cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

Fix for https://bugs.cacert.org/view.php?id=789

Browse Source 
Editing domain for organisations does not work.
pull/1/head
Wytze van der Raay 12 years ago
parent c90070617a
commit 1d69ee1289
3 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File

24
includes/account.php
Unescape Escape View File

@ -2145,9 +2145,9 @@
if($oldid == 29 && $process != "") if($oldid == 29 && $process != "")
{ {
$domain = mysql_real_escape_string(stripslashes(trim($domainname))); $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'"); $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{ {
@ -2157,12 +2157,12 @@
} }
} }
if(($oldid == 29 || $oldid == 30) && $process != _("Cancel")) if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
{ {
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'"; `orgdomains`.`id`='".intval($domid)."'";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
@ -2170,7 +2170,7 @@
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and `orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'"; `orgdomains`.`id`='".intval($domid)."'";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
@ -2178,23 +2178,23 @@
if($oldid == 29 && $process != "") if($oldid == 29 && $process != "")
{ {
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'")); $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'"); mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain)); printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue."); echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
showfooter(); showfooter();
exit; exit;
} }
if($oldid == 30 && $process != "") if($oldid == 30 && $process != "")
{ {
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'")); $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
$domain = $row['domain']; $domain = $row['domain'];
mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"); mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain)); printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue."); echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
showfooter(); showfooter();
exit; exit;
} }
@ -2980,6 +2980,4 @@
$_SESSION['_config']['orgid'] = intval($orgid); $_SESSION['_config']['orgid'] = intval($orgid);
if(intval($memid) > 0) if(intval($memid) > 0)
$_SESSION['_config']['memid'] = intval($memid); $_SESSION['_config']['memid'] = intval($memid);
if(intval($domid) > 0)
$_SESSION['_config']['domid'] = intval($domid);
?> ?>

4
pages/account/29.php
Unescape Escape View File

@ -35,10 +35,12 @@
<td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td> <td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> <td class="DataTD"><input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
<td class="DataTD"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=intval($id)?>"> <input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
</form> </form>

1
pages/account/30.php
Unescape Escape View File

@ -41,5 +41,6 @@
<input type="hidden" name="oldid" value="<?=intval($id)?>"> <input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
<input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>"> <input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>">
<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
</form> </form>

Write Preview
Loading…
Cancel
Save