($action == '') {
|
||||
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($result['varname'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
|
||||
$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
|
||||
if (Request::post('send') == 'send') {
|
||||
$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
|
||||
$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
|
||||
|
||||
$upd_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
|
||||
@ -551,8 +551,8 @@ if ($action == '') {
|
||||
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
// filetemplates
|
||||
if (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
|
||||
$filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
|
||||
if (Request::post('filesend') == 'filesend') {
|
||||
$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
|
||||
$upd_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
|
||||
`value` = :value
|
||||
|
@ -34,6 +34,7 @@ use Froxlor\Install\Update;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\System\Cronjob;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
use Froxlor\User;
|
||||
|
||||
@ -48,8 +49,8 @@ if ($page == 'overview') {
|
||||
$successful_update = false;
|
||||
$message = '';
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if ((isset($_POST['update_preconfig']) && isset($_POST['update_changesagreed']) && intval($_POST['update_changesagreed']) != 0) || !isset($_POST['update_preconfig'])) {
|
||||
if (Request::post('send') == 'send') {
|
||||
if ((!empty(Request::post('update_preconfig')) && intval(Request::post('update_changesagreed', 0)) != 0) || empty(Request::post('update_preconfig'))) {
|
||||
include_once Froxlor::getInstallDir() . 'install/updatesql.php';
|
||||
|
||||
User::updateCounters();
|
||||
|
@ -61,7 +61,7 @@ if ($action == 'delete' && $id > 0) {
|
||||
'section' => 'index',
|
||||
'page' => $page
|
||||
]);
|
||||
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
|
||||
} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
|
||||
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
|
||||
if (AREA == 'customer') {
|
||||
$chk_stmt = Database::prepare("
|
||||
@ -94,7 +94,7 @@ if ($action == 'delete' && $id > 0) {
|
||||
]);
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$ins_stmt = Database::prepare("
|
||||
INSERT INTO `" . TABLE_API_KEYS . "` SET
|
||||
`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
|
||||
|
@ -106,9 +106,9 @@ if ($page == 'overview' || $page == 'domains') {
|
||||
]);
|
||||
|
||||
if (isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
SubDomains::getLocal($userinfo, $_POST)->delete();
|
||||
SubDomains::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -127,9 +127,9 @@ if ($page == 'overview' || $page == 'domains') {
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
SubDomains::getLocal($userinfo, $_POST)->add();
|
||||
SubDomains::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -248,9 +248,9 @@ if ($page == 'overview' || $page == 'domains') {
|
||||
Response::standardError('domaincannotbeedited', $result['domain']);
|
||||
}
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
SubDomains::getLocal($userinfo, $_POST)->update();
|
||||
SubDomains::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -395,8 +395,8 @@ if ($page == 'overview' || $page == 'domains') {
|
||||
Response::standardError('domains_canteditdomain');
|
||||
}
|
||||
} elseif ($action == 'jqSpeciallogfileNote') {
|
||||
$domainid = intval($_POST['id']);
|
||||
$newval = intval($_POST['newval']);
|
||||
$domainid = intval(Request::post('id'));
|
||||
$newval = intval(Request::post('newval'));
|
||||
try {
|
||||
$json_result = SubDomains::getLocal($userinfo, [
|
||||
'id' => $domainid
|
||||
|
@ -30,6 +30,7 @@ use Froxlor\Api\Commands\EmailAccounts;
|
||||
use Froxlor\Api\Commands\EmailDomains;
|
||||
use Froxlor\Api\Commands\EmailForwarders;
|
||||
use Froxlor\Api\Commands\Emails;
|
||||
use Froxlor\Cron\Mail\Rspamd;
|
||||
use Froxlor\CurrentUser;
|
||||
use Froxlor\Database\Database;
|
||||
use Froxlor\FroxlorLogger;
|
||||
@ -160,11 +161,11 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['email']) && $result['email'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Emails::getLocal($userinfo, [
|
||||
'id' => $id,
|
||||
'delete_userfiles' => ($_POST['delete_userfiles'] ?? 0)
|
||||
'delete_userfiles' => Request::post('delete_userfiles', 0)
|
||||
])->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
