Bernd Wurst commited on 2014-02-02 16:31:00
Zeige 8 geänderte Dateien mit 51 Einfügungen und 44 Löschungen.
... | ... |
@@ -44,6 +44,7 @@ class DB extends PDO { |
44 | 44 |
return $response; |
45 | 45 |
} else { |
46 | 46 |
if (strtoupper(substr($stmt, 0, 6)) == "INSERT" || |
47 |
+ strtoupper(substr($stmt, 0, 7)) == "REPLACE" || |
|
47 | 48 |
strpos(strtoupper($stmt), "WHERE") > 0) { // Das steht nie am Anfang |
48 | 49 |
$backtrace = debug_backtrace(); |
49 | 50 |
if (config("enable_debug")) { |
... | ... |
@@ -109,7 +109,7 @@ function get_domain_list($customerno, $uid = NULL) |
109 | 109 |
$query .= " kunde={$customerno}"; |
110 | 110 |
} |
111 | 111 |
$query .= " ORDER BY domainname,tld"; |
112 |
- $result = db_query($query); |
|
112 |
+ $result = db_query($query, array()); // FIXME Übergebe leeren array um die Warnung zu unterdrücken |
|
113 | 113 |
$domains = array(); |
114 | 114 |
DEBUG('Result set is '.$result->rowCount()." rows.<br />\n"); |
115 | 115 |
if ($result->rowCount() > 0) |
... | ... |
@@ -77,7 +77,7 @@ abstract class KeksData |
77 | 77 |
if (is_array($fields)) |
78 | 78 |
$fields = implode(',', $fields); |
79 | 79 |
|
80 |
- $res = db_query("SELECT {$fields} FROM {$table} {$where}"); |
|
80 |
+ $res = db_query("SELECT {$fields} FROM {$table} {$where}", array()); // FIXME Übergebe leeren array um die Warnung zu unterdrücken |
|
81 | 81 |
$return = array(); |
82 | 82 |
while ($arr = $res->fetch()) |
83 | 83 |
array_push($return, $arr); |
... | ... |
@@ -104,7 +104,7 @@ abstract class KeksData |
104 | 104 |
$value = db_escape_string($value); |
105 | 105 |
array_push($upd, "`{$key}`='{$value}'"); |
106 | 106 |
} |
107 |
- db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};"); |
|
107 |
+ db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id=?", array($this->data['id'])); |
|
108 | 108 |
} |
109 | 109 |
|
110 | 110 |
abstract function parse($data); |
... | ... |
@@ -78,7 +78,7 @@ function redirect($target) |
78 | 78 |
function my_server_id() |
79 | 79 |
{ |
80 | 80 |
$uid = (int) $_SESSION['userinfo']['uid']; |
81 |
- $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}"); |
|
81 |
+ $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid)); |
|
82 | 82 |
$r = $result->fetch(); |
83 | 83 |
DEBUG($r); |
84 | 84 |
return $r['server']; |
... | ... |
@@ -88,7 +88,7 @@ function my_server_id() |
88 | 88 |
function additional_servers() |
89 | 89 |
{ |
90 | 90 |
$uid = (int) $_SESSION['userinfo']['uid']; |
91 |
- $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}"); |
|
91 |
+ $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid)); |
|
92 | 92 |
$servers = array(); |
93 | 93 |
while ($s = $result->fetch()) |
94 | 94 |
$servers[] = $s['server']; |
... | ... |
@@ -25,7 +25,7 @@ function mailman_subdomains($domain) |
25 | 25 |
return array(); |
26 | 26 |
} |
27 | 27 |
$domain = (int) $domain; |
28 |
- $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}"); |
|
28 |
+ $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain=?", array($domain)); |
|
29 | 29 |
$ret = array(); |
30 | 30 |
while ($line = $result->fetch()) |
31 | 31 |
{ |
... | ... |
@@ -39,7 +39,7 @@ function dns_in_use($domain) |
39 | 39 |
if ( ! in_array('dns', config('modules'))) |
40 | 40 |
return false; |
41 | 41 |
$domain = (int) $domain; |
42 |
- $result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}"); |
|
42 |
+ $result = db_query("SELECT id FROM dns.custom_records WHERE domain=?", array($domain)); |
|
43 | 43 |
return ($result->rowCount() > 0); |
44 | 44 |
} |
45 | 45 |
|
... | ... |
@@ -51,16 +51,16 @@ function mail_in_use($domain) |
51 | 51 |
return false; |
52 | 52 |
} |
53 | 53 |
$domain = (int) $domain; |
54 |
