Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postfixadmin for openSUSE:Factory checked in at 2021-08-16 10:11:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfixadmin (Old) and /work/SRC/openSUSE:Factory/.postfixadmin.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfixadmin" Mon Aug 16 10:11:43 2021 rev:34 rq:912092 version:3.3.10 Changes: -------- --- /work/SRC/openSUSE:Factory/postfixadmin/postfixadmin.changes 2021-05-15 01:24:00.259063634 +0200 +++ /work/SRC/openSUSE:Factory/.postfixadmin.new.1899/postfixadmin.changes 2021-08-16 10:17:52.334634064 +0200 @@ -1,0 +2,12 @@ +Sat Aug 14 11:56:02 UTC 2021 - Christian Boltz <[email protected]> + +- Update to PostfixAdmin 3.3.10 + - Merge password expiration fixes + - Remove html readonly attribute from user's vacation page to/from selectors. + - vacation.pl - allow smtp helo to be specified + - Security fix - ClickJacking protection + - Security fix (low risk) - Improve randomness with PFA_token for CSRF protection + - Fix viewlog to allow admins to see all domains + - Disable password autocompletion in edit forms + +------------------------------------------------------------------- Old: ---- postfixadmin-3.3.9.tar.gz New: ---- postfixadmin-3.3.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfixadmin.spec ++++++ --- /var/tmp/diff_new_pack.bHpNtC/_old 2021-08-16 10:17:52.850633236 +0200 +++ /var/tmp/diff_new_pack.bHpNtC/_new 2021-08-16 10:17:52.854633230 +0200 @@ -18,7 +18,7 @@ Name: postfixadmin -Version: 3.3.9 +Version: 3.3.10 Release: 0 URL: http://postfixadmin.sourceforge.net/ Source0: https://github.com/postfixadmin/postfixadmin/archive/%{name}-%{version}.tar.gz ++++++ postfixadmin-3.3.9.tar.gz -> postfixadmin-3.3.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/ADDITIONS/README.TXT new/postfixadmin-postfixadmin-3.3.10/ADDITIONS/README.TXT --- old/postfixadmin-postfixadmin-3.3.9/ADDITIONS/README.TXT 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/ADDITIONS/README.TXT 1970-01-01 01:00:00.000000000 +0100 @@ -1,52 +0,0 @@ -# -# Postfix Admin ADDITIONS -# - -BEFORE YOU START ----------------- - -**** ALL THESE SCRIPTS ARE CREATED BY THIRD PARTIES **** - **** THEY ARE AS IS, USE AT YOUR OWN RISK! **** - -ADDITIONS ---------- - -In this directory you will find additional scripts that are build by others. - -- change_password.tgz -by George Vieira <george at citadelcomputer dot com dot au> -SquirrelMail plugin to change your passwor - -- cleanupdirs.pl -by jared bell <jared at beol dot net> -Displays a list of mailboxes that need to be deleted - -- mailbox_remover.pl -by Petr Znojemsky -Deletes all unused mailboxes - -- mkeveryone.pl -by Joshua Preston -Generate an 'everybody' alias for a domain. - -- pfa_maildir_cleanup.pl -by Stephen Fulton <sfulton at esoteric dot ca> -Deletes all unused mailboxes - -- postfixadmin-0.3-1.4.tar.gz -by Florian Kimmerl <info at spacekoeln dot de> -The Postfixadmin SquirrelMail plugin let users change their virtual alias, -vacation status/message and password. - -- virtualmaildel.php -by George Vieira <george at citadelcomputer dot com dot au> -Deletes all unused mailboxes - -- postfixadmin-mailbox-postcreation.sh -- postfixadmin-mailbox-postdeletion.sh -- postfixadmin-domain-postdeletion.sh -by Troels Arvin <[email protected]> -Examples of scripts relevant to the optional -$CONF['mailbox_postcreation_script'], -$CONF['mailbox_postdeletion_script'] and -$CONF['domain_postdeletion_script'] configuration options. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/ADDITIONS/README.md new/postfixadmin-postfixadmin-3.3.10/ADDITIONS/README.md --- old/postfixadmin-postfixadmin-3.3.9/ADDITIONS/README.md 1970-01-01 01:00:00.000000000 +0100 +++ new/postfixadmin-postfixadmin-3.3.10/ADDITIONS/README.md 2021-08-09 10:41:35.000000000 +0200 @@ -0,0 +1,69 @@ + +# BEFORE YOU START + + +**** ALL THESE SCRIPTS ARE CREATED BY THIRD PARTIES **** + **** THEY ARE AS IS, USE AT YOUR OWN RISK! **** + +# ADDITIONS + +In this directory you will find additional scripts that are build by others. + +## change_password.tgz + +by George Vieira <george at citadelcomputer dot com dot au> +SquirrelMail plugin to