Bernd Wurst commited on 2018-01-24 10:34:58
Zeige 8 geänderte Dateien mit 75 Einfügungen und 28 Löschungen.
... | ... |
@@ -42,9 +42,11 @@ function filter_input_general( $input ) |
42 | 42 |
|
43 | 43 |
function verify_input_general( $input ) |
44 | 44 |
{ |
45 |
- if (filter_input_general($input) != $input) { |
|
45 |
+ if (filter_input_general($input) !== $input) { |
|
46 | 46 |
system_failure("Ihre Daten enthielten ungültige Zeichen!"); |
47 | 47 |
logger(LOG_WARNING, 'inc/security', 'verify_input_general', 'Ungültige Daten: '.$input); |
48 |
+ } else { |
|
49 |
+ return $input; |
|
48 | 50 |
} |
49 | 51 |
} |
50 | 52 |
|
... | ... |
@@ -49,6 +49,9 @@ function upload_contact($c) |
49 | 49 |
// Update |
50 | 50 |
$data = array("contact" => $ac); |
51 | 51 |
$result = api_request('contactUpdate', $data); |
52 |
+ if ($result['status'] != 'success') { |
|
53 |
+ system_failure("Es gab ein Problem beim Hochladen der Adresse zum Domainregistrar. Das sollte nicht sein!"); |
|
54 |
+ } |
|
52 | 55 |
} else { |
53 | 56 |
// create |
54 | 57 |
$data = array("contact" => $ac); |
... | ... |
@@ -16,6 +16,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 | 18 |
require_role(array(ROLE_CUSTOMER)); |
19 |
+require_once('class/domain.php'); |
|
19 | 20 |
|
20 | 21 |
require_once('contactapi.php'); |
21 | 22 |
|
... | ... |
@@ -241,3 +242,14 @@ function delete_contact($id) { |
241 | 242 |
db_query("UPDATE kundendaten.contacts SET state='deleted' WHERE id=?", array($c['id'])); |
242 | 243 |
} |
243 | 244 |
|
245 |
+ |
|
246 |
+function domainlist_by_contact($c) { |
|
247 |
+ $result = db_query("SELECT id FROM kundendaten.domains WHERE owner=? OR admin_c=?", array($c['id'], $c['id'])); |
|
248 |
+ $ret = array(); |
|
249 |
+ while ($domain = $result->fetch()) { |
|
250 |
+ $ret[] = new Domain( (int) $domain['id'] ); |
|
251 |
+ } |
|
252 |
+ return $ret; |
|
253 |
+} |
|
254 |
+ |
|
255 |
+ |
... | ... |
@@ -31,19 +31,29 @@ $kundenkontakte = get_kundenkontakte(); |
31 | 31 |
|
32 | 32 |
output('<p>Sie haben aktuell diese Adressen gespeichert:</p> |
33 | 33 |
<div class="contact-list">'); |
34 |
-foreach ($contacts as $id => $contact) { |
|
35 |
- $adresse = nl2br("\n".$contact['address']."\n".$contact['country'].'-'.$contact['zip'].' '.$contact['city']); |
|
34 |
+ |
|
35 |
+$liste = array_merge(array($kundenkontakte['kunde']), array_keys($contacts)); |
|
36 |
+$kundenadresse_displayed = false; |
|
37 |
+foreach ($liste as $id) { |
|
38 |
+ if ($kundenadresse_displayed && $id == $kundenkontakte['kunde']) { |
|
39 |
+ continue; |
|
40 |
+ } |
|
41 |
+ $cssclass = ''; |
|
42 |
+ $contact = $contacts[$id]; |
|
43 |
+ $adresse = nl2br("\n".filter_input_general($contact['address'])."\n".filter_input_general($contact['country']).'-'.filter_input_general($contact['zip']).' '.filter_input_general($contact['city'])); |
|
36 | 44 |
if (! $contact['city']) { |
37 | 45 |
$adresse = ''; |
38 | 46 |
} |
39 | 47 |
$usage = array(); |
40 | 48 |
if ($id == $kundenkontakte['kunde']) { |
49 |
+ $cssclass='mainaddress'; |
|
50 |
