[tokkee]

tokkee.org

Code

projects / gosa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Backport from trunk
[gosa.git] / gosa-plugins / gofon / gofon / phoneaccount / class_phoneAccount.inc
diff --git a/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc b/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc
index 20c2b29654bf68abaa7f22f2a7018bbaa87f58cf..330f21f844028909f6c218bde430e411e4f662e6 100644 (file)
--- a/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc
+++ b/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc
@@ -4,7 +4,7 @@ class phoneAccount extends plugin
 {
     /* Definitions */
     var $plHeadline   = "Phone";
-    var $plDescription= "This does something";
+    var $plDescription= "Manage personal phone settings";
     var $plIcon       = "plugins/gofon/images/phoneAccount.png";
 
     /* Attributes */
@@ -359,8 +359,8 @@ class phoneAccount extends plugin
                     ".$cur_cfg['VOICE_TABLE'].".password 
                         FROM  ".$cur_cfg['VOICE_TABLE'].", 
                     ".$cur_cfg['SIP_TABLE']." 
-                        WHERE ".$cur_cfg['VOICE_TABLE'].".mailbox = ".$num." 
-                        AND ".$cur_cfg['SIP_TABLE'].".name='".$this->uid."'";
+                        WHERE ".$cur_cfg['VOICE_TABLE'].".mailbox = ".mysql_real_escape_string($num)." 
+                        AND ".$cur_cfg['SIP_TABLE'].".name='".mysql_real_escape_string($this->uid)."'";
                 $res = mysql_query($query_tmp);
                 $vp  = mysql_fetch_assoc($res);
                 if(!isset($vp['context'])){
@@ -409,7 +409,7 @@ class phoneAccount extends plugin
                  */
                 $inno_tables = array("SIP_TABLE","EXT_TABLE","VOICE_TABLE","QUEUE_TABLE","QUEUE_MEMBER_TABLE"); 
                 foreach($inno_tables as $inno_table){
-                    $sql = "show table status like '".$config[$inno_table]."';";
+                    $sql = "show table status like '".mysql_real_escape_string($config[$inno_table])."';";
                     $res = mysql_query($sql);
                     $vp  = mysql_fetch_assoc($res);
                     if(!preg_match("/^InnoDB$/i",$vp['Engine'])){
@@ -653,7 +653,7 @@ class phoneAccount extends plugin
                             WARNING_DIALOG);
                 }
 
-                $query  = "SELECT id,name,callerid FROM ".$a_Remove['SIP_TABLE']." WHERE name='".$this->uid."';";
+                $query  = "SELECT id,name,callerid FROM ".$a_Remove['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
                 $rid    = mysql_query($query,$old_connection);
                 @DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, 
                         "<i>Reguest callerid to be able to identify the user.</i>");
@@ -667,11 +667,11 @@ class phoneAccount extends plugin
                        Strict disallows the addition of entries that do not match the targets field length.
                      */
                     $query_a[]= "SET @@sql_mode = STRICT_ALL_TABLES;";
-                    $query_a[]= "DELETE FROM ".$a_Remove['SIP_TABLE']." WHERE name='".$this->uid."';";
-                    $query_a[]= "DELETE FROM ".$a_Remove['VOICE_TABLE']." WHERE customer_id='".$result['callerid']."';";
-                    $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".$this->uid."';";
+                    $query_a[]= "DELETE FROM ".$a_Remove['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
+                    $query_a[]= "DELETE FROM ".$a_Remove['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($result['callerid'])."';";
+                    $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($this->uid)."';";
                     foreach($oldnums as $s_telenums) {
-                        $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".$s_telenums."';";
+                        $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($s_telenums)."';";
                     }
 
                     /* Start transaction, to be able to rollback 
@@ -733,7 +733,7 @@ class phoneAccount extends plugin
              */
             $SQL_query_array[] = "SET @@sql_mode = STRICT_ALL_TABLES;";
 
