clones/Froxlor
1
0
Fork 0
mirror of https://github.com/Froxlor/Froxlor.git synced 2024-09-21 02:17:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

use Request-wrapper-class for every access to $_POST superglobal

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann 2024-05-09 15:48:23 +02:00
parent 914204b483
commit fce310049a
No known key found for this signature in database
GPG Key ID: C121F97338D7A352
42 changed files with 303 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
2fa.php
View File

@ -33,6 +33,7 @@ use Froxlor\FroxlorLogger;
use Froxlor\FroxlorTwoFactorAuth;
use Froxlor\Settings;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\PhpHelper;
use Froxlor\User;
@ -63,7 +64,7 @@ if ($action == 'delete') {
]);
Response::standardSuccess('2fa.2fa_removed');
} elseif ($action == 'preadd') {
$type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
$type = Request::post('type_2fa', '0');
$data = "";
if ($type > 0) {
@ -107,9 +108,9 @@ if ($action == 'delete') {
Response::dynamicError('Select one of the possible values for 2FA');
}
} elseif ($action == 'add') {
$type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
$data = isset($_POST['data_2fa']) ? $_POST['data_2fa'] : '';
$code = isset($_POST['codevalidation']) ? $_POST['codevalidation'] : '';
$type = Request::post('type_2fa', '0');
$data = Request::post('data_2fa', '');
$code = Request::post('codevalidation', '');
// validate
$result = $tfa->verifyCode($data, $code, 3);

10
admin_admins.php
View File

@ -106,7 +106,7 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
Response::standardError('youcantdeleteyourself');
}
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
Admins::getLocal($userinfo, [
'id' => $id
])->delete();
@ -122,9 +122,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
}
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Admins::getLocal($userinfo, $_POST)->add();
Admins::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -159,9 +159,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
$result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Admins::getLocal($userinfo, $_POST)->update();
Admins::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

3
admin_apcuinfo.php
View File

@ -33,6 +33,7 @@
use Froxlor\FroxlorLogger;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\UI\HTML;
@ -42,7 +43,7 @@ require __DIR__ . '/lib/init.php';
$horizontal_bar_size = 950; // 1280px window width
if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {
if ($_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
apcu_clear_cache();
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
header('Location: ' . $linker->getLink([

11
admin_autoupdate.php
View File

@ -32,6 +32,7 @@ use Froxlor\FileDir;
use Froxlor\Install\AutoUpdate;
use Froxlor\Settings;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
if ($page != 'error') {
@ -110,7 +111,7 @@ if ($page == 'overview') {
} // download the new archive
elseif ($page == 'getdownload') {
// retrieve the new version from the form
$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
$newversion = Request::post('newversion');
$result = 6;
// valid?
@ -130,8 +131,8 @@ elseif ($page == 'getdownload') {
]);
} // extract and install new version
elseif ($page == 'extract') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$toExtract = isset($_POST['archive']) ? $_POST['archive'] : null;
if (Request::post('send') == 'send') {
$toExtract = Request::post('archive');
$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . Froxlor::getInstallDir());
$result = AutoUpdate::extractZip($localArchive);
@ -145,7 +146,7 @@ elseif ($page == 'extract') {
// redirect to update-page
Response::redirectTo('admin_updates.php');
} else {
$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
$toExtract = Request::get('archive');
$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
}
@ -192,7 +193,7 @@ elseif ($page == 'extract') {
} // display error
elseif ($page == 'error') {
// retrieve error-number via url-parameter
$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
$errno = Request::get('errno', 0);
// 2 = no Zlib
// 3 = custom version detected

6
admin_configfiles.php
View File

@ -93,14 +93,14 @@ if ($userinfo['change_serversettings'] == '1') {
asort($distributions_select);
}
if ($distribution != "" && isset($_POST['finish'])) {
if ($distribution != "" && !empty(Request::post('finish'))) {
$valid_keys = ['http', 'dns', 'smtp', 'mail', 'antispam', 'ftp', 'system', 'distro'];
unset($_POST['finish']);
unset($_POST['csrf_token']);
$params = $_POST;
$params = Request::postAll();
$params['distro'] = $distribution;
$params['system'] = [];
foreach ($_POST['system'] as $sysdaemon) {
foreach (Request::post('system', []) as $sysdaemon) {
$params['system'][] = $sysdaemon;
}
// validate params

4
admin_cronjobs.php
View File

@ -68,9 +68,9 @@ if (($page == 'cronjobs' || $page == 'overview') && $userinfo['change_serversett
}
$result = json_decode($json_result, true)['data'];
if ($result['cronfile'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Cronjobs::getLocal($userinfo, $_POST)->update();
Cronjobs::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

14
admin_customers.php
View File

@ -119,7 +119,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
}
$result = json_decode($json_result, true)['data'];
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
$json_result = Customers::getLocal($userinfo, [
'id' => $id
@ -147,11 +147,11 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
}
$result = json_decode($json_result, true)['data'];
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
$json_result = Customers::getLocal($userinfo, [
'id' => $id,
'delete_userfiles' => (isset($_POST['delete_userfiles']) ? (int)$_POST['delete_userfiles'] : 0)
'delete_userfiles' => Request::post('delete_userfiles', 0)
])->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
@ -167,9 +167,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
], $result['loginname']);
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Customers::getLocal($userinfo, $_POST)->add();
Customers::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -243,9 +243,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
$result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Customers::getLocal($userinfo, $_POST)->update();
Customers::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