@ -187,9 +188,9 @@ if ($page == 'email_domain') {
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
$json_result = Emails::getLocal($userinfo, $_POST)->add();
|
||||
$json_result = Emails::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -244,12 +245,12 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['email']) && $result['email'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Emails::getLocal($userinfo, [
|
||||
'id' => $id,
|
||||
'spam_tag_level' => $_POST['spam_tag_level'] ?? \Froxlor\Cron\Mail\Rspamd::DEFAULT_MARK_LVL,
|
||||
'spam_kill_level' => $_POST['spam_kill_level'] ?? \Froxlor\Cron\Mail\Rspamd::DEFAULT_REJECT_LVL
|
||||
'spam_tag_level' => Request::post('spam_tag_level', Rspamd::DEFAULT_MARK_LVL),
|
||||
'spam_kill_level' => Request::post('spam_kill_level', Rspamd::DEFAULT_REJECT_LVL)
|
||||
])->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
@ -386,9 +387,9 @@ if ($page == 'email_domain') {
|
||||
}
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
EmailAccounts::getLocal($userinfo, $_POST)->add();
|
||||
EmailAccounts::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -457,9 +458,9 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
EmailAccounts::getLocal($userinfo, $_POST)->update();
|
||||
EmailAccounts::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -516,9 +517,9 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
EmailAccounts::getLocal($userinfo, $_POST)->update();
|
||||
EmailAccounts::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -575,9 +576,9 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
EmailAccounts::getLocal($userinfo, $_POST)->delete();
|
||||
EmailAccounts::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -611,9 +612,9 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['email']) && $result['email'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
EmailForwarders::getLocal($userinfo, $_POST)->add();
|
||||
EmailForwarders::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -673,22 +674,15 @@ if ($page == 'email_domain') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['destination']) && $result['destination'] != '') {
|
||||
if (isset($_POST['forwarderid'])) {
|
||||
$forwarderid = intval($_POST['forwarderid']);
|
||||
} elseif (isset($_GET['forwarderid'])) {
|
||||
$forwarderid = intval($_GET['forwarderid']);
|
||||
} else {
|
||||
$forwarderid = 0;
|
||||
}
|
||||
|
||||
$forwarderid = Request::any('forwarderid', 0);
|
||||
$result['destination'] = explode(' ', $result['destination']);
|
||||
|
||||
if (isset($result['destination'][$forwarderid]) && $result['email'] != $result['destination'][$forwarderid]) {
|
||||
$forwarder = $result['destination'][$forwarderid];
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
EmailForwarders::getLocal($userinfo, $_POST)->delete();
|
||||
EmailForwarders::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -97,9 +97,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['username']) && $result['username'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DirProtections::getLocal($userinfo, $_POST)->delete();
|
||||
DirProtections::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -119,9 +119,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DirProtections::getLocal($userinfo, $_POST)->add();
|
||||
DirProtections::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -149,9 +149,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['username']) && $result['username'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DirProtections::getLocal($userinfo, $_POST)->update();
|
||||
DirProtections::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -222,9 +222,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DirOptions::getLocal($userinfo, $_POST)->delete();
|
||||
DirOptions::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -240,9 +240,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DirOptions::getLocal($userinfo, $_POST)->add();
|
||||
DirOptions::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -271,9 +271,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DirOptions::getLocal($userinfo, $_POST)->update();
|
||||
DirOptions::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -306,10 +306,10 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
|
||||
if (Settings::Get('system.exportenabled') == 1) {
|
||||