- $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
|
54 |
+ $result = db_query("SELECT mail FROM kundendaten.domains WHERE id=?", array($domain)); |
|
55 | 55 |
if ($result->rowCount() < 1) |
56 | 56 |
system_failure("Domain not found"); |
57 | 57 |
$d = $result->fetch(); |
58 | 58 |
if ($d['mail'] == 'none') |
59 | 59 |
return false; // manually disabled |
60 |
- $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}"); |
|
60 |
+ $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain=?", array($domain)); |
|
61 | 61 |
if ($result->rowCount() < 1) |
62 | 62 |
return true; // .courier |
63 |
- $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}"); |
|
63 |
+ $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain=?", array($domain)); |
|
64 | 64 |
return ($result->rowCount() > 0); |
65 | 65 |
} |
66 | 66 |
|
... | ... |
@@ -71,12 +71,12 @@ function web_in_use($domain) |
71 | 71 |
|
72 | 72 |
$domain = (int) $domain; |
73 | 73 |
|
74 |
- $result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1"); |
|
74 |
+ $result = db_query("SELECT id FROM kundendaten.domains WHERE id=? AND webserver=1", array($domain)); |
|
75 | 75 |
if ($result->rowCount() < 1) |
76 | 76 |
return false; |
77 | 77 |
|
78 |
- $result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}"); |
|
79 |
- $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}"); |
|
78 |
+ $result = db_query("SELECT id FROM vhosts.vhost WHERE domain=?", array($domain)); |
|
79 |
+ $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain=?", array($domain)); |
|
80 | 80 |
return ($result->rowCount() > 0 || $result2->rowCount() > 0); |
81 | 81 |
} |
82 | 82 |
|
... | ... |
@@ -24,7 +24,7 @@ define("CERT_NOCHAIN", 2); |
24 | 24 |
function user_certs() |
25 | 25 |
{ |
26 | 26 |
$uid = (int) $_SESSION['userinfo']['uid']; |
27 |
- $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=${uid} ORDER BY cn"); |
|
27 |
+ $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=? ORDER BY cn", array($uid)); |
|
28 | 28 |
$ret = array(); |
29 | 29 |
while ($i = $result->fetch()) |
30 | 30 |
$ret[] = $i; |
... | ... |
@@ -35,7 +35,7 @@ function user_certs() |
35 | 35 |
function user_csr() |
36 | 36 |
{ |
37 | 37 |
$uid = (int) $_SESSION['userinfo']['uid']; |
38 |
- $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=${uid} ORDER BY hostname"); |
|
38 |
+ $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=? ORDER BY hostname", array($uid)); |
|
39 | 39 |
$ret = array(); |
40 | 40 |
while ($i = $result->fetch()) |
41 | 41 |
$ret[] = $i; |
... | ... |
@@ -48,7 +48,7 @@ function cert_details($id) |
48 | 48 |
$id = (int) $id; |
49 | 49 |
$uid = (int) $_SESSION['userinfo']['uid']; |
50 | 50 |
|
51 |
- $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid={$uid} AND id={$id}"); |
|
51 |
+ $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id)); |
|
52 | 52 |
if ($result->rowCount() != 1) |
53 | 53 |
system_failure("Ungültiges Zertifikat #{$id}"); |
54 | 54 |
return $result->fetch(); |
... | ... |
@@ -60,7 +60,7 @@ function csr_details($id) |
60 | 60 |
$id = (int) $id; |
61 | 61 |
$uid = (int) $_SESSION['userinfo']['uid']; |
62 | 62 |
|
63 |
- $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid={$uid} AND id={$id}"); |
|
63 |
+ $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id)); |
|
64 | 64 |
if ($result->rowCount() != 1) |
65 | 65 |
system_failure("Ungültiger CSR"); |
66 | 66 |
return $result->fetch(); |
... | ... |
@@ -87,8 +87,7 @@ function get_chain($cert) |
87 | 87 |
if (! isset($certdata['issuer']['CN'])) { |
88 | 88 |
return NULL; |
89 | 89 |
} |
90 |
- $issuer = db_escape_string($certdata['issuer']['CN']); |
|
91 |
- $result = db_query("SELECT id FROM vhosts.certchain WHERE cn='{$issuer}'"); |