30
admin_domains.php
View File

@ -100,9 +100,9 @@ if ($page == 'domains' || $page == 'overview') {
]);
if ($result['domain'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send' && $alias_check['count'] == 0) {
if (Request::post('send') == 'send' && $alias_check['count'] == 0) {
try {
Domains::getLocal($userinfo, $_POST)->delete();
Domains::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -121,9 +121,9 @@ if ($page == 'domains' || $page == 'overview') {
}
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Domains::getLocal($userinfo, $_POST)->add();
Domains::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -355,13 +355,13 @@ if ($page == 'domains' || $page == 'overview') {
$usedips[] = $ipsresultrow['id_ipandports'];
}
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
// remove ssl ip/ports if set is empty
if (!isset($_POST['ssl_ipandport']) || empty($_POST['ssl_ipandport'])) {
if (empty(Request::post('ssl_ipandport'))) {
$_POST['remove_ssl_ipandport'] = true;
}
Domains::getLocal($userinfo, $_POST)->update();
Domains::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -572,13 +572,13 @@ if ($page == 'domains' || $page == 'overview') {
}
}
} elseif ($action == 'jqGetCustomerPHPConfigs') {
$customerid = intval($_POST['customerid']);
$customerid = intval(Request::post('customerid'));
$allowed_phpconfigs = Customer::getCustomerDetail($customerid, 'allowed_phpconfigs');
echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode([]);
exit();
} elseif ($action == 'jqSpeciallogfileNote') {
$domainid = intval($_POST['id']);
$newval = intval($_POST['newval']);
$domainid = intval(Request::post('id'));
$newval = intval(Request::post('newval'));
try {
$json_result = Domains::getLocal($userinfo, [
'id' => $domainid
@ -594,9 +594,9 @@ if ($page == 'domains' || $page == 'overview') {
echo 0;
exit();
} elseif ($action == 'import') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$separator = Validate::validate($_POST['separator'], 'separator');
$offset = (int)Validate::validate($_POST['offset'], 'offset', "/[0-9]/i");
if (Request::post('send') == 'send') {
$separator = Validate::validate(Request::post('separator'), 'separator');
$offset = (int)Validate::validate(Request::post('offset'), 'offset', "/[0-9]/i");
$file_name = $_FILES['file']['tmp_name'];
@ -636,9 +636,9 @@ if ($page == 'domains' || $page == 'overview') {
]);
}
} elseif ($action == 'duplicate') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Domains::getLocal($userinfo, $_POST)->duplicate();
Domains::getLocal($userinfo, Request::postAll())->duplicate();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

16
admin_index.php
View File

@ -201,16 +201,16 @@ if ($page == 'overview') {
$languages = Language::getLanguages();
if (!empty($_POST)) {
if ($_POST['send'] == 'changepassword') {
$old_password = Validate::validate($_POST['old_password'], 'old password');
if (Request::post('send') == 'changepassword') {
$old_password = Validate::validate(Request::post('old_password'), 'old password');
if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
Response::standardError('oldpasswordnotcorrect');
}
try {
$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -244,9 +244,9 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
Response::redirectTo($filename);
}
} elseif ($_POST['send'] == 'changetheme') {
} elseif (Request::post('send') == 'changetheme') {
if (Settings::Get('panel.allow_theme_change_admin') == 1) {
$theme = Validate::validate($_POST['theme'], 'theme');
$theme = Validate::validate(Request::post('theme'), 'theme');
try {
Admins::getLocal($userinfo, [
'id' => $userinfo['adminid'],
@ -259,8 +259,8 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
}
Response::redirectTo($filename);
} elseif ($_POST['send'] == 'changelanguage') {
$def_language = Validate::validate($_POST['def_language'], 'default language');
} elseif (Request::post('send') == 'changelanguage') {
$def_language = Validate::validate(Request::post('def_language'), 'default language');
if (isset($languages[$def_language])) {
try {

12
admin_ipsandports.php
View File

@ -70,7 +70,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if (isset($result['id']) && $result['id'] == $id) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
IpsAndPorts::getLocal($userinfo, [
'id' => $id
@ -91,9 +91,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
}
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
IpsAndPorts::getLocal($userinfo, $_POST)->add();
IpsAndPorts::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -119,9 +119,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if ($result['ip'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
IpsAndPorts::getLocal($userinfo, $_POST)->update();
IpsAndPorts::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -141,7 +141,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
}
}
} elseif ($action == 'jqCheckIP') {
$ip = $_POST['ip'] ?? "";
$ip = Request::post('ip', '');
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
echo json_encode('<div id="ipnote" class="invalid-feedback">'.lng('error.invalidip', [$ip]).'</div>');
} elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {

3
admin_logger.php
View File

@ -31,6 +31,7 @@ use Froxlor\UI\Collection;
use Froxlor\UI\HTML;
use Froxlor\UI\Listing;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
@ -55,7 +56,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
]
]);
} elseif ($action == 'truncate') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
SysLog::getLocal($userinfo, [
'min_to_keep' => 10

10
admin_message.php
View File

@ -42,11 +42,11 @@ if ($page == 'message') {
if ($action == '') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if ($_POST['recipient'] == 0 && $userinfo['customers_see_all'] == '1') {
if (Request::post('send') == 'send') {
if (Request::post('recipient', -1) == 0 && $userinfo['customers_see_all'] == '1') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
$result = Database::query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`");
} elseif ($_POST['recipient'] == 1) {
} elseif (Request::post('recipient', -1) == 1) {
if ($userinfo['customers_see_all'] == '1') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
$result = Database::query('SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`");
@ -63,8 +63,8 @@ if ($page == 'message') {
Response::standardError('norecipientsgiven');
}
$subject = $_POST['subject'];
$message = wordwrap($_POST['message'], 70);
$subject = Request::post('subject');
$message = wordwrap(Request::post('message'), 70);
if (!empty($message)) {
$mailcounter = 0;