+ $kundenadresse_displayed = true; |
|
41 | 51 |
$usage[] = 'Stamm-Adresse'; |
42 | 52 |
} |
43 | 53 |
if ($id == $kundenkontakte['extern']) { |
44 | 54 |
$usage[] = 'Ersatz-Adresse'; |
45 | 55 |
} |
46 |
- if ($id == $kundenkontakte['rechnung']) { |
|
56 |
+ if ($id == $kundenkontakte['rechnung'] || ($id == $kundenkontakte['kunde'] && $kundenkontakte['rechnung'] == NULL)) { |
|
47 | 57 |
$usage[] = 'Rechnungs-Adresse'; |
48 | 58 |
} |
49 | 59 |
if ($contact['nic_handle']) { |
... | ... |
@@ -51,8 +61,8 @@ foreach ($contacts as $id => $contact) { |
51 | 61 |
} |
52 | 62 |
$usage = join(', ', $usage); |
53 | 63 |
$name = $contact['name']; |
54 |
- if ($contact['company']) { |
|
55 |
- $name = $contact['company']."<br />".$contact['name']; |
|
64 |
+ if (nl2br(filter_input_general($contact['company']))) { |
|
65 |
+ $name = filter_input_general($contact['company'])."<br />".nl2br(filter_input_general($contact['name'])); |
|
56 | 66 |
} |
57 | 67 |
$email = $contact['email']; |
58 | 68 |
$new_email = update_pending($id); |
... | ... |
@@ -69,10 +79,10 @@ foreach ($contacts as $id => $contact) { |
69 | 79 |
$actions[] = internal_link('useas', other_icon('attach.png')." Benutzen als...", 'id='.$contact['id']); |
70 | 80 |
|
71 | 81 |
$email = implode("<br>\n", array_filter(array($email, $contact['phone'], $contact['fax'], $contact['mobile']))); |
72 |
- output("<div class=\"contact\" id=\"contact-{$contact['id']}\"><p class=\"contact-id\">#{$contact['id']}</p><p class=\"contact-address\"><strong>$name</strong>$adresse</p><p class=\"contact-contact\">$email</p><p class=\"contact-usage\">Verwendung als $usage</p><p class=\"contact-actions\">".implode("<br>\n", $actions)."</p></div>"); |
|
82 |
+ output("<div class=\"contact {$cssclass}\" id=\"contact-{$contact['id']}\"><p class=\"contact-id\">#{$contact['id']}</p><p class=\"contact-address\"><strong>$name</strong>$adresse</p><p class=\"contact-contact\">$email</p><p class=\"contact-usage\">Verwendung als $usage</p><p class=\"contact-actions\">".implode("<br>\n", $actions)."</p></div>"); |
|
73 | 83 |
} |
74 | 84 |
output("</div><br />"); |
75 |
-addnew('edit', 'Neuen Kontakt erstellen', 'id=new'); |
|
85 |
+addnew('edit', 'Neue Adresse erstellen', 'id=new'); |
|
76 | 86 |
|
77 | 87 |
|
78 | 88 |
?> |
... | ... |
@@ -27,13 +27,13 @@ $section = 'contacts_list'; |
27 | 27 |
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') { |
28 | 28 |
$contact = get_contact($_REQUEST['id']); |
29 | 29 |
|
30 |
- $adresse = nl2br("\n".$contact['address']."\n".$contact['country'].'-'.$contact['zip'].' '.$contact['city']); |
|
30 |
+ $adresse = nl2br("\n".filter_input_general($contact['address'])."\n".filter_input_general($contact['country']).'-'.filter_input_general($contact['zip']).' '.filter_input_general($contact['city'])); |
|
31 | 31 |
if (! $contact['city']) { |
32 | 32 |
$adresse = ''; |
33 | 33 |
} |
34 |
- $name = $contact['name']; |
|
34 |
+ $name = filter_input_general($contact['name']); |
|
35 | 35 |
if ($contact['company']) { |
36 |
- $name = $contact['company']."<br />".$contact['name']; |
