possible fix for https://github.com/postfixadmin/postfixadmin/issues/967
CSRF Token changes : rather than have one PFA_Token value in $_SESSION, store a list of them, where each value has a time stamp it was issued on. The aim is to allow the user to have multiple browser tabs open at once - and not have the last tab that loaded trample on others. Tokens expire after 1 hour.
Adds a Smarty helper function `{CSRF_Token}` which will output `<input type=hidden name=CSRF_Token value=asdf123>` or `{CSRF_Token type=url}` which outputs a literal string like 'asdf123' suitable for placing in a URL.
Adds a PHP exception handler in public/common.php, which could be used to display a more friendly error message/response (but at the moment is fairly minimal).
Removes most uses of `die()` within the codebase, and instead moves to throw an exception
* Upgrade to Bootstrap 5.3.0 with Bootstrap Icons
* token improvements to setup.php rendering
* improve backup page rendering
* move to use html5 datetime-local field for vacation from/to rather than the previous js version
* remove datetimepicker js and bootstrap js and jquery (no longer needed)
* vacation: we load any previous dates in from the database, these could include ancient dates, so default them to now and now+1 if they are before today
* drop bootstrap 3.4.1 css
* bootstrap - add light mode / dark mode switch - taken from https://github.com/404GamerNotFound/bootstrap-5.3-dark-mode-light-mode-switch
public/editactive.php edit wrong description text it said this module is used for deleting admin domains mailbos etc
modify templates that it is used
public/list-virtual.php modify templates that it is used
modify the remarks behind arguments and internal , the texteditor thought the text after this was still remark text untl is see */
public/vacation.php and
model/VacantionHandel.php adjust date string actionFrom and activeUntil these are written in the database as e.g. 2020-10-01 15:14:00 and 2020-10-30-15:14:00
this should be 2020-10-01 00:00:00 and 2020-10-30 23:59:59 so that it contains all day, this happens if no holiday has been set for the account yet
when adjusting the dates, the seconds of until are set to 00 instead of 59. When the holiday is canceled and then action is taken again, the from time
to the time when the setting is made.
templates/editform.tpl remove blank space
templates/list-virtual_mailbox.tpl remove indent tabs
- check that $tActiveUntil >= today and $tActiveUntil >= $tActiveFrom
- update header comments
- display "vacation is active" notice also to admins
(based on a patch by J.Kruis @SF,
https://sourceforge.net/p/postfixadmin/patches/122/ )
*.lang:
- add
- pVacation_until_before_today
- pVacation_until_before_from
- reply_once_per_day
- change pUsersVacation_welcome_text to 'Auto response for %s is active!'
- remove "obsolete" marker from pUsersVacation_activefrom and
pUsersVacation_activeuntil, they are still used
nl.lang:
- translation update by J.Kruis @SFhttps://sourceforge.net/p/postfixadmin/patches/122/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1697 a1433add-5e2c-0410-b055-b7f2511e0802
restrict reply type to a list of options ($CONF[vacation_choice_of_reply]),
remove input field for custom interval
config.inc.php:
- change $CONF['vacation_choice_of_reply'] to [seconds] => [$PALANG label]
(note: reply to every mail is commented by default because it can be
annoying. Admins will have to explicitely add/enable it in their config.)
- remove $CONF[vacation_replytype_default]
- update comment about dovecot:* for $CONF[encrypt]
*.lang:
- add texts for reply types
VacationHandler.php:
- remove reply_type at various places
- set_away(): remove reply_type from list of function parameters
templates/vacation.tpl:
- update reply type dropdown for the changed $CONF['vacation_choice_of_reply']
- remove the input fields for custom reply delay
vacation.php:
- restrict reply type to a list of options ($CONF[vacation_choice_of_reply])
- if vacation is disabled, but old values are stored in the database,
change the activeFrom and activeUntil date to today to avoid users
have to scroll through the calendar a lot
xmlrpc.php:
- update set_away() call to match the removed parameter
upgrade.php:
- comment out upgrade_1345_mysql() which created the reply_type and
interval_time fields in the vacation table in mysql
- add upgrade_1610() to add the vacation.interval_time field
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1610 a1433add-5e2c-0410-b055-b7f2511e0802
- split off $fDomain from ?username= (admin mode)
- basic sanity check for ?username= (admin mode)
- urlencode $fDomain for $Return_url (admin mode)
- don't split off domain from username in users mode (not needed)
- added various TODO notes
- some whitespace fixes near the end of the file (2*3 lines)
list-virtual_mailbox.tpl
- don't include domain in link to vacation.php (no longer needed)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1172 a1433add-5e2c-0410-b055-b7f2511e0802
vacation.php
- result of merging edit-vacation.php and users/vacation.php
- vacation.php comes with the svn history of edit-vacation.php
- display "vacation already active" (only) in user mode if vacation is active
(would be useful in admin mode too, but needs a text change)
- various comment updates
- add username in $PALANG[pVacation_result_removed] and
$PALANG[pVacation_result_added] using sprintf
- change compared to Jan Kruis' patch:
- set return url for users to main.php instead of users/main.php
- set return url for admins after setting $fDomain. Otherwise the return url
does not contain the domain.