10
admin_mysqlserver.php
View File

@ -70,7 +70,7 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if (isset($result['id']) && $result['id'] == $id) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
MysqlServer::getLocal($userinfo, [
'id' => $id
@ -91,9 +91,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
}
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
MysqlServer::getLocal($userinfo, $_POST)->add();
MysqlServer::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -119,9 +119,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if (isset($result['id']) && $result['id'] == $id) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
MysqlServer::getLocal($userinfo, $_POST)->update();
MysqlServer::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

2
admin_opcacheinfo.php
View File

@ -38,7 +38,7 @@ use Froxlor\UI\Panel\UI;
use Froxlor\UI\Response;
if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
if ($_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
opcache_reset();
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
header('Location: ' . $linker->getLink([

22
admin_phpsettings.php
View File

@ -62,9 +62,9 @@ if ($page == 'overview') {
if ($action == 'add') {
if ((int)$userinfo['change_serversettings'] == 1) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
PhpSettings::getLocal($userinfo, $_POST)->add();
PhpSettings::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -114,7 +114,7 @@ if ($page == 'overview') {
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
{
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
PhpSettings::getLocal($userinfo, [
'id' => $id
@ -148,9 +148,9 @@ if ($page == 'overview') {
$result = json_decode($json_result, true)['data'];
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
PhpSettings::getLocal($userinfo, $_POST)->update();
PhpSettings::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -200,9 +200,9 @@ if ($page == 'overview') {
if ($action == 'add') {
if ((int)$userinfo['change_serversettings'] == 1) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
FpmDaemons::getLocal($userinfo, $_POST)->add();
FpmDaemons::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -239,9 +239,9 @@ if ($page == 'overview') {
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
{
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
FpmDaemons::getLocal($userinfo, $_POST)->delete();
FpmDaemons::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -271,9 +271,9 @@ if ($page == 'overview') {
$result = json_decode($json_result, true)['data'];
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
FpmDaemons::getLocal($userinfo, $_POST)->update();
FpmDaemons::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

10
admin_plans.php
View File

@ -73,7 +73,7 @@ if ($page == '' || $page == 'overview') {
$result = json_decode($json_result, true)['data'];
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['adminid'] == $result['adminid']) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
HostingPlans::getLocal($userinfo, [
'id' => $id
@ -96,9 +96,9 @@ if ($page == '' || $page == 'overview') {
Response::standardError('nopermissionsorinvalidid');
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
HostingPlans::getLocal($userinfo, $_POST)->add();
HostingPlans::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -176,9 +176,9 @@ if ($page == '' || $page == 'overview') {
}
$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
HostingPlans::getLocal($userinfo, $_POST)->update();
HostingPlans::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

28
admin_settings.php
View File

@ -47,10 +47,10 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');
Settings::loadSettingsInto($settings_data);
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$_part = isset($_GET['part']) ? $_GET['part'] : '';
if ($_part == '') {
$_part = isset($_POST['part']) ? $_POST['part'] : '';
$_part = Request::post('part', '');
}
if ($_part != '') {
@ -69,12 +69,12 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
}
// check if the session timeout is too low #815
if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] < 60) {
if (Request::post('session_sessiontimeout', 0) < 60) {
Response::standardError(['session_timeout', 'session_timeout_desc']);
}
try {
if (Form::processForm($settings_data, $_POST, [
if (Form::processForm($settings_data, Request::postAll(), [
'filename' => $filename,
'action' => $action,
'page' => $page,
@ -99,7 +99,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
} else {
$_part = isset($_GET['part']) ? $_GET['part'] : '';
if ($_part == '') {
$_part = isset($_POST['part']) ? $_POST['part'] : '';
$_part = Request::post('part', '');
}
$fields = Form::buildForm($settings_data, $_part);
@ -140,7 +140,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
'phpinfo' => $phpinfo
]);
} elseif ($page == 'rebuildconfigs' && $userinfo['change_serversettings'] == '1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "rebuild configfiles");
Cronjob::inserttask(TaskId::REBUILD_VHOST);
Cronjob::inserttask(TaskId::CREATE_QUOTA);
@ -158,7 +158,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'updatecounters' && $userinfo['change_serversettings'] == '1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "updated resource-counters");
$updatecounters = User::updateCounters(true);
UI::view('user/resource-counter.html.twig', [
@ -170,7 +170,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'wipecleartextmailpws' && $userinfo['change_serversettings'] == '1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
@ -181,7 +181,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'wipequotas' && $userinfo['change_serversettings'] == '1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all mailquotas");
// Set the quota to 0 which means unlimited
@ -194,7 +194,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'enforcequotas' && $userinfo['change_serversettings'] == '1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
// Fetch all accounts
$result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`");
@ -233,7 +233,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
}
} elseif ($page == 'integritycheck' && $userinfo['change_serversettings'] == '1') {
$integrity = new IntegrityCheck();
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$integrity->fixAll();
} elseif (isset($_GET['action']) && $_GET['action'] == "fix") {
HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
@ -287,7 +287,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
exit();
} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
// import
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
// get uploaded file
if (isset($_FILES["import_file"]["tmp_name"])) {
$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
@ -330,8 +330,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$note_type = 'info';
$note_msg = lng('admin.smtptestnote');
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
if (Request::post('send') == 'send') {
$test_addr = Request::post('test_addr');
// Initialize the mailingsystem
$testmail = new PHPMailer(true);