|
90 |
+ $result = db_query("SELECT id FROM vhosts.certchain WHERE cn=?", array($certdata['issuer']['CN'])); |
|
92 | 91 |
if ($result->rowCount() > 0) |
93 | 92 |
{ |
94 | 93 |
$c = $result->fetch(); |
... | ... |
@@ -139,7 +138,7 @@ function validate_certificate($cert, $key) |
139 | 138 |
$chain = (int) get_chain($cert); |
140 | 139 |
if ($chain) |
141 | 140 |
{ |
142 |
- $result = db_query("SELECT content FROM vhosts.certchain WHERE id={$chain}"); |
|
141 |
+ $result = db_query("SELECT content FROM vhosts.certchain WHERE id=?", array($chain)); |
|
143 | 142 |
$tmp = $result->fetch(); |
144 | 143 |
$chaincert = $tmp['content']; |
145 | 144 |
$chainfile = tempnam(sys_get_temp_dir(), 'webinterface'); |
... | ... |
@@ -183,16 +182,11 @@ function save_cert($info, $cert, $key) |
183 | 182 |
{ |
184 | 183 |
openssl_pkey_export($key, $key); |
185 | 184 |
openssl_x509_export($cert, $cert); |
186 |
- $subject = db_escape_string(filter_input_general($info['subject'])); |
|
187 |
- $cn = db_escape_string(filter_input_general($info['cn'])); |
|
188 |
- $valid_from = db_escape_string($info['valid_from']); |
|
189 |
- $valid_until = db_escape_string($info['valid_until']); |
|
190 |
- $chain = maybe_null( get_chain($cert) ); |
|
191 |
- $cert = db_escape_string($cert); |
|
192 |
- $key = db_escape_string($key); |
|
193 | 185 |
$uid = (int) $_SESSION['userinfo']['uid']; |
194 | 186 |
|
195 |
- db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES ({$uid}, '{$subject}', '{$cn}', '{$valid_from}', '{$valid_until}', {$chain}, '{$cert}', '{$key}')"); |
|
187 |
+ db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :valid_from, :valid_until, :chain, :cert, :key)", |
|
188 |
+ array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":valid_from" => $info['valid_from'], |
|
189 |
+ ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)); |
|
196 | 190 |
} |
197 | 191 |
|
198 | 192 |
|
... | ... |
@@ -210,12 +204,21 @@ function refresh_cert($id, $info, $cert, $key = NULL) |
210 | 204 |
$valid_from = db_escape_string($info['valid_from']); |
211 | 205 |
$valid_until = db_escape_string($info['valid_until']); |
212 | 206 |
|
207 |
+ $args = array(":subject" => filter_input_general($info['subject']), |
|
208 |
+ ":cn" => filter_input_general($info['cn']), |
|
209 |
+ ":cert" => $cert, |
|
210 |
+ ":valid_from" => $info['valid_from'], |
|
211 |
+ ":valid_until" => $info['valid_until'], |
|
212 |
+ ":chain" => get_chain($cert), |
|
213 |
+ ":id" => $id); |
|
214 |
+ |
|
213 | 215 |
$keyop = ''; |
214 | 216 |
if ($key) { |
215 | 217 |
openssl_pkey_export($key, $key); |
216 |
- $keyop = ", `key`='".db_escape_string($key)."'"; |
|
218 |
+ $keyop = ", `key`=:key"; |
|
219 |
+ $args[":key"] = $key; |
|
217 | 220 |
} |
218 |
- db_query("UPDATE vhosts.certs SET subject='{$subject}', cn='{$cn}', cert='{$cert}'{$keyop}, valid_from='{$valid_from}', valid_until='{$valid_until}', chain={$chain} WHERE id={$id} LIMIT 1"); |
|
221 |
+ db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args); |
|
219 | 222 |
} |
220 | 223 |
|
221 | 224 |
|
... | ... |
@@ -224,7 +227,7 @@ function delete_cert($id) |
224 | 227 |
$uid = (int) $_SESSION['userinfo']['uid']; |
225 | 228 |
$id = (int) $id; |
226 | 229 |
|
227 |
- db_query("DELETE FROM vhosts.certs WHERE uid={$uid} AND id={$id} LIMIT 1"); |
|
230 |
+ db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", array($uid, $id)); |
|
228 | 231 |
} |
229 | 232 |
|
230 | 233 |
function delete_csr($id) |
... | ... |
@@ -232,7 +235,7 @@ function delete_csr($id) |
232 | 235 |
$uid = (int) $_SESSION['userinfo']['uid']; |
233 | 236 |
$id = (int) $id; |
234 | 237 |
|
235 |
- db_query("DELETE FROM vhosts.csr WHERE uid={$uid} AND id={$id} LIMIT 1"); |