|
36 |
+ $name = filter_input_general($contact['company'])."<br />".filter_input_general($contact['name']); |
|
37 | 37 |
} |
38 | 38 |
$email = implode("<br>\n", array_filter(array($contact['email'], $contact['phone'], $contact['fax'], $contact['mobile']))); |
39 | 39 |
|
... | ... |
@@ -91,17 +91,17 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') { |
91 | 91 |
} |
92 | 92 |
|
93 | 93 |
|
94 |
- $c['company'] = maybe_null($_REQUEST['firma']); |
|
95 |
- $c['name'] = maybe_null($_REQUEST['name']); |
|
96 |
- $c['address'] = maybe_null($_REQUEST['adresse']); |
|
97 |
- $c['country'] = maybe_null(strtoupper($_REQUEST['land'])); |
|
98 |
- $c['zip'] = maybe_null($_REQUEST['plz']); |
|
99 |
- $c['city'] = maybe_null($_REQUEST['ort']); |
|
94 |
+ $c['company'] = verify_input_general(maybe_null($_REQUEST['firma'])); |
|
95 |
+ $c['name'] = verify_input_general(maybe_null($_REQUEST['name'])); |
|
96 |
+ $c['address'] = verify_input_general(maybe_null($_REQUEST['adresse'])); |
|
97 |
+ $c['country'] = verify_input_general(maybe_null(strtoupper($_REQUEST['land']))); |
|
98 |
+ $c['zip'] = verify_input_general(maybe_null($_REQUEST['plz'])); |
|
99 |
+ $c['city'] = verify_input_general(maybe_null($_REQUEST['ort'])); |
|
100 | 100 |
|
101 | 101 |
|
102 | 102 |
|
103 | 103 |
if ($_REQUEST['telefon']) { |
104 |
- $num = format_number($_REQUEST['telefon'], $_REQUEST['land']); |
|
104 |
+ $num = format_number(verify_input_general($_REQUEST['telefon']), $_REQUEST['land']); |
|
105 | 105 |
if ($num) { |
106 | 106 |
$c['phone'] = $num; |
107 | 107 |
} else { |
... | ... |
@@ -111,7 +111,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') { |
111 | 111 |
$c['phone'] = NULL; |
112 | 112 |
} |
113 | 113 |
if ($_REQUEST['mobile']) { |
114 |
- $num = format_number($_REQUEST['mobile'], $_REQUEST['land']); |
|
114 |
+ $num = format_number(verify_input_general($_REQUEST['mobile']), $_REQUEST['land']); |
|
115 | 115 |
if ($num) { |
116 | 116 |
$c['mobile'] = $num; |
117 | 117 |
} else { |
... | ... |
@@ -121,7 +121,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') { |
121 | 121 |
$c['mobile'] = NULL; |
122 | 122 |
} |
123 | 123 |
if ($_REQUEST['telefax']) { |
124 |
- $num = format_number($_REQUEST['telefax'], $_REQUEST['land']); |
|
124 |
+ $num = format_number(verify_input_general($_REQUEST['telefax']), $_REQUEST['land']); |
|
125 | 125 |
if ($num) { |
126 | 126 |
$c['fax'] = $num; |
127 | 127 |
} else { |
... | ... |
@@ -143,7 +143,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') { |
143 | 143 |
|
144 | 144 |
if ($c['email'] != $_REQUEST['email']) { |
145 | 145 |
if (have_mailaddress($_REQUEST['email'])) { |
146 |
- save_emailaddress($c['id'], $_REQUEST['email']); |
|
146 |
+ save_emailaddress($c['id'], verify_input_general($_REQUEST['email'])); |
|
147 | 147 |
} else { |
148 | 148 |
send_emailchange_token($c['id'], $_REQUEST['email']); |
149 | 149 |
} |
... | ... |
@@ -64,13 +64,13 @@ if (isset($_REQUEST['useas'])) { |
64 | 64 |
} |
65 | 65 |
} |
66 | 66 |
} else { |
67 |