36
admin_templates.php
View File

@ -192,7 +192,7 @@ if ($action == '') {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['varname'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid
@ -228,7 +228,7 @@ if ($action == '') {
if (Database::num_rows() > 0) {
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id");
@ -251,13 +251,13 @@ if ($action == '') {
Response::standardError('templatenotfound');
}
} elseif ($action == 'add') {
if (isset($_POST['prepare']) && $_POST['prepare'] == 'prepare') {
if (Request::post('prepare') == 'prepare') {
// email templates
$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
if (!array_key_exists($language, $languages)) {
Response::standardError('templatelanguageinvalid');
}
$template = Validate::validate($_POST['template'], 'template');
$template = Validate::validate(Request::post('template'), 'template');
$result_stmt = Database::prepare("
SELECT COUNT(*) as def FROM `" . TABLE_PANEL_TEMPLATES . "`
@ -289,15 +289,15 @@ if ($action == '') {
'formdata' => $template_add_data['template_add'],
'replacers' => $template_add_data['template_replacers']
]);
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && !isset($_POST['filesend'])) {
} elseif (Request::post('send') == 'send' && empty(Request::post('filesend'))) {
// email templates
$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
if (!array_key_exists($language, $languages)) {
Response::standardError('templatelanguageinvalid');
}
$template = Validate::validate($_POST['template'], 'template');
$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$template = Validate::validate(Request::post('template'), 'template');
$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$templates = [];
$result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
@ -347,10 +347,10 @@ if ($action == '') {
'page' => $page
]);
}
} elseif (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
} elseif (Request::post('filesend') == 'filesend') {
// file templates
$template = Validate::validate($_POST['template'], 'template');
$filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$template = Validate::validate(Request::post('template'), 'template');
$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
@ -483,9 +483,9 @@ if ($action == '') {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['varname'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
if (Request::post('send') == 'send') {
$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
@ -551,8 +551,8 @@ if ($action == '') {
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
// filetemplates
if (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
$filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
if (Request::post('filesend') == 'filesend') {
$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
`value` = :value

5
admin_updates.php
View File

@ -34,6 +34,7 @@ use Froxlor\Install\Update;
use Froxlor\Settings;
use Froxlor\System\Cronjob;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\User;
@ -48,8 +49,8 @@ if ($page == 'overview') {
$successful_update = false;
$message = '';
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if ((isset($_POST['update_preconfig']) && isset($_POST['update_changesagreed']) && intval($_POST['update_changesagreed']) != 0) || !isset($_POST['update_preconfig'])) {
if (Request::post('send') == 'send') {
if ((!empty(Request::post('update_preconfig')) && intval(Request::post('update_changesagreed', 0)) != 0) || empty(Request::post('update_preconfig'))) {
include_once Froxlor::getInstallDir() . 'install/updatesql.php';
User::updateCounters();

4
api_keys.php
View File

@ -61,7 +61,7 @@ if ($action == 'delete' && $id > 0) {
'section' => 'index',
'page' => $page
]);
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
if (AREA == 'customer') {
$chk_stmt = Database::prepare("
@ -94,7 +94,7 @@ if ($action == 'delete' && $id > 0) {
]);
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_API_KEYS . "` SET
`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''

16
customer_domains.php
View File

@ -106,9 +106,9 @@ if ($page == 'overview' || $page == 'domains') {
]);
if (isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
SubDomains::getLocal($userinfo, $_POST)->delete();
SubDomains::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -127,9 +127,9 @@ if ($page == 'overview' || $page == 'domains') {
}
} elseif ($action == 'add') {
if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
SubDomains::getLocal($userinfo, $_POST)->add();
SubDomains::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -248,9 +248,9 @@ if ($page == 'overview' || $page == 'domains') {
Response::standardError('domaincannotbeedited', $result['domain']);
}
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
SubDomains::getLocal($userinfo, $_POST)->update();
SubDomains::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -395,8 +395,8 @@ if ($page == 'overview' || $page == 'domains') {
Response::standardError('domains_canteditdomain');
}
} elseif ($action == 'jqSpeciallogfileNote') {
$domainid = intval($_POST['id']);
$newval = intval($_POST['newval']);
$domainid = intval(Request::post('id'));
$newval = intval(Request::post('newval'));
try {
$json_result = SubDomains::getLocal($userinfo, [
'id' => $domainid