if ($action == 'abort') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "customer_extras::export - aborted scheduled data export job");
|
||||
try {
|
||||
DataDump::getLocal($userinfo, $_POST)->delete();
|
||||
DataDump::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -336,9 +336,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
DataDump::getLocal($userinfo, $_POST)->add();
|
||||
DataDump::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -87,9 +87,9 @@ if ($page == 'overview' || $page == 'accounts') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Ftps::getLocal($userinfo, $_POST)->delete();
|
||||
Ftps::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -108,9 +108,9 @@ if ($page == 'overview' || $page == 'accounts') {
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Ftps::getLocal($userinfo, $_POST)->add();
|
||||
Ftps::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -164,9 +164,9 @@ if ($page == 'overview' || $page == 'accounts') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['username']) && $result['username'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Ftps::getLocal($userinfo, $_POST)->update();
|
||||
Ftps::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
|
@ -38,6 +38,7 @@ use Froxlor\Settings;
|
||||
use Froxlor\System\Cronjob;
|
||||
use Froxlor\System\Crypt;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
use Froxlor\Validate\Validate;
|
||||
|
||||
@ -141,16 +142,16 @@ if ($page == 'overview') {
|
||||
$languages = Language::getLanguages();
|
||||
|
||||
if (!empty($_POST)) {
|
||||
if ($_POST['send'] == 'changepassword') {
|
||||
$old_password = Validate::validate($_POST['old_password'], 'old password');
|
||||
if (Request::post('send') == 'changepassword') {
|
||||
$old_password = Validate::validate(Request::post('old_password'), 'old password');
|
||||
|
||||
if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
|
||||
Response::standardError('oldpasswordnotcorrect');
|
||||
}
|
||||
|
||||
try {
|
||||
$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
|
||||
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
|
||||
$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
|
||||
$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -185,7 +186,7 @@ if ($page == 'overview') {
|
||||
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');
|
||||
|
||||
// Update ftp password
|
||||
if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
|
||||
if (Request::post('change_main_ftp') == 'true') {
|
||||
$cryptPassword = Crypt::makeCryptPassword($new_password);
|
||||
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
|
||||
SET `password` = :password
|
||||
@ -201,7 +202,7 @@ if ($page == 'overview') {
|
||||
}
|
||||
|
||||
// Update statistics password
|
||||
if (isset($_POST['change_stats']) && $_POST['change_stats'] == 'true') {
|
||||
if (Request::post('change_stats') == 'true') {
|
||||
$new_stats_password = Crypt::makeCryptPassword($new_password, true);
|
||||
|
||||
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
|
||||
@ -218,7 +219,7 @@ if ($page == 'overview') {
|
||||
}
|
||||
|
||||
// Update global myqsl user password
|
||||
if ($userinfo['mysqls'] != 0 && isset($_POST['change_global_mysql']) && $_POST['change_global_mysql'] == 'true') {
|
||||
if ($userinfo['mysqls'] != 0 && Request::post('change_global_mysql') == 'true') {
|
||||
$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);
|
||||
foreach ($allowed_mysqlservers as $dbserver) {
|
||||
// require privileged access for target db-server
|
||||
@ -235,9 +236,9 @@ if ($page == 'overview') {
|
||||
|
||||
Response::redirectTo($filename);
|
||||
}
|
||||
} elseif ($_POST['send'] == 'changetheme') {
|
||||
} elseif (Request::post('send') == 'changetheme') {
|
||||
if (Settings::Get('panel.allow_theme_change_customer') == 1) {
|
||||
$theme = Validate::validate($_POST['theme'], 'theme');
|
||||
$theme = Validate::validate(Request::post('theme'), 'theme');
|
||||
try {
|
||||
Customers::getLocal($userinfo, [
|
||||
'id' => $userinfo['customerid'],
|
||||
@ -250,8 +251,8 @@ if ($page == 'overview') {
|
||||
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
|
||||
}
|
||||
Response::redirectTo($filename);
|
||||
} elseif ($_POST['send'] == 'changelanguage') {
|
||||
$def_language = Validate::validate($_POST['def_language'], 'default language');
|
||||
} elseif (Request::post('send') == 'changelanguage') {
|
||||
$def_language = Validate::validate(Request::post('def_language'), 'default language');
