diff --git a/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc b/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc
index 20c2b29654bf68abaa7f22f2a7018bbaa87f58cf..330f21f844028909f6c218bde430e411e4f662e6 100644 (file)
{
/* Definitions */
var $plHeadline = "Phone";
- var $plDescription= "This does something";
+ var $plDescription= "Manage personal phone settings";
var $plIcon = "plugins/gofon/images/phoneAccount.png";
/* Attributes */
".$cur_cfg['VOICE_TABLE'].".password
FROM ".$cur_cfg['VOICE_TABLE'].",
".$cur_cfg['SIP_TABLE']."
- WHERE ".$cur_cfg['VOICE_TABLE'].".mailbox = ".$num."
- AND ".$cur_cfg['SIP_TABLE'].".name='".$this->uid."'";
+ WHERE ".$cur_cfg['VOICE_TABLE'].".mailbox = ".mysql_real_escape_string($num)."
+ AND ".$cur_cfg['SIP_TABLE'].".name='".mysql_real_escape_string($this->uid)."'";
$res = mysql_query($query_tmp);
$vp = mysql_fetch_assoc($res);
if(!isset($vp['context'])){
*/
$inno_tables = array("SIP_TABLE","EXT_TABLE","VOICE_TABLE","QUEUE_TABLE","QUEUE_MEMBER_TABLE");
foreach($inno_tables as $inno_table){
- $sql = "show table status like '".$config[$inno_table]."';";
+ $sql = "show table status like '".mysql_real_escape_string($config[$inno_table])."';";
$res = mysql_query($sql);
$vp = mysql_fetch_assoc($res);
if(!preg_match("/^InnoDB$/i",$vp['Engine'])){
WARNING_DIALOG);
}
- $query = "SELECT id,name,callerid FROM ".$a_Remove['SIP_TABLE']." WHERE name='".$this->uid."';";
+ $query = "SELECT id,name,callerid FROM ".$a_Remove['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
$rid = mysql_query($query,$old_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query,
"<i>Reguest callerid to be able to identify the user.</i>");
Strict disallows the addition of entries that do not match the targets field length.
*/
$query_a[]= "SET @@sql_mode = STRICT_ALL_TABLES;";
- $query_a[]= "DELETE FROM ".$a_Remove['SIP_TABLE']." WHERE name='".$this->uid."';";
- $query_a[]= "DELETE FROM ".$a_Remove['VOICE_TABLE']." WHERE customer_id='".$result['callerid']."';";
- $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".$this->uid."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($result['callerid'])."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($this->uid)."';";
foreach($oldnums as $s_telenums) {
- $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".$s_telenums."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($s_telenums)."';";
}
/* Start transaction, to be able to rollback
*/
$SQL_query_array[] = "SET @@sql_mode = STRICT_ALL_TABLES;";
- $query = "SELECT * FROM ".$a_New['SIP_TABLE']." WHERE name='".$this->uid."';\n";
+ $query = "SELECT * FROM ".$a_New['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';\n";
$rid = mysql_query($query,$new_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Receive current mysql entries.");
if(mysql_affected_rows($new_connection)){
if(count($sip_data_array)){
$query = "UPDATE ".$a_New['SIP_TABLE']." SET ";
foreach($sip_data_array as $key => $val){
- $query.= "".$key."='".$val."',";
+ $query.= "".$key."='".mysql_real_escape_string($val)."',";
}
$query = preg_replace("/,$/","",$query);
- $query.= " WHERE name='".$this->uid."';";
+ $query.= " WHERE name='".mysql_real_escape_string($this->uid)."';";
$SQL_query_array[] = $query;
}
} else {
**********************/
$customer_id = $newnums[$i_new_key];
- $query = "SELECT id,name,callerid FROM ".$a_New['SIP_TABLE']." WHERE name='".$this->uid."';";
+ $query = "SELECT id,name,callerid FROM ".$a_New['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
$rid = mysql_query($query,$new_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Receive callerid");
$voice_data_array['pager'] = $this->pager;
/* Check if there is already an entry in sip_users for this uid */
- $query_tmp = "SELECT * FROM ".$a_New['VOICE_TABLE']." WHERE customer_id='".$old_customer_id."';\n";
+ $query_tmp = "SELECT * FROM ".$a_New['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($old_customer_id)."';\n";