48
customer_email.php
View File

@ -30,6 +30,7 @@ use Froxlor\Api\Commands\EmailAccounts;
use Froxlor\Api\Commands\EmailDomains;
use Froxlor\Api\Commands\EmailForwarders;
use Froxlor\Api\Commands\Emails;
use Froxlor\Cron\Mail\Rspamd;
use Froxlor\CurrentUser;
use Froxlor\Database\Database;
use Froxlor\FroxlorLogger;
@ -160,11 +161,11 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['email']) && $result['email'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Emails::getLocal($userinfo, [
'id' => $id,
'delete_userfiles' => ($_POST['delete_userfiles'] ?? 0)
'delete_userfiles' => Request::post('delete_userfiles', 0)
])->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
@ -187,9 +188,9 @@ if ($page == 'email_domain') {
}
} elseif ($action == 'add') {
if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
$json_result = Emails::getLocal($userinfo, $_POST)->add();
$json_result = Emails::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -244,12 +245,12 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['email']) && $result['email'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Emails::getLocal($userinfo, [
'id' => $id,
'spam_tag_level' => $_POST['spam_tag_level'] ?? \Froxlor\Cron\Mail\Rspamd::DEFAULT_MARK_LVL,
'spam_kill_level' => $_POST['spam_kill_level'] ?? \Froxlor\Cron\Mail\Rspamd::DEFAULT_REJECT_LVL
'spam_tag_level' => Request::post('spam_tag_level', Rspamd::DEFAULT_MARK_LVL),
'spam_kill_level' => Request::post('spam_kill_level', Rspamd::DEFAULT_REJECT_LVL)
])->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
@ -386,9 +387,9 @@ if ($page == 'email_domain') {
}
$result = json_decode($json_result, true)['data'];
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
EmailAccounts::getLocal($userinfo, $_POST)->add();
EmailAccounts::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -457,9 +458,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
EmailAccounts::getLocal($userinfo, $_POST)->update();
EmailAccounts::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -516,9 +517,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
EmailAccounts::getLocal($userinfo, $_POST)->update();
EmailAccounts::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -575,9 +576,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
EmailAccounts::getLocal($userinfo, $_POST)->delete();
EmailAccounts::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -611,9 +612,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['email']) && $result['email'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
EmailForwarders::getLocal($userinfo, $_POST)->add();
EmailForwarders::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -673,22 +674,15 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['destination']) && $result['destination'] != '') {
if (isset($_POST['forwarderid'])) {
$forwarderid = intval($_POST['forwarderid']);
} elseif (isset($_GET['forwarderid'])) {
$forwarderid = intval($_GET['forwarderid']);
} else {
$forwarderid = 0;
}
$forwarderid = Request::any('forwarderid', 0);
$result['destination'] = explode(' ', $result['destination']);
if (isset($result['destination'][$forwarderid]) && $result['email'] != $result['destination'][$forwarderid]) {
$forwarder = $result['destination'][$forwarderid];
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
EmailForwarders::getLocal($userinfo, $_POST)->delete();
EmailForwarders::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

32
customer_extras.php
View File

@ -97,9 +97,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DirProtections::getLocal($userinfo, $_POST)->delete();
DirProtections::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -119,9 +119,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
}
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DirProtections::getLocal($userinfo, $_POST)->add();
DirProtections::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -149,9 +149,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DirProtections::getLocal($userinfo, $_POST)->update();
DirProtections::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -222,9 +222,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DirOptions::getLocal($userinfo, $_POST)->delete();
DirOptions::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -240,9 +240,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
}
}
} elseif ($action == 'add') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DirOptions::getLocal($userinfo, $_POST)->add();
DirOptions::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -271,9 +271,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DirOptions::getLocal($userinfo, $_POST)->update();
DirOptions::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -306,10 +306,10 @@ if ($page == 'overview' || $page == 'htpasswds') {
if (Settings::Get('system.exportenabled') == 1) {
if ($action == 'abort') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "customer_extras::export - aborted scheduled data export job");
try {
DataDump::getLocal($userinfo, $_POST)->delete();
DataDump::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -336,9 +336,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
Response::dynamicError($e->getMessage());
}
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
DataDump::getLocal($userinfo, $_POST)->add();
DataDump::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

12
customer_ftp.php
View File

@ -87,9 +87,9 @@ if ($page == 'overview' || $page == 'accounts') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Ftps::getLocal($userinfo, $_POST)->delete();
Ftps::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -108,9 +108,9 @@ if ($page == 'overview' || $page == 'accounts') {
}
} elseif ($action == 'add') {
if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Ftps::getLocal($userinfo, $_POST)->add();
Ftps::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -164,9 +164,9 @@ if ($page == 'overview' || $page == 'accounts') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Ftps::getLocal($userinfo, $_POST)->update();
Ftps::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}

23
customer_index.php
View File

@ -38,6 +38,7 @@ use Froxlor\Settings;
use Froxlor\System\Cronjob;
use Froxlor\System\Crypt;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\Validate\Validate;
@ -141,16 +142,16 @@ if ($page == 'overview') {
$languages = Language::getLanguages();
if (!empty($_POST)) {
if ($_POST['send'] == 'changepassword') {
$old_password = Validate::validate($_POST['old_password'], 'old password');
if (Request::post('send') == 'changepassword') {
$old_password = Validate::validate(Request::post('old_password'), 'old password');
if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
Response::standardError('oldpasswordnotcorrect');
}
try {
$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -185,7 +186,7 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');
// Update ftp password
if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
if (Request::post('change_main_ftp') == 'true') {
$cryptPassword = Crypt::makeCryptPassword($new_password);
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
SET `password` = :password
@ -201,7 +202,7 @@ if ($page == 'overview') {
}
// Update statistics password
if (isset($_POST['change_stats']) && $_POST['change_stats'] == 'true') {
if (Request::post('change_stats') == 'true') {
$new_stats_password = Crypt::makeCryptPassword($new_password, true);
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
@ -218,7 +219,7 @@ if ($page == 'overview') {
}
// Update global myqsl user password
if ($userinfo['mysqls'] != 0 && isset($_POST['change_global_mysql']) && $_POST['change_global_mysql'] == 'true') {
if ($userinfo['mysqls'] != 0 && Request::post('change_global_mysql') == 'true') {
$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);
foreach ($allowed_mysqlservers as $dbserver) {
// require privileged access for target db-server
@ -235,9 +236,9 @@ if ($page == 'overview') {
Response::redirectTo($filename);
}
} elseif ($_POST['send'] == 'changetheme') {
} elseif (Request::post('send') == 'changetheme') {
if (Settings::Get('panel.allow_theme_change_customer') == 1) {
$theme = Validate::validate($_POST['theme'], 'theme');
$theme = Validate::validate(Request::post('theme'), 'theme');
try {
Customers::getLocal($userinfo, [
'id' => $userinfo['customerid'],
@ -250,8 +251,8 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
}
Response::redirectTo($filename);
} elseif ($_POST['send'] == 'changelanguage') {
$def_language = Validate::validate($_POST['def_language'], 'default language');
} elseif (Request::post('send') == 'changelanguage') {
$def_language = Validate::validate(Request::post('def_language'), 'default language');
if (isset($languages[$def_language])) {
try {
Customers::getLocal($userinfo, [

