From 59430e90b1b9334761d815aeb6e519effe7e5243 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 13 Feb 2018 17:52:52 +0100
Subject: [dozmod] Move subpages to pages/, hide pages where user has no
permission
---
modules-available/dozmod/pages/mailconfig.inc.php | 97 +++++++++++++++++++++++
1 file changed, 97 insertions(+)
create mode 100644 modules-available/dozmod/pages/mailconfig.inc.php
(limited to 'modules-available/dozmod/pages/mailconfig.inc.php')
diff --git a/modules-available/dozmod/pages/mailconfig.inc.php b/modules-available/dozmod/pages/mailconfig.inc.php
new file mode 100644
index 00000000..1f0a750c
--- /dev/null
+++ b/modules-available/dozmod/pages/mailconfig.inc.php
@@ -0,0 +1,97 @@
+ 'mailconfig',
+ 'value' => $data
+ ));
+ Message::addSuccess('mail-config-saved');
+ } else {
+ Message::addError('main.invalid-action', $do);
+ }
+ Util::redirect('?do=DozMod§ion=mailconfig');
+ }
+
+ private static function cleanMailArray()
+ {
+ $keys = array('host', 'port', 'ssl', 'senderAddress', 'replyTo', 'username', 'password', 'serverName');
+ $data = array();
+ foreach ($keys as $key) {
+ $data[$key] = Request::post($key, '');
+ settype($data[$key], 'string');
+ if (is_numeric($data[$key])) {
+ settype($data[$key], 'int');
+ }
+ }
+ return $data;
+ }
+
+ public static function doRender()
+ {
+ // Mail config
+ $mailConf = Database::queryFirst('SELECT value FROM sat.configuration WHERE parameter = :param', array('param' => 'mailconfig'));
+ if ($mailConf != null) {
+ $mailConf = @json_decode($mailConf['value'], true);
+ if (is_array($mailConf)) {
+ $mailConf['set_' . $mailConf['ssl']] = 'selected="selected"';
+ }
+ }
+ Permission::addGlobalTags($mailConf['perms'], NULL, ['mailconfig.save', 'mailconfig.testmail']);
+ Render::addTemplate('mailconfig', $mailConf);
+ }
+
+ public static function doAjax()
+ {
+ $action = Request::post('action');
+ if ($action === 'mail') {
+ if (User::hasPermission("mailconfig.testmail")) {
+ self::handleTestMail();
+ }
+ }
+ }
+
+ private static function handleTestMail()
+ {
+ $do = Request::post('button');
+ if ($do === 'test') {
+ // Prepare array
+ $data = self::cleanMailArray();
+ Header('Content-Type: text/plain; charset=utf-8');
+ $data['recipient'] = Request::post('recipient', '');
+ if (!preg_match('/.+@.+\..+/', $data['recipient'])) {
+ $result = 'No recipient given!';
+ } else {
+ $result = Download::asStringPost('http://127.0.0.1:9080/do/mailtest', $data, 10, $code);
+ if ($code == 999) {
+ $result .= "\nTimeout.";
+ } elseif ($code != 200) {
+ $result .= "\nReturn code $code";
+ }
+ }
+ die($result);
+ }
+ }
+
+}
--
cgit v1.2.3-55-g7522
From cbd3277d1845baa350274bd6d8b65c915d886f3a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 16 Feb 2018 17:19:18 +0100
Subject: [dozmod] Remove testmail permission, would leak pw and makes little
sense
---
modules-available/dozmod/pages/mailconfig.inc.php | 7 +++----
modules-available/dozmod/permissions/permissions.json | 3 ---
modules-available/dozmod/templates/mailconfig.html | 2 +-
3 files changed, 4 insertions(+), 8 deletions(-)
(limited to 'modules-available/dozmod/pages/mailconfig.inc.php')
diff --git a/modules-available/dozmod/pages/mailconfig.inc.php b/modules-available/dozmod/pages/mailconfig.inc.php
index 1f0a750c..08205f2e 100644
--- a/modules-available/dozmod/pages/mailconfig.inc.php
+++ b/modules-available/dozmod/pages/mailconfig.inc.php
@@ -58,17 +58,16 @@ class SubPage
$mailConf['set_' . $mailConf['ssl']] = 'selected="selected"';
}
}
- Permission::addGlobalTags($mailConf['perms'], NULL, ['mailconfig.save', 'mailconfig.testmail']);
+ Permission::addGlobalTags($mailConf['perms'], null, ['mailconfig.save']);
Render::addTemplate('mailconfig', $mailConf);
}
public static function doAjax()
{
+ User::assertPermission("mailconfig.save");
$action = Request::post('action');
if ($action === 'mail') {
- if (User::hasPermission("mailconfig.testmail")) {
- self::handleTestMail();
- }
+ self::handleTestMail();
}
}
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
index c149cb69..c46768d7 100644
--- a/modules-available/dozmod/permissions/permissions.json
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -11,9 +11,6 @@
"mailconfig.save": {
"location-aware": false
},
- "mailconfig.testmail": {
- "location-aware": false
- },
"runtimeconfig.save": {
"location-aware": false
},
diff --git a/modules-available/dozmod/templates/mailconfig.html b/modules-available/dozmod/templates/mailconfig.html
index 3aa1eda5..dbcdddcb 100644
--- a/modules-available/dozmod/templates/mailconfig.html
+++ b/modules-available/dozmod/templates/mailconfig.html
@@ -55,7 +55,7 @@