$rid = mysql_query($query_tmp,$new_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query_tmp, "Check if voicemail entry exists");
$query.= "".$key."='".$val."',";
}
$query = preg_replace("/,$/","",$query);
- $query.= " WHERE customer_id='".$old_customer_id."';";
+ $query.= " WHERE customer_id='".mysql_real_escape_string($old_customer_id)."';";
$SQL_query_array[] = $query;
}
}else{
/* Initiate transaction
*/
- $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$this->uid."\";";
+ $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($this->uid)."\";";
$oldnums= array();
foreach($oldnums as $s_telenums){
- $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$s_telenums."\";";
+ $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($s_telenums)."\";";
}
foreach($newnums as $s_telenums){
- $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$s_telenums."\";";
+ $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($s_telenums)."\";";
}
/**********************
} else {
if(empty($this->uid)){
$display= $this->show_enable_header(_("Create phone account"),
- msgPool::featuresDisabled(_("Phone"),_("User uid")));
+ msgPool::featuresDisabled(_("Phone"),_("User UID")));
}else{
$display= $this->show_enable_header(_("Create phone account"),
msgPool::featuresDisabled(_("Phone")));
} else {
$color= "";
}
- $hl.= " <option $color label=\"$cn\" value=\"$cn\" $selected>$description </option>\n";
+ $hl.= " <option $color label=\"$cn\" value=\"".set_post($cn)."\" $selected>".$description." </option>\n";
}
$hl.= "</select>\n";
$smarty->assign ("hardware_list", $hl);
foreach($this->attributes as $attr){
- if(in_array($attr,$this->multi_boxes)){
+ if(in_array_strict($attr,$this->multi_boxes)){
$smarty->assign("use_".$attr,TRUE);
}else{
$smarty->assign("use_".$attr,FALSE);
}
foreach(array("goFonVoiceMailContext","goFonContext") as $attr){
- if(in_array($attr,$this->multi_boxes)){
+ if(in_array_strict($attr,$this->multi_boxes)){
$smarty->assign("use_".$attr,TRUE);
}else{
$smarty->assign("use_".$attr,FALSE);
}
if((strlen($this->goFonVoicemailPIN)==0)||(strlen($this->goFonVoicemailPIN)>4)){
- $message[]= msgPool::invalid(_("Voicemail PIN"),"","",_("Between 1-4 charactes"));
+ $message[]= msgPool::invalid(_("Voice mail PIN"),"","",_("Between 1-4 characters"));
}else{
if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN)){
- $message[]= msgPool::invalid(_("Voicemail PIN"),preg_replace("/[0-9]/","X",$this->goFonVoicemailPIN),"/X/");
+ $message[]= msgPool::invalid(_("Voice mail PIN"),preg_replace("/[0-9]/","X",$this->goFonVoicemailPIN),"/X/");
}
}
*/
$str = $this->generate_mysql_entension_entries(true);
if(!$str){
- msg_dialog::display(_("Error"),_("An error occured while updating the database entries!") , ERROR_DIALOG);
+ msg_dialog::display(_("Error"),_("An error occurred while updating the database entries!") , ERROR_DIALOG);
}
if($this->attrs['goFonMacro']==""){
plugin::adapt_from_template($dn, $skip);
/* Assemble phone numbers */
- if (isset($this->attrs['telephoneNumber']) && !in_array("telephoneNumber", $skip)){
+ if (isset($this->attrs['telephoneNumber']) && !in_array_strict("telephoneNumber", $skip)){
for ($i= 0; $i<$this->attrs['telephoneNumber']['count']; $i++){
$number= $this->attrs['telephoneNumber'][$i];
$this->phoneNumbers[$number]= $number;
if(!$first_num){
$first_num = $s_telenums;
}
- $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".$s_telenums."';\n";
+ $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($s_telenums)."';\n";
}
- $query = "SELECT id,name,callerid FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".$this->uid."';";
+ $query = "SELECT id,name,callerid FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
$rid = mysql_query($query,$r_con);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Database query");
$result = mysql_fetch_assoc($rid);
/* Set mode to strict
Strict disallows the addition of entries that do not match the targets field length.