16
customer_mysql.php
View File

@ -123,9 +123,9 @@ if ($page == 'overview' || $page == 'mysqls') {
$result['dbserver'] = 0;
}
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Mysqls::getLocal($userinfo, $_POST)->delete();
Mysqls::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -146,9 +146,9 @@ if ($page == 'overview' || $page == 'mysqls') {
}
} elseif ($action == 'add') {
if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
Mysqls::getLocal($userinfo, $_POST)->add();
Mysqls::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -186,9 +186,9 @@ if ($page == 'overview' || $page == 'mysqls') {
$result = json_decode($json_result, true)['data'];
if (isset($result['databasename']) && $result['databasename'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
try {
$json_result = Mysqls::getLocal($userinfo, $_POST)->update();
$json_result = Mysqls::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@ -223,9 +223,9 @@ if ($page == 'overview' || $page == 'mysqls') {
Response::dynamicError('No permission');
}
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
$new_password = Crypt::validatePassword($_POST['mysql_password']);
$new_password = Crypt::validatePassword(Request::post('mysql_password'));
foreach ($allowed_mysqlservers as $dbserver) {
// require privileged access for target db-server
Database::needRoot(true, $dbserver, false);

17
dns_editor.php
View File

@ -30,6 +30,7 @@ if (!defined('AREA')) {
use Froxlor\Api\Commands\DomainZones;
use Froxlor\Dns\Dns;
use Froxlor\Settings;
use Froxlor\UI\Collection;
use Froxlor\UI\HTML;
use Froxlor\UI\Listing;
@ -42,11 +43,11 @@ use Froxlor\UI\Response;
$domain_id = (int)Request::any('domain_id');
$record = isset($_POST['dns_record']) ? trim($_POST['dns_record']) : null;
$type = isset($_POST['dns_type']) ? $_POST['dns_type'] : 'A';
$prio = isset($_POST['dns_mxp']) ? (int)$_POST['dns_mxp'] : null;
$content = isset($_POST['dns_content']) ? trim($_POST['dns_content']) : null;
$ttl = isset($_POST['dns_ttl']) ? (int)$_POST['dns_ttl'] : 18000;
$record = Request::post('dns_record', null);
$type = Request::post('dns_type', 'A');
$prio = Request::post('dns_mxp');
$content = Request::post('dns_content');
$ttl = (int)Request::post('dns_ttl', Settings::get('system.defaultttl'));
// get domain-name
$domain = Dns::getAllowedDomainEntry($domain_id, AREA, $userinfo);
@ -82,9 +83,9 @@ if ($action == 'add_record' && !empty($_POST)) {
'page' => $page,
'domain_id' => $domain_id
]);
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && !empty($_POST)) {
$entry_id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
$domain_id = isset($_POST['domain_id']) ? (int)$_POST['domain_id'] : 0;
} elseif (Request::post('send') == 'send' && $action == 'deletesure' && !empty($_POST)) {
$entry_id = (int)Request::post('id', 0);
$domain_id = (int)Request::post('domain_id', 0);
// remove entry
if ($entry_id > 0 && $domain_id > 0) {
try {

2
error_report.php
View File

@ -77,7 +77,7 @@ if (!empty($errid)) {
$mail_html = nl2br($mail_body);
// send actual report to dev-team
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (Request::post('send') == 'send') {
// send mail and say thanks
$_mailerror = false;
try {

14
index.php
View File

@ -71,7 +71,7 @@ if ($action == '2fa_entercode') {
Response::redirectTo('index.php');
exit();
}
$code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
$code = Request::post('2fa_code');
// verify entered code
$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
// get user-data
@ -162,8 +162,8 @@ if ($action == '2fa_entercode') {
exit();
} elseif ($action == 'login') {
if (!empty($_POST)) {
$loginname = Validate::validate($_POST['loginname'], 'loginname');
$password = Validate::validate($_POST['password'], 'password');
$loginname = Validate::validate(Request::post('loginname'), 'loginname');
$password = Validate::validate(Request::post('password'), 'password');
$select_additional = '';
if (Settings::Get('panel.db_version') >= 202312230) {
@ -485,8 +485,8 @@ if ($action == 'forgotpwd') {
$message = '';
if (!empty($_POST)) {
$loginname = Validate::validate($_POST['loginname'], 'loginname');
$email = Validate::validateEmail($_POST['loginemail']);
$loginname = Validate::validate(Request::post('loginname'), 'loginname');
$email = Validate::validateEmail(Request::post('loginemail'));
$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `loginname`= :loginname
AND `email`= :email");
@ -700,8 +700,8 @@ if ($action == 'resetpwd') {
if ($result !== false) {
try {
$new_password = Crypt::validatePassword($_POST['new_password'], true);
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], true);
$new_password = Crypt::validatePassword(Request::post('new_password'), true);
$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), true);
} catch (Exception $e) {
$message = $e->getMessage();
}