|
||||
if (isset($languages[$def_language])) {
|
||||
try {
|
||||
Customers::getLocal($userinfo, [
|
||||
|
@ -123,9 +123,9 @@ if ($page == 'overview' || $page == 'mysqls') {
|
||||
$result['dbserver'] = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Mysqls::getLocal($userinfo, $_POST)->delete();
|
||||
Mysqls::getLocal($userinfo, Request::postAll())->delete();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -146,9 +146,9 @@ if ($page == 'overview' || $page == 'mysqls') {
|
||||
}
|
||||
} elseif ($action == 'add') {
|
||||
if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
Mysqls::getLocal($userinfo, $_POST)->add();
|
||||
Mysqls::getLocal($userinfo, Request::postAll())->add();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -186,9 +186,9 @@ if ($page == 'overview' || $page == 'mysqls') {
|
||||
$result = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($result['databasename']) && $result['databasename'] != '') {
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
try {
|
||||
$json_result = Mysqls::getLocal($userinfo, $_POST)->update();
|
||||
$json_result = Mysqls::getLocal($userinfo, Request::postAll())->update();
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
}
|
||||
@ -223,9 +223,9 @@ if ($page == 'overview' || $page == 'mysqls') {
|
||||
Response::dynamicError('No permission');
|
||||
}
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
|
||||
$new_password = Crypt::validatePassword($_POST['mysql_password']);
|
||||
$new_password = Crypt::validatePassword(Request::post('mysql_password'));
|
||||
foreach ($allowed_mysqlservers as $dbserver) {
|
||||
// require privileged access for target db-server
|
||||
Database::needRoot(true, $dbserver, false);
|
||||
|
@ -30,6 +30,7 @@ if (!defined('AREA')) {
|
||||
|
||||
use Froxlor\Api\Commands\DomainZones;
|
||||
use Froxlor\Dns\Dns;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\UI\Collection;
|
||||
use Froxlor\UI\HTML;
|
||||
use Froxlor\UI\Listing;
|
||||
@ -42,11 +43,11 @@ use Froxlor\UI\Response;
|
||||
|
||||
$domain_id = (int)Request::any('domain_id');
|
||||
|
||||
$record = isset($_POST['dns_record']) ? trim($_POST['dns_record']) : null;
|
||||
$type = isset($_POST['dns_type']) ? $_POST['dns_type'] : 'A';
|
||||
$prio = isset($_POST['dns_mxp']) ? (int)$_POST['dns_mxp'] : null;
|
||||
$content = isset($_POST['dns_content']) ? trim($_POST['dns_content']) : null;
|
||||
$ttl = isset($_POST['dns_ttl']) ? (int)$_POST['dns_ttl'] : 18000;
|
||||
$record = Request::post('dns_record', null);
|
||||
$type = Request::post('dns_type', 'A');
|
||||
$prio = Request::post('dns_mxp');
|
||||
$content = Request::post('dns_content');
|
||||
$ttl = (int)Request::post('dns_ttl', Settings::get('system.defaultttl'));
|
||||
|
||||
// get domain-name
|
||||
$domain = Dns::getAllowedDomainEntry($domain_id, AREA, $userinfo);
|
||||
@ -82,9 +83,9 @@ if ($action == 'add_record' && !empty($_POST)) {
|
||||
'page' => $page,
|
||||
'domain_id' => $domain_id
|
||||
]);
|
||||
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && !empty($_POST)) {
|
||||
$entry_id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
|
||||
$domain_id = isset($_POST['domain_id']) ? (int)$_POST['domain_id'] : 0;
|
||||
} elseif (Request::post('send') == 'send' && $action == 'deletesure' && !empty($_POST)) {
|
||||
$entry_id = (int)Request::post('id', 0);
|
||||
$domain_id = (int)Request::post('domain_id', 0);
|
||||
// remove entry
|
||||
if ($entry_id > 0 && $domain_id > 0) {
|
||||
try {
|
||||
|
@ -77,7 +77,7 @@ if (!empty($errid)) {
|
||||
$mail_html = nl2br($mail_body);
|
||||
|
||||
// send actual report to dev-team
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
if (Request::post('send') == 'send') {
|
||||
// send mail and say thanks
|
||||
$_mailerror = false;
|
||||
try {
|
||||
|
14
index.php
14
index.php
@ -71,7 +71,7 @@ if ($action == '2fa_entercode') {
|
||||
Response::redirectTo('index.php');
|
||||
exit();
|
||||
}
|
||||
$code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
|
||||
$code = Request::post('2fa_code');
|
||||
// verify entered code
|
||||
$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
|
||||
// get user-data
|
||||
@ -162,8 +162,8 @@ if ($action == '2fa_entercode') {
|
||||
exit();
|
||||
} elseif ($action == 'login') {
|
||||
if (!empty($_POST)) {
|
||||
$loginname = Validate::validate($_POST['loginname'], 'loginname');
|
||||