-            $query = "SELECT * FROM ".$a_New['SIP_TABLE']." WHERE name='".$this->uid."';\n"; 
+            $query = "SELECT * FROM ".$a_New['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';\n"; 
             $rid = mysql_query($query,$new_connection);
             @DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Receive current mysql entries.");
             if(mysql_affected_rows($new_connection)){
@@ -760,10 +760,10 @@ class phoneAccount extends plugin
                 if(count($sip_data_array)){
                     $query = "UPDATE ".$a_New['SIP_TABLE']." SET ";
                     foreach($sip_data_array as $key => $val){
-                        $query.= "".$key."='".$val."',"; 
+                        $query.= "".$key."='".mysql_real_escape_string($val)."',"; 
                     } 
                     $query = preg_replace("/,$/","",$query);
-                    $query.= " WHERE name='".$this->uid."';";
+                    $query.= " WHERE name='".mysql_real_escape_string($this->uid)."';";
                     $SQL_query_array[] = $query;
                 }
             } else {
@@ -828,7 +828,7 @@ class phoneAccount extends plugin
              **********************/
 
             $customer_id = $newnums[$i_new_key];
-            $query  = "SELECT id,name,callerid FROM ".$a_New['SIP_TABLE']." WHERE name='".$this->uid."';";
+            $query  = "SELECT id,name,callerid FROM ".$a_New['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
             $rid    = mysql_query($query,$new_connection);
 
             @DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Receive callerid");
@@ -850,7 +850,7 @@ class phoneAccount extends plugin
             $voice_data_array['pager']   = $this->pager;
 
             /* Check if there is already an entry in sip_users for this uid */
-            $query_tmp = "SELECT * FROM ".$a_New['VOICE_TABLE']." WHERE customer_id='".$old_customer_id."';\n";
+            $query_tmp = "SELECT * FROM ".$a_New['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($old_customer_id)."';\n";
             $rid = mysql_query($query_tmp,$new_connection);
 
             @DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query_tmp, "Check if voicemail entry exists");
@@ -876,7 +876,7 @@ class phoneAccount extends plugin
                         $query.= "".$key."='".$val."',"; 
                     } 
                     $query = preg_replace("/,$/","",$query);
-                    $query.= " WHERE customer_id='".$old_customer_id."';";
+                    $query.= " WHERE customer_id='".mysql_real_escape_string($old_customer_id)."';";
                     $SQL_query_array[] = $query;
                 }
             }else{
@@ -910,13 +910,13 @@ class phoneAccount extends plugin
 
             /* Initiate transaction 
              */
-            $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$this->uid."\";";
+            $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($this->uid)."\";";
             $oldnums= array();
             foreach($oldnums as $s_telenums){
-                $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$s_telenums."\";";
+                $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($s_telenums)."\";";
             }
             foreach($newnums as $s_telenums){
-                $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$s_telenums."\";";
+                $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($s_telenums)."\";";
             }
 
             /********************** 
@@ -1113,7 +1113,7 @@ class phoneAccount extends plugin
             } else {
                 if(empty($this->uid)){
                     $display= $this->show_enable_header(_("Create phone account"),
-                            msgPool::featuresDisabled(_("Phone"),_("User uid")));
+                            msgPool::featuresDisabled(_("Phone"),_("User UID")));
                 }else{
                     $display= $this->show_enable_header(_("Create phone account"),
                             msgPool::featuresDisabled(_("Phone")));
@@ -1322,14 +1322,14 @@ class phoneAccount extends plugin
             } else {
                 $color= "";
             }
-            $hl.= "  <option $color label=\"$cn\" value=\"$cn\" $selected>$description&nbsp;</option>\n";
+            $hl.= "  <option $color label=\"$cn\" value=\"".set_post($cn)."\" $selected>".$description."&nbsp;</option>\n";
         }
         $hl.= "</select>\n";
         $smarty->assign ("hardware_list", $hl);
 
 
         foreach($this->attributes as $attr){
-            if(in_array($attr,$this->multi_boxes)){
+            if(in_array_strict($attr,$this->multi_boxes)){
                 $smarty->assign("use_".$attr,TRUE);
             }else{
                 $smarty->assign("use_".$attr,FALSE);
@@ -1337,7 +1337,7 @@ class phoneAccount extends plugin
         }
 