|
238 |
+ db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", array($uid, $id)); |
|
236 | 239 |
} |
237 | 240 |
|
238 | 241 |
|
... | ... |
@@ -305,12 +308,10 @@ function save_csr($cn, $bits, $replace=NULL) |
305 | 308 |
|
306 | 309 |
$uid = (int) $_SESSION['userinfo']['uid']; |
307 | 310 |
$cn = db_escape_string(filter_input_hostname($cn, true)); |
308 |
- $bits = (int) $bits; |
|
309 |
- $replace = ($replace ? (int) $replace : 'NULL'); |
|
310 |
- $csr = db_escape_string($csr); |
|
311 |
- $key = db_escape_string($key); |
|
312 |
- db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES ({$uid}, '{$cn}', {$bits}, {$replace}, '{$csr}', '{$key}')"); |
|
313 |
- $id = mysql_insert_id(); |
|
311 |
+ db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)", |
|
312 |
+ array(":uid" => $uid, ":cn" => filter_input_hostname($cn, true), ":bits" => $bits, |
|
313 |
+ ":replace" => $replace, ":csr" => $csr, ":key" => $key)); |
|
314 |
+ $id = db_insert_id(); |
|
314 | 315 |
return $id; |
315 | 316 |
} |
316 | 317 |
|
... | ... |
@@ -26,14 +26,14 @@ require_once("certs.php"); |
26 | 26 |
function traffic_month($vhost_id) |
27 | 27 |
{ |
28 | 28 |
$vhost_id = (int) $vhost_id; |
29 |
- $result = db_query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = {$vhost_id}"); |
|
29 |
+ $result = db_query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = ?", array($vhost_id)); |
|
30 | 30 |
$data = $result->fetch(); |
31 | 31 |
return $data['mb']; |
32 | 32 |
} |
33 | 33 |
|
34 | 34 |
function autoipv6_address($vhost_id, $mode = 1) |
35 | 35 |
{ |
36 |
- $result = db_query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id={$vhost_id}"); |
|
36 |
+ $result = db_query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id=?", array($vhost_id)); |
|
37 | 37 |
$data = $result->fetch(); |
38 | 38 |
if (!$data['v6_prefix']) |
39 | 39 |
{ |
... | ... |
@@ -53,7 +53,7 @@ function autoipv6_address($vhost_id, $mode = 1) |
53 | 53 |
function list_vhosts() |
54 | 54 |
{ |
55 | 55 |
$uid = (int) $_SESSION['userinfo']['uid']; |
56 |
- $result = db_query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} ORDER BY domain,hostname"); |
|
56 |
+ $result = db_query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid=? ORDER BY domain,hostname", array($uid)); |
|
57 | 57 |
$ret = array(); |
58 | 58 |
while ($item = $result->fetch()) |
59 | 59 |
array_push($ret, $item); |
... | ... |
@@ -160,7 +160,7 @@ function get_vhost_details($id) |
160 | 160 |
|
161 | 161 |
function get_aliases($vhost) |
162 | 162 |
{ |
163 |
- $result = db_query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost={$vhost}"); |
|
163 |
+ $result = db_query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost=?", array($vhost)); |
|
164 | 164 |
$ret = array(); |
165 | 165 |
while ($item = $result->fetch()) { |
166 | 166 |
array_push($ret, $item); |
... | ... |
@@ -22,15 +22,20 @@ $section = 'vhosts_certs'; |
22 | 22 |
if ($_GET['action'] == 'new') |
23 | 23 |
{ |
24 | 24 |
check_form_token('vhosts_certs_new'); |
25 |
+ if (! isset($_POST['cert'])) { |
|
26 |
+ system_failure("Es wurde kein Zertifikat eingegeben"); |
|
27 |
+ } |
|
25 | 28 |
$cert = $_POST['cert']; |
26 |
- $key = $_POST['key']; |
|
29 |
+ $key = NULL; |
|
27 | 30 |
if (! isset($_POST['key']) && isset($_REQUEST['csr'])) |
28 | 31 |
{ |
29 | 32 |
$csr = csr_details($_REQUEST['csr']); |
30 | 33 |
$key = $csr['key']; |
34 |
+ } else { |
|
35 |
+ $key = $_POST['key']; |
|
31 | 36 |
} |
32 | 37 |
$oldcert = NULL; |
33 |
- if ($_REQUEST['replace']) |
|
38 |
+ if (isset($_REQUEST['replace'])) |
|
34 | 39 |
{ |
35 | 40 |
$oldcert = cert_details($_REQUEST['replace']); |
36 | 41 |
} |
37 | 42 |