- $adresse = nl2br("\n".$contact['address']."\n".$contact['country'].'-'.$contact['zip'].' '.$contact['city']); |
|
67 |
+ $adresse = nl2br("\n".filter_input_general($contact['address'])."\n".filter_input_general($contact['country']).'-'.filter_input_general($contact['zip']).' '.filter_input_general($contact['city'])); |
|
68 | 68 |
if (! $contact['city']) { |
69 | 69 |
$adresse = ''; |
70 | 70 |
} |
71 |
- $name = $contact['name']; |
|
71 |
+ $name = filter_input_general($contact['name']); |
|
72 | 72 |
if ($contact['company']) { |
73 |
- $name = $contact['company']."<br />".$contact['name']; |
|
73 |
+ $name = filter_input_general($contact['company'])."<br />".filter_input_general($contact['name']); |
|
74 | 74 |
} |
75 | 75 |
$email = implode("<br>\n", array_filter(array($contact['email'], $contact['phone'], $contact['fax'], $contact['mobile']))); |
76 | 76 |
|
... | ... |
@@ -86,7 +86,7 @@ if (isset($_REQUEST['useas'])) { |
86 | 86 |
addnew('useas', 'Diese Adresse als Haupt-Adresse des Kontoinhabers festlegen.', 'id='.$_REQUEST['id'].'&useas=kunde'); |
87 | 87 |
} |
88 | 88 |
if ($id == $kundenkontakte['extern']) { |
89 |
- output("<p>Diese Adresse ist die Ersatz-Adresse bei Störungen! ".icon_delete().internal_link('useas', "Zuordnung löschen", 'id='.$_REQUEST['id'].'&useas=extern&action=delete')."</p>"); |
|
89 |
+ output("<p>Diese Adresse ist die Ersatz-Adresse bei Störungen. ".icon_delete().internal_link('useas', "Zuordnung löschen", 'id='.$_REQUEST['id'].'&useas=extern&action=delete')."</p>"); |
|
90 | 90 |
} else { |
91 | 91 |
addnew('useas', 'Diese Adresse als Ersatz-Adresse des Kontoinhabers für Störungen festlegen.', 'id='.$_REQUEST['id'].'&useas=extern'); |
92 | 92 |
} |
... | ... |
@@ -98,10 +98,25 @@ if (isset($_REQUEST['useas'])) { |
98 | 98 |
} |
99 | 99 |
|
100 | 100 |
|
101 |
- if (possible_domainholder($contact)) { |
|
102 | 101 |
output("<h4>Verwendung als Domaininhaber bzw. -Verwalter</h4>"); |
102 |
+ if (possible_domainholder($contact)) { |
|
103 |
+ $domains = domainlist_by_contact($contact); |
|
104 |
+ foreach ($domains as $d) { |
|
105 |
+ $funktion = array(); |
|
106 |
+ if ($contact['id'] == $d->owner) { |
|
107 |
+ $funktion[] = 'Inhaber'; |
|
108 |
+ } |
|
109 |
+ if ($contact['id'] == $d->admin_c) { |
|
110 |
+ $funktion[] = 'Verwalter'; |
|
111 |
+ } |
|
112 |
+ $funktion = implode(' und ', $funktion); |
|
103 | 113 |
|
104 |
- output("<p>Kann als Domaininhaber verwendet werden!</p>"); |
|
114 |
+ output('<p>Ist <strong>'.$funktion.'</strong> bei der Domain <strong>'.$d->fqdn.'</strong>.</p>'); |
|
115 |
+ } |
|
116 |
+ |
|
117 |
+ |
|
118 |
+ } else { |
|
119 |
+ output("<p>Zur Verwendung als Domaininhaber müssen Name, vollständige Adresse, E-Mail-Adresse sowie Telefonnummer angegeben sein.</p>"); |
|
105 | 120 |
} |
106 | 121 |
|
107 | 122 |
|
... | ... |
@@ -14,6 +14,7 @@ https://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
+require_once('contacts.php'); |
|
17 | 18 |
require_once('verify.php'); |
18 | 19 |
require_once('inc/security.php'); |
19 | 20 |
|
20 | 21 |