$password = Validate::validate($_POST['password'], 'password');
|
||||
$loginname = Validate::validate(Request::post('loginname'), 'loginname');
|
||||
$password = Validate::validate(Request::post('password'), 'password');
|
||||
|
||||
$select_additional = '';
|
||||
if (Settings::Get('panel.db_version') >= 202312230) {
|
||||
@ -485,8 +485,8 @@ if ($action == 'forgotpwd') {
|
||||
$message = '';
|
||||
|
||||
if (!empty($_POST)) {
|
||||
$loginname = Validate::validate($_POST['loginname'], 'loginname');
|
||||
$email = Validate::validateEmail($_POST['loginemail']);
|
||||
$loginname = Validate::validate(Request::post('loginname'), 'loginname');
|
||||
$email = Validate::validateEmail(Request::post('loginemail'));
|
||||
$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
|
||||
WHERE `loginname`= :loginname
|
||||
AND `email`= :email");
|
||||
@ -700,8 +700,8 @@ if ($action == 'resetpwd') {
|
||||
|
||||
if ($result !== false) {
|
||||
try {
|
||||
$new_password = Crypt::validatePassword($_POST['new_password'], true);
|
||||
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], true);
|
||||
$new_password = Crypt::validatePassword(Request::post('new_password'), true);
|
||||
$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), true);
|
||||
} catch (Exception $e) {
|
||||
$message = $e->getMessage();
|
||||
}
|
||||
|
@ -247,3 +247,8 @@ if (Froxlor::isFroxlorVersion('2.1.7')) {
|
||||
Update::showUpdateStep("Updating from 2.1.7 to 2.1.8", false);
|
||||
Froxlor::updateToVersion('2.1.8');
|
||||
}
|
||||
|
||||
if (Froxlor::isFroxlorVersion('2.1.8')) {
|
||||
Update::showUpdateStep("Updating from 2.1.8 to 2.1.9", false);
|
||||
Froxlor::updateToVersion('2.1.9');
|
||||
}
|
||||
|
@ -35,7 +35,7 @@ if (!defined('_CRON_UPDATE')) {
|
||||
}
|
||||
}
|
||||
|
||||
if (Froxlor::isFroxlorVersion('2.1.8')) {
|
||||
if (Froxlor::isFroxlorVersion('2.1.9')) {
|
||||
Update::showUpdateStep("Enhancing virtual email table");
|
||||
Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0;");
|
||||
Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0;");
|
||||
|
@ -115,7 +115,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
|
||||
|
||||
// validation
|
||||
$errors = [];
|
||||
if (empty($record)) {
|
||||
if (empty(trim($record))) {
|
||||
$record = "@";
|
||||
}
|
||||
|
||||
|
@ -58,6 +58,7 @@ final class UpdateCommand extends CliCommand
|
||||
if ($input->getOption('database')) {
|
||||
$result = $this->validateRequirements($output, true);
|
||||
if ($result == self::SUCCESS) {
|
||||
require Froxlor::getInstallDir() . '/lib/functions.php';
|
||||
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
|
||||
$output->writeln('<info>' . lng('updates.dbupdate_required') . '</>');
|
||||
if ($input->getOption('check-only')) {
|
||||
|
@ -211,7 +211,7 @@ class ReportsCron extends FroxlorCron
|
||||
$_mailerror = false;
|
||||
$mailerr_msg = "";
|
||||
try {
|
||||
$mail->SetFrom($row['email'], $row['name']);
|
||||
$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
|
||||
$mail->Subject = $mail_subject;
|
||||
$mail->AltBody = $mail_body;
|
||||
$mail->MsgHTML(nl2br($mail_body));
|
||||
@ -297,7 +297,7 @@ class ReportsCron extends FroxlorCron
|
||||
$_mailerror = false;
|
||||
$mailerr_msg = "";
|
||||
try {
|
||||
$mail->SetFrom($row['email'], $row['name']);
|
||||
$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
|
||||
$mail->Subject = $mail_subject;
|
||||
$mail->Body = $mail_body;
|
||||
$mail->MsgHTML(nl2br($mail_body));
|
||||
@ -472,7 +472,7 @@ class ReportsCron extends FroxlorCron
|
||||
$_mailerror = false;
|
||||
$mailerr_msg = "";
|
||||
try {
|
||||
$mail->SetFrom($row['email'], $row['name']);
|
||||
$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
|
||||
$mail->Subject = $mail_subject;
|
||||
$mail->AltBody = $mail_body;
|
||||
$mail->MsgHTML(nl2br($mail_body));
|
||||
|
@ -417,6 +417,9 @@ class PhpHelper
|
||||
'admin_pass',
|
||||
'admin_pass_confirm',
|
||||
'panel_password_special_char',
|
||||
'old_password',
|
||||
'new_password',
|
||||
'new_password_confirm',
|
||||
];
|
||||
if (!empty($global)) {
|
||||
$tmp = $global;
|
||||
|
@ -36,6 +36,7 @@ use Froxlor\PhpHelper;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\System\Cronjob;
|
||||
use Froxlor\System\IPTools;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\Validate\Validate;
|
||||
use PDO;
|
||||
|
||||
@ -465,7 +466,7 @@ class Store
|
||||
}
|
||||
|
||||
// Delete file?