5
install/updates/froxlor/update_2.1.inc.php
View File

@ -247,3 +247,8 @@ if (Froxlor::isFroxlorVersion('2.1.7')) {
Update::showUpdateStep("Updating from 2.1.7 to 2.1.8", false);
Froxlor::updateToVersion('2.1.8');
}
if (Froxlor::isFroxlorVersion('2.1.8')) {
Update::showUpdateStep("Updating from 2.1.8 to 2.1.9", false);
Froxlor::updateToVersion('2.1.9');
}

2
install/updates/froxlor/update_2.2.inc.php
View File

@ -35,7 +35,7 @@ if (!defined('_CRON_UPDATE')) {
}
}
if (Froxlor::isFroxlorVersion('2.1.8')) {
if (Froxlor::isFroxlorVersion('2.1.9')) {
Update::showUpdateStep("Enhancing virtual email table");
Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0;");
Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0;");

2
lib/Froxlor/Api/Commands/DomainZones.php
View File

@ -115,7 +115,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
// validation
$errors = [];
if (empty($record)) {
if (empty(trim($record))) {
$record = "@";
}

1
lib/Froxlor/Cli/UpdateCommand.php
View File

@ -58,6 +58,7 @@ final class UpdateCommand extends CliCommand
if ($input->getOption('database')) {
$result = $this->validateRequirements($output, true);
if ($result == self::SUCCESS) {
require Froxlor::getInstallDir() . '/lib/functions.php';
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
$output->writeln('<info>' . lng('updates.dbupdate_required') . '</>');
if ($input->getOption('check-only')) {

6
lib/Froxlor/Cron/Traffic/ReportsCron.php
View File

@ -211,7 +211,7 @@ class ReportsCron extends FroxlorCron
$_mailerror = false;
$mailerr_msg = "";
try {
$mail->SetFrom($row['email'], $row['name']);
$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
$mail->Subject = $mail_subject;
$mail->AltBody = $mail_body;
$mail->MsgHTML(nl2br($mail_body));
@ -297,7 +297,7 @@ class ReportsCron extends FroxlorCron
$_mailerror = false;
$mailerr_msg = "";
try {
$mail->SetFrom($row['email'], $row['name']);
$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
$mail->Subject = $mail_subject;
$mail->Body = $mail_body;
$mail->MsgHTML(nl2br($mail_body));
@ -472,7 +472,7 @@ class ReportsCron extends FroxlorCron
$_mailerror = false;
$mailerr_msg = "";
try {
$mail->SetFrom($row['email'], $row['name']);
$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
$mail->Subject = $mail_subject;
$mail->AltBody = $mail_body;
$mail->MsgHTML(nl2br($mail_body));

3
lib/Froxlor/PhpHelper.php
View File

@ -417,6 +417,9 @@ class PhpHelper
'admin_pass',
'admin_pass_confirm',
'panel_password_special_char',
'old_password',
'new_password',
'new_password_confirm',
];
if (!empty($global)) {
$tmp = $global;

3
lib/Froxlor/Settings/Store.php
View File

@ -36,6 +36,7 @@ use Froxlor\PhpHelper;
use Froxlor\Settings;
use Froxlor\System\Cronjob;
use Froxlor\System\IPTools;
use Froxlor\UI\Request;
use Froxlor\Validate\Validate;
use PDO;
@ -465,7 +466,7 @@ class Store
}
// Delete file?
if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && $_POST[$fieldname . '_delete']) {
if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && Request::post($fieldname . '_delete')) {
@unlink(Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
$save_to = '';
}

56
lib/Froxlor/UI/Request.php
View File

@ -30,14 +30,16 @@ use voku\helper\AntiXSS;
class Request
{
private static $cleaned = false;
/**
* Get key from current $_GET or $_POST request.
*
* @param $key
* @param string|null $default
* @param mixed|null $default
* @return mixed|string|null
*/
public static function any($key, string $default = null)
public static function any($key, $default = null)
{
self::cleanAll();
@ -48,10 +50,10 @@ class Request
* Get key from current $_GET request.
*
* @param $key
* @param string|null $default
* @param mixed|null $default
* @return mixed|string|null
*/
public static function get($key, string $default = null)
public static function get($key, $default = null)
{
self::cleanAll();
@ -62,37 +64,53 @@ class Request
* Get key from current $_POST request.
*
* @param $key
* @param string|null $default
* @param mixed|null $default
* @return mixed|string|null
*/
public static function post($key, string $default = null)
public static function post($key, $default = null)
{
self::cleanAll();
return $_POST[$key] ?? $default;
}
/**
* return complete $_POST array
*
* @return array
*/
public static function postAll()
{
self::cleanAll();
return $_POST ?? [];
}
/**
* Check for xss attempts and clean important globals and
* unsetting every variable registered in $_REQUEST and as variable itself
*/
public static function cleanAll()
{
foreach ($_REQUEST as $key => $value) {
if (isset($$key)) {
unset($$key);
if (!self::$cleaned) {
foreach ($_REQUEST as $key => $value) {
if (isset($$key)) {
unset($$key);
}
}
unset($value);
$antiXss = new AntiXSS();
// check $_GET
PhpHelper::cleanGlobal($_GET, $antiXss);
// check $_POST
PhpHelper::cleanGlobal($_POST, $antiXss);
// check $_COOKIE
PhpHelper::cleanGlobal($_COOKIE, $antiXss);
self::$cleaned = true;
}
unset($value);
$antiXss = new AntiXSS();
// check $_GET
PhpHelper::cleanGlobal($_GET, $antiXss);
// check $_POST
PhpHelper::cleanGlobal($_POST, $antiXss);
// check $_COOKIE
PhpHelper::cleanGlobal($_COOKIE, $antiXss);
}
/**