- removed unused variable $tDomain
users/vacation.php:
- require(../vacation.php)
- remove everything else
- whitespace changes in the license header
- note: this is completely different from Jan Kruis' patch - his intention was
to remove this file and use ../vacation.php. However, with his way all links
in the users menu would point to the wrong place/directory
edit-vacation.php:
- deleted
templates/vacation.tpl
- display username only in admin mode
templates/list-virtual_mailbox.tpl
- link changed to merged vacation.php
languages/en.lang
- add username in $PALANG[pVacation_result_removed] and
$PALANG[pVacation_result_added] as sprintf variable
- (comments added by Jan Kruis' patch are not part of this commit)
languages/nl.lang
- translation updates
- already contains the sprintf variable in $PALANG[pVacation_result_removed]
and $PALANG[pVacation_result_added]
(updates for other *.lang files follow in another commit)
The following parts of Jan Kruis' patch are not part of this commit:
- rejected:
- variables.inc.php: don't add $Admin_role and $Return_url
If we initialize them, it should be done directly in (edit-)vacation.php,
but the current code always sets them already in all cases.
- templates/users_main.tpl: do not change url for vacation.php
- postponed:
- added comments in en.lang about obsolete texts
Most parts of this commit (see exceptions above) were provided as patch
by Jan Kruis (jan-kruis@SF), see
https://sourceforge.net/tracker/?func=detail&aid=3383236&group_id=191583&atid=937966
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1169 a1433add-5e2c-0410-b055-b7f2511e0802
Prepare merging of edit-vacation.php and users/vacation.php
users/vacation.php, edit-vacation.php:
- first step of merging
- renamed some variables to fit vacation.tpl
- some code sorting and cleanup
- replaced JS redirect on cancel with handling in PHP
users_vacation.tpl, edit-vacation.tpl:
- deleted (merged to vacation.tpl)
vacation.tpl:
- new file, result of merging edit-vacation.tpl and users_vacation.tpl
- display mail address to users also (to be discussed)
Thanks to J.Kruis (jan-kruis@SF) for the patch,
https://sourceforge.net/tracker/?func=detail&aid=3383236&group_id=191583&atid=937966
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1163 a1433add-5e2c-0410-b055-b7f2511e0802
- supress warnings about PHP's date.timezone not set.
The risk of doing this is low IMHO - the worst thing that can happen
is a wrong default date for vacation or a "wrong" tempfile name for
backup.php
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1076 a1433add-5e2c-0410-b055-b7f2511e0802
*fixed VacationHandler.php
*changed edit-vacation to us VacationHandler
*added todopoint to upgrade.php
*fixed problem in AliasHandler
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@981 a1433add-5e2c-0410-b055-b7f2511e0802
- hand over $search to smarty templates
templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl:
- add search result highlighting
templates/list-virtual_mailbox.tpl:
- add search result highlighting
- move output of "Mailbox" / "Forward only" outside the foreach loop
(was displayed once per mailbox alias target)
css/default.css:
- add style for ".searchresult"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
- fix: text changes when setting up vacation message were ignored if the
user had used vacation before (UPDATE statement did only change active
state, not subject and body)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@302 a1433add-5e2c-0410-b055-b7f2511e0802
- fix double-encoded special characters if language file contains
entity-encoded strings by html_entity_decode'ing the string
(will be encoded in template file later)
edit-vacation.tpl:
- encode tSubject with htmlentities() in template
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@200 a1433add-5e2c-0410-b055-b7f2511e0802
David Goodwin
Copilot
Christian Boltz
Jan Kruis
Adrien Crivelli
David Goodwin
Valkum
Sebastian