|
||||
if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && $_POST[$fieldname . '_delete']) {
|
||||
if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && Request::post($fieldname . '_delete')) {
|
||||
@unlink(Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
|
||||
$save_to = '';
|
||||
}
|
||||
|
@ -30,14 +30,16 @@ use voku\helper\AntiXSS;
|
||||
|
||||
class Request
|
||||
{
|
||||
private static $cleaned = false;
|
||||
|
||||
/**
|
||||
* Get key from current $_GET or $_POST request.
|
||||
*
|
||||
* @param $key
|
||||
* @param string|null $default
|
||||
* @param mixed|null $default
|
||||
* @return mixed|string|null
|
||||
*/
|
||||
public static function any($key, string $default = null)
|
||||
public static function any($key, $default = null)
|
||||
{
|
||||
self::cleanAll();
|
||||
|
||||
@ -48,10 +50,10 @@ class Request
|
||||
* Get key from current $_GET request.
|
||||
*
|
||||
* @param $key
|
||||
* @param string|null $default
|
||||
* @param mixed|null $default
|
||||
* @return mixed|string|null
|
||||
*/
|
||||
public static function get($key, string $default = null)
|
||||
public static function get($key, $default = null)
|
||||
{
|
||||
self::cleanAll();
|
||||
|
||||
@ -62,22 +64,35 @@ class Request
|
||||
* Get key from current $_POST request.
|
||||
*
|
||||
* @param $key
|
||||
* @param string|null $default
|
||||
* @param mixed|null $default
|
||||
* @return mixed|string|null
|
||||
*/
|
||||
public static function post($key, string $default = null)
|
||||
public static function post($key, $default = null)
|
||||
{
|
||||
self::cleanAll();
|
||||
|
||||
return $_POST[$key] ?? $default;
|
||||
}
|
||||
|
||||
/**
|
||||
* return complete $_POST array
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function postAll()
|
||||
{
|
||||
self::cleanAll();
|
||||
|
||||
return $_POST ?? [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Check for xss attempts and clean important globals and
|
||||
* unsetting every variable registered in $_REQUEST and as variable itself
|
||||
*/
|
||||
public static function cleanAll()
|
||||
{
|
||||
if (!self::$cleaned) {
|
||||
foreach ($_REQUEST as $key => $value) {
|
||||
if (isset($$key)) {
|
||||
unset($$key);
|
||||
@ -93,6 +108,9 @@ class Request
|
||||
PhpHelper::cleanGlobal($_POST, $antiXss);
|
||||
// check $_COOKIE
|
||||
PhpHelper::cleanGlobal($_COOKIE, $antiXss);
|
||||
|
||||
self::$cleaned = true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -28,6 +28,7 @@ namespace Froxlor\Validate;
|
||||
use Froxlor\Database\Database;
|
||||
use Froxlor\FileDir;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\UI\Request;
|
||||
|
||||
class Check
|
||||
{
|
||||
@ -73,7 +74,7 @@ class Check
|
||||
// interface is to be enabled
|
||||
if ((int)$newfieldvalue == 1) {
|
||||
// check for POST value of the other field == 1 (active)
|
||||
if (isset($_POST[$check_array[$fieldname]['other_post_field']]) && (int)$_POST[$check_array[$fieldname]['other_post_field']] == 1) {
|
||||
if ((int)Request::post($check_array[$fieldname]['other_post_field'], 0) == 1) {
|
||||
// the other interface is activated already and STAYS activated
|
||||
if ((int)Settings::Get($check_array[$fieldname]['other_enabled']) == 1) {
|
||||
$returnvalue = [
|
||||
@ -83,8 +84,12 @@ class Check
|
||||
} else {
|
||||
// fcgid is being validated before fpm -> "ask" fpm about its state
|
||||
if ($fieldname == 'system_mod_fcgid_enabled') {
|
||||
$returnvalue = self::checkFcgidPhpFpm('system_phpfpm_enabled', null,
|
||||
$check_array[$fieldname]['other_post_field'], null);
|
||||
$returnvalue = self::checkFcgidPhpFpm(
|
||||
'system_phpfpm_enabled',
|
||||
null,
|
||||
$check_array[$fieldname]['other_post_field'],
|
||||
null
|
||||
);
|
||||
} else {
|
||||
// not, bot are nogo
|
||||
$returnvalue = $returnvalue = [
|
||||
@ -117,8 +122,16 @@ class Check
|
||||
$mysql_access_host_array = array_unique(array_map('trim', explode(',', $newfieldvalue)));