39
lib/Froxlor/Validate/Check.php
View File

@ -28,6 +28,7 @@ namespace Froxlor\Validate;
use Froxlor\Database\Database;
use Froxlor\FileDir;
use Froxlor\Settings;
use Froxlor\UI\Request;
class Check
{
@ -73,7 +74,7 @@ class Check
// interface is to be enabled
if ((int)$newfieldvalue == 1) {
// check for POST value of the other field == 1 (active)
if (isset($_POST[$check_array[$fieldname]['other_post_field']]) && (int)$_POST[$check_array[$fieldname]['other_post_field']] == 1) {
if ((int)Request::post($check_array[$fieldname]['other_post_field'], 0) == 1) {
// the other interface is activated already and STAYS activated
if ((int)Settings::Get($check_array[$fieldname]['other_enabled']) == 1) {
$returnvalue = [
@ -83,8 +84,12 @@ class Check
} else {
// fcgid is being validated before fpm -> "ask" fpm about its state
if ($fieldname == 'system_mod_fcgid_enabled') {
$returnvalue = self::checkFcgidPhpFpm('system_phpfpm_enabled', null,
$check_array[$fieldname]['other_post_field'], null);
$returnvalue = self::checkFcgidPhpFpm(
'system_phpfpm_enabled',
null,
$check_array[$fieldname]['other_post_field'],
null
);
} else {
// not, bot are nogo
$returnvalue = $returnvalue = [
@ -117,8 +122,16 @@ class Check
$mysql_access_host_array = array_unique(array_map('trim', explode(',', $newfieldvalue)));
foreach ($mysql_access_host_array as $host_entry) {
if (Validate::validate_ip2($host_entry, true, 'invalidip', true, true, true, true,
false) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
if (Validate::validate_ip2(
$host_entry,
true,
'invalidip',
true,
true,
true,
true,
false
) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
return [
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
'invalidmysqlhost',
@ -204,8 +217,11 @@ class Check
}
// neither dir can be within the other nor can they be equal
if (substr($newdir, 0, strlen($cdir)) == $cdir || substr($cdir, 0,
strlen($newdir)) == $newdir || $newdir == $cdir) {
if (substr($newdir, 0, strlen($cdir)) == $cdir || substr(
$cdir,
0,
strlen($newdir)
) == $newdir || $newdir == $cdir) {
$returnvalue = [
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
'fcgidpathcannotbeincustomerdoc'
@ -264,8 +280,11 @@ class Check
}
$returnvalue = [];
if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'),
Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true) {
if (Validate::validateUsername(
$newfieldvalue,
Settings::Get('panel.unix_names'),
Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])
) === true) {
$returnvalue = [
self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
];
@ -330,7 +349,7 @@ class Check
];
}
// check if the pgp public key is a valid key
putenv('GNUPGHOME='.sys_get_temp_dir());
putenv('GNUPGHOME=' . sys_get_temp_dir());
if (gnupg_import(gnupg_init(), $newfieldvalue) === false) {
return [
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,

2
lib/configfiles/noble.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<froxlor>
<distribution name="Ubuntu" codename="noble"
<distribution name="Ubuntu" codename="Noble"
version="24.04" defaulteditor="/bin/nano">
<!-- OS defaults to be loaded on installation -->
<defaults>

2
lib/init.php
View File

@ -361,7 +361,7 @@ if (CurrentUser::hasSession()) {
UI::twig()->addGlobal('csrf_token', $csrf_token);
// check if csrf token is valid
if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH', 'DELETE'])) {
$current_token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
$current_token = Request::post('csrf_token', $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null);
if ($current_token != CurrentUser::getField('csrf_token')) {
http_response_code(403);
Response::dynamicError('CSRF validation failed');

2
ssl_certificates.php
View File

@ -55,7 +55,7 @@ if ($action == 'delete') {
'section' => 'domains',
'page' => $page
]);
} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
try {
$json_result = Certificates::getLocal($userinfo, [
'id' => $id

9
ssl_editor.php
View File

@ -33,6 +33,7 @@ use Froxlor\Api\Commands\SubDomains;
use Froxlor\Database\Database;
use Froxlor\PhpHelper;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Request;
use Froxlor\UI\Response;
// This file is being included in admin_domains and customer_domains
@ -49,13 +50,13 @@ if ($action == '' || $action == 'view') {
}
$result_domain = json_decode($json_result, true)['data'];
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$do_insert = isset($_POST['do_insert']) && ((($_POST['do_insert'] == 1) ? true : false));
if (Request::post('send') == 'send') {
$do_insert = Request::post('do_insert', 0) == 1;
try {
if ($do_insert) {
Certificates::getLocal($userinfo, $_POST)->add();
Certificates::getLocal($userinfo, Request::postAll())->add();
} else {
Certificates::getLocal($userinfo, $_POST)->update();
Certificates::getLocal($userinfo, Request::postAll())->update();
}
} catch (Exception $e) {
Response::dynamicError($e->getMessage());