         foreach(array("goFonVoiceMailContext","goFonContext") as $attr){
-            if(in_array($attr,$this->multi_boxes)){
+            if(in_array_strict($attr,$this->multi_boxes)){
                 $smarty->assign("use_".$attr,TRUE);
             }else{
                 $smarty->assign("use_".$attr,FALSE);
@@ -1460,10 +1460,10 @@ class phoneAccount extends plugin
         }
 
         if((strlen($this->goFonVoicemailPIN)==0)||(strlen($this->goFonVoicemailPIN)>4)){
-            $message[]= msgPool::invalid(_("Voicemail PIN"),"","",_("Between 1-4 charactes"));
+            $message[]= msgPool::invalid(_("Voice mail PIN"),"","",_("Between 1-4 characters"));
         }else{
             if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN)){
-                $message[]= msgPool::invalid(_("Voicemail PIN"),preg_replace("/[0-9]/","X",$this->goFonVoicemailPIN),"/X/");
+                $message[]= msgPool::invalid(_("Voice mail PIN"),preg_replace("/[0-9]/","X",$this->goFonVoicemailPIN),"/X/");
             }
         }
 
@@ -1556,7 +1556,7 @@ class phoneAccount extends plugin
          */
         $str = $this->generate_mysql_entension_entries(true);
         if(!$str){
-            msg_dialog::display(_("Error"),_("An error occured while updating the database entries!") , ERROR_DIALOG);
+            msg_dialog::display(_("Error"),_("An error occurred while updating the database entries!") , ERROR_DIALOG);
         }
 
         if($this->attrs['goFonMacro']==""){
@@ -1603,7 +1603,7 @@ class phoneAccount extends plugin
         plugin::adapt_from_template($dn, $skip);
 
         /* Assemble phone numbers */
-        if (isset($this->attrs['telephoneNumber']) && !in_array("telephoneNumber", $skip)){
+        if (isset($this->attrs['telephoneNumber']) && !in_array_strict("telephoneNumber", $skip)){
             for ($i= 0; $i<$this->attrs['telephoneNumber']['count']; $i++){
                 $number= $this->attrs['telephoneNumber'][$i];
                 $this->phoneNumbers[$number]= $number;
@@ -1674,11 +1674,11 @@ class phoneAccount extends plugin
             if(!$first_num){
                 $first_num = $s_telenums;
             }
-            $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".$s_telenums."';\n";
+            $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($s_telenums)."';\n";
         }
 
 
-        $query  = "SELECT id,name,callerid FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".$this->uid."';";
+        $query  = "SELECT id,name,callerid FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
         $rid    = mysql_query($query,$r_con);
         @DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Database query");
         $result = mysql_fetch_assoc($rid);
@@ -1690,9 +1690,9 @@ class phoneAccount extends plugin
         /* Set mode to strict
            Strict disallows the addition of entries that do not match the targets field length.
          */
-        $SQL[] = "DELETE FROM ".$a_SETUP['VOICE_TABLE']." WHERE customer_id='".$callerid."';";
-        $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".$this->uid."';\n";
-        $SQL[] = "DELETE FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".$this->uid."';\n";
+        $SQL[] = "DELETE FROM ".$a_SETUP['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($callerid)."';";
+        $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($this->uid)."';\n";
+        $SQL[] = "DELETE FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';\n";
 