*/
- $SQL[] = "DELETE FROM ".$a_SETUP['VOICE_TABLE']." WHERE customer_id='".$callerid."';";
- $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".$this->uid."';\n";
- $SQL[] = "DELETE FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".$this->uid."';\n";
+ $SQL[] = "DELETE FROM ".$a_SETUP['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($callerid)."';";
+ $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($this->uid)."';\n";
+ $SQL[] = "DELETE FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';\n";
/* Start transaction, to be able to rollback
*/
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=goFonQueue)(member=*))", array("member"));
while($attr = $ldap->fetch()){
- if(in_array($this->dn,$attr['member'])){
+ if(in_array_strict($this->dn,$attr['member'])){
$new =new ogrouptabs($this->config, $this->config->data['TABS']['OGROUPTABS'],$attr['dn']);
unset($new->by_object['ogroup']->memberList[$this->dn]);
unset($new->by_object['ogroup']->member[$this->dn]);
foreach($this->phoneNumbers as $num){
if((isset($numbers[$num]))&&(($numbers[$num]['uid'][0]!=$this->uid))){
if(isset($numbers[$num]['uid'][0])){
- return sprintf(_("The specified telephonenumber '%s' is already assigned to '%s'."),$num,$numbers[$num]['uid'][0]);
+ return sprintf(_("The specified telephone number '%s' is already assigned to '%s'."),$num,$numbers[$num]['uid'][0]);
}else{
- return sprintf(_("The specified telephonenumber '%s' is already assigned to '%s'."),$num,$numbers[$num]['cn'][0]);
+ return sprintf(_("The specified telephone number '%s' is already assigned to '%s'."),$num,$numbers[$num]['cn'][0]);
}
}
}
"goFonHomeServer" => _("Home server"),
"goFonContext" => _("Phone context"),
"goFonVoiceMailContext" => _("Voice mail context"),
- "goFonPIN" => _("Telephone pin"),
- "goFonVoicemailPIN" => _("Voicemail pin"))
+ "goFonPIN" => _("Telephone PIN"),
+ "goFonVoicemailPIN" => _("Voice mail PIN"))
));
}
{
$message = plugin::multiple_check();
- if(!count($this->goFonHomeServers) && in_array("goFonHomeServers",$this->multi_boxes)){
+ if(!count($this->goFonHomeServers) && in_array_strict("goFonHomeServers",$this->multi_boxes)){
$message[] = _("There is currently no asterisk server defined!");
}
- if(empty($this->goFonHomeServer) && in_array("goFonHomeServers",$this->multi_boxes)){
+ if(empty($this->goFonHomeServer) && in_array_strict("goFonHomeServers",$this->multi_boxes)){
$message[] = _("Asterisk server is invalid!");
}
- if(in_array("goFonVoicemailPIN",$this->multi_boxes) &&
+ if(in_array_strict("goFonVoicemailPIN",$this->multi_boxes) &&
( (strlen($this->goFonVoicemailPIN)==0)||
(strlen($this->goFonVoicemailPIN)>4))){
- $message[]=(_("Voicemail PIN must be 4 characters long!"));
+ $message[]=(_("Voice mail PIN must be 4 characters long!"));
}else{
- if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN) && in_array("goFonVoicemailPIN",$this->multi_boxes) ){
- $message[]=(_("Voicemail PIN contains invalid characters!"));
+ if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN) && in_array_strict("goFonVoicemailPIN",$this->multi_boxes) ){
+ $message[]=(_("Voice mail PIN contains invalid characters!"));
}
}
- if(preg_match("/[^0-9a-z]/i",$this->goFonPIN) && in_array("goFonPIN",$this->multi_boxes)){
- $message[]=(_("Phone pin contains invalid characters!"));
+ if(preg_match("/[^0-9a-z]/i",$this->goFonPIN) && in_array_strict("goFonPIN",$this->multi_boxes)){
+ $message[]=(_("Phone PIN contains invalid characters!"));
}
/* check for ! in any parameter setting*/
- if(isset($this->macroarray[$this->macro]) && in_array("macro",$this->multi_boxes)){
+ if(isset($this->macroarray[$this->macro]) && in_array_strict("macro",$this->multi_boxes)){
foreach($this->macroarray[$this->macro] as $val){
if((strstr($val['choosen'],"!"))||(strstr($val['choosen'],"#"))){
$message[] = sprintf(_("The parameter %s contains invalid char. '!,#' is used as delimiter"),$val['name']);
function get_multi_edit_values()
{
$ret = plugin::get_multi_edit_values();
- if(in_array("macro",$this->multi_boxes)){
+ if(in_array_strict("macro",$this->multi_boxes)){
$ret['macro'] = $this->macro;
$ret['macroarray'] = $this->macroarray;
$ret['macros'] = $this->macros;