|
||||
|
||||
foreach ($mysql_access_host_array as $host_entry) {
|
||||
if (Validate::validate_ip2($host_entry, true, 'invalidip', true, true, true, true,
|
||||
false) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
|
||||
if (Validate::validate_ip2(
|
||||
$host_entry,
|
||||
true,
|
||||
'invalidip',
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
false
|
||||
) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
|
||||
return [
|
||||
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
|
||||
'invalidmysqlhost',
|
||||
@ -204,8 +217,11 @@ class Check
|
||||
}
|
||||
|
||||
// neither dir can be within the other nor can they be equal
|
||||
if (substr($newdir, 0, strlen($cdir)) == $cdir || substr($cdir, 0,
|
||||
strlen($newdir)) == $newdir || $newdir == $cdir) {
|
||||
if (substr($newdir, 0, strlen($cdir)) == $cdir || substr(
|
||||
$cdir,
|
||||
0,
|
||||
strlen($newdir)
|
||||
) == $newdir || $newdir == $cdir) {
|
||||
$returnvalue = [
|
||||
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
|
||||
'fcgidpathcannotbeincustomerdoc'
|
||||
@ -264,8 +280,11 @@ class Check
|
||||
}
|
||||
|
||||
$returnvalue = [];
|
||||
if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'),
|
||||
Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true) {
|
||||
if (Validate::validateUsername(
|
||||
$newfieldvalue,
|
||||
Settings::Get('panel.unix_names'),
|
||||
Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])
|
||||
) === true) {
|
||||
$returnvalue = [
|
||||
self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
|
||||
];
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<froxlor>
|
||||
<distribution name="Ubuntu" codename="noble"
|
||||
<distribution name="Ubuntu" codename="Noble"
|
||||
version="24.04" defaulteditor="/bin/nano">
|
||||
<!-- OS defaults to be loaded on installation -->
|
||||
<defaults>
|
||||
|
@ -361,7 +361,7 @@ if (CurrentUser::hasSession()) {
|
||||
UI::twig()->addGlobal('csrf_token', $csrf_token);
|
||||
// check if csrf token is valid
|
||||
if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH', 'DELETE'])) {
|
||||
$current_token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
|
||||
$current_token = Request::post('csrf_token', $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null);
|
||||
if ($current_token != CurrentUser::getField('csrf_token')) {
|
||||
http_response_code(403);
|
||||
Response::dynamicError('CSRF validation failed');
|
||||
|
@ -55,7 +55,7 @@ if ($action == 'delete') {
|
||||
'section' => 'domains',
|
||||
'page' => $page
|
||||
]);
|
||||
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
|
||||
} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
|
||||
try {
|
||||
$json_result = Certificates::getLocal($userinfo, [
|
||||
'id' => $id
|
||||
|
@ -33,6 +33,7 @@ use Froxlor\Api\Commands\SubDomains;
|
||||
use Froxlor\Database\Database;
|
||||
use Froxlor\PhpHelper;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
use Froxlor\UI\Request;
|
||||
use Froxlor\UI\Response;
|
||||
|
||||
// This file is being included in admin_domains and customer_domains
|
||||
@ -49,13 +50,13 @@ if ($action == '' || $action == 'view') {
|
||||
}
|
||||
$result_domain = json_decode($json_result, true)['data'];
|
||||
|
||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||
$do_insert = isset($_POST['do_insert']) && ((($_POST['do_insert'] == 1) ? true : false));
|
||||
if (Request::post('send') == 'send') {
|
||||
$do_insert = Request::post('do_insert', 0) == 1;
|
||||
try {
|
||||
if ($do_insert) {
|
||||
Certificates::getLocal($userinfo, $_POST)->add();
|
||||
Certificates::getLocal($userinfo, Request::postAll())->add();
|
||||
} else {
|
||||
Certificates::getLocal($userinfo, $_POST)->update();
|
||||
Certificates::getLocal($userinfo, Request::postAll())->update();
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
Response::dynamicError($e->getMessage());
|
||||
|
Loading…
Reference in New Issue
Block a user