         /* Start transaction, to be able to rollback
          */
@@ -1747,7 +1747,7 @@ class phoneAccount extends plugin
         $ldap->cd($this->config->current['BASE']);
         $ldap->search("(&(objectClass=goFonQueue)(member=*))", array("member"));
         while($attr = $ldap->fetch()){
-            if(in_array($this->dn,$attr['member'])){
+            if(in_array_strict($this->dn,$attr['member'])){
                 $new =new ogrouptabs($this->config, $this->config->data['TABS']['OGROUPTABS'],$attr['dn']);
                 unset($new->by_object['ogroup']->memberList[$this->dn]);
                 unset($new->by_object['ogroup']->member[$this->dn]);
@@ -1789,9 +1789,9 @@ class phoneAccount extends plugin
         foreach($this->phoneNumbers as $num){
             if((isset($numbers[$num]))&&(($numbers[$num]['uid'][0]!=$this->uid))){
                 if(isset($numbers[$num]['uid'][0])){
-                    return sprintf(_("The specified telephonenumber '%s' is already assigned to '%s'."),$num,$numbers[$num]['uid'][0]);
+                    return sprintf(_("The specified telephone number '%s' is already assigned to '%s'."),$num,$numbers[$num]['uid'][0]);
                 }else{
-                    return sprintf(_("The specified telephonenumber '%s' is already assigned to '%s'."),$num,$numbers[$num]['cn'][0]);
+                    return sprintf(_("The specified telephone number '%s' is already assigned to '%s'."),$num,$numbers[$num]['cn'][0]);
                 }
             }
         }
@@ -1867,8 +1867,8 @@ class phoneAccount extends plugin
                         "goFonHomeServer"     => _("Home server"),
                         "goFonContext"          => _("Phone context"),
                         "goFonVoiceMailContext" => _("Voice mail context"),
-                        "goFonPIN"            => _("Telephone pin"),
-                        "goFonVoicemailPIN"   => _("Voicemail pin"))
+                        "goFonPIN"            => _("Telephone PIN"),
+                        "goFonVoicemailPIN"   => _("Voice mail PIN"))
                         ));
     }
 
@@ -1949,30 +1949,30 @@ class phoneAccount extends plugin
     {
         $message = plugin::multiple_check();
 
-        if(!count($this->goFonHomeServers) && in_array("goFonHomeServers",$this->multi_boxes)){
+        if(!count($this->goFonHomeServers) && in_array_strict("goFonHomeServers",$this->multi_boxes)){
             $message[] = _("There is currently no asterisk server defined!");
         }
 
-        if(empty($this->goFonHomeServer) && in_array("goFonHomeServers",$this->multi_boxes)){
+        if(empty($this->goFonHomeServer) && in_array_strict("goFonHomeServers",$this->multi_boxes)){
             $message[] = _("Asterisk server is invalid!");
         }
 
-        if(in_array("goFonVoicemailPIN",$this->multi_boxes) && 
+        if(in_array_strict("goFonVoicemailPIN",$this->multi_boxes) && 
                 ( (strlen($this->goFonVoicemailPIN)==0)||
                   (strlen($this->goFonVoicemailPIN)>4))){
-            $message[]=(_("Voicemail PIN must be 4 characters long!"));
+            $message[]=(_("Voice mail PIN must be 4 characters long!"));
         }else{
-            if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN) && in_array("goFonVoicemailPIN",$this->multi_boxes) ){
-                $message[]=(_("Voicemail PIN contains invalid characters!"));
+            if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN) && in_array_strict("goFonVoicemailPIN",$this->multi_boxes) ){
+                $message[]=(_("Voice mail PIN contains invalid characters!"));
             }
         }
 
-        if(preg_match("/[^0-9a-z]/i",$this->goFonPIN) && in_array("goFonPIN",$this->multi_boxes)){
-            $message[]=(_("Phone pin contains invalid characters!"));
+        if(preg_match("/[^0-9a-z]/i",$this->goFonPIN) && in_array_strict("goFonPIN",$this->multi_boxes)){
+            $message[]=(_("Phone PIN contains invalid characters!"));
         }
 
         /* check for ! in any parameter setting*/
-        if(isset($this->macroarray[$this->macro]) && in_array("macro",$this->multi_boxes)){
+        if(isset($this->macroarray[$this->macro]) && in_array_strict("macro",$this->multi_boxes)){
             foreach($this->macroarray[$this->macro] as $val){
                 if((strstr($val['choosen'],"!"))||(strstr($val['choosen'],"#"))){
                     $message[] = sprintf(_("The parameter %s contains invalid char. '!,#' is used as delimiter"),$val['name']);
@@ -1986,7 +1986,7 @@ class phoneAccount extends plugin
     function get_multi_edit_values()
     {
         $ret = plugin::get_multi_edit_values();
-        if(in_array("macro",$this->multi_boxes)){
+        if(in_array_strict("macro",$this->multi_boxes)){
             $ret['macro'] = $this->macro;
             $ret['macroarray'] = $this->macroarray;
             $ret['macros'] = $this->macros;
GONICUS system administrator (SVN clone)