change your passwor + +## cleanupdirs.pl + +by jared bell <jared at beol dot net> +Displays a list of mailboxes that need to be deleted + +## mailbox_remover.pl + +by Petr Znojemsky +Deletes all unused mailboxes + +## mkeveryone.pl + +by Joshua Preston +Generate an 'everybody' alias for a domain. + +## pfa_maildir_cleanup.pl +by Stephen Fulton <sfulton at esoteric dot ca> +Deletes all unused mailboxes + +## postfixadmin-0.3-1.4.tar.gz + +by Florian Kimmerl <info at spacekoeln dot de> + +The Postfixadmin SquirrelMail plugin let users change their virtual alias, +vacation status/message and password. + +See also : https://github.com/postfixadmin/postfixadmin/tree/master/ADDITIONS/squirrelmail-plugin + + +## virtualmaildel.php + +by George Vieira <george at citadelcomputer dot com dot au> +Deletes all unused mailboxes + +## Example mailbox / domain scripts for Postfixadmin + +- postfixadmin-mailbox-postcreation.sh +- postfixadmin-mailbox-postdeletion.sh +- postfixadmin-domain-postdeletion.sh +by Troels Arvin <[email protected]> + +Examples of scripts relevant to the optional + + +$CONF['mailbox_postcreation_script'], +$CONF['mailbox_postdeletion_script'] and +$CONF['domain_postdeletion_script'] configuration options. + + +## Cyrus Quota Usage + +See https://github.com/o-m-d/cyrus-quotausage-to-pfa + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/CHANGELOG.TXT new/postfixadmin-postfixadmin-3.3.10/CHANGELOG.TXT --- old/postfixadmin-postfixadmin-3.3.9/CHANGELOG.TXT 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/CHANGELOG.TXT 2021-08-09 10:41:35.000000000 +0200 @@ -6,6 +6,16 @@ # # Further details on the project are available at https://github.com/postfixadmin/postfixadmin +Version 3.3.10 - 2021/08/09 +------------------------------------------------- + - Merge password expiration fixes from https://github.com/postfixadmin/postfixadmin/pull/493 + - Remove html readonly attribute from user's vacation page to/from selectors. + - vacation.pl - allow smtp helo to be specified (see https://github.com/postfixadmin/postfixadmin/pull/495) + - Security fix - ClickJacking protection (thanks @huntr-helper / @ranjit-git) (see https://github.com/postfixadmin/postfixadmin/issues/523) + - Security fix (low risk) - Improve randomness with PFA_token for CSRF protection (thanks @michaellrowley) + - Fix viewlog to allow admins to see all domains (thanks @pgimalac, https://github.com/postfixadmin/postfixadmin/issues/516) + - Disable password autocompletion in edit forms (thanks @gabrielfin, see https://github.com/postfixadmin/postfixadmin/pull/510) + Version 3.3.9 - 2021/05/12 ------------------------------------------------- - Improve Ukrainian language (ua.lang) (thanks: andrew.kudrinov) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/DOCUMENTS/Password_Expiration.md new/postfixadmin-postfixadmin-3.3.10/DOCUMENTS/Password_Expiration.md --- old/postfixadmin-postfixadmin-3.3.9/DOCUMENTS/Password_Expiration.md 1970-01-01 01:00:00.000000000 +0100 +++ new/postfixadmin-postfixadmin-3.3.10/DOCUMENTS/Password_Expiration.md 2021-08-09 10:41:35.000000000 +0200 @@ -0,0 +1,93 @@ +# Description + +This extension adds support for password expiration. +It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days. +It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin + +Expiration unit is day + +Expiration value for domain is set through Postfix Admin GUI + +# Installation + +Password Expiration is merged with PostfixAdmin - so no additional database changes should be necessary. + + +## Database Fields + + * mailbox.password_expiry - timestamp, when the mailbox password expires. + * domain.password_expiry - default duration for when a password will expire + +Changes in MySQL/MariaDB mailbox table (as defined in `$CONF['database_tables']` from config.inc.php): + +## Changes in Postfix Admin : + +To enable password expiration, add the following to your config.inc.php file: + +`$CONF['password_expiration'] = 'YES';` + +## RoundCube Password Plugin + +If you are using Roundcube's password plugin, you should also adapt the `$config['password_query']` value. + +I recommend to use: + +`$config['password_query'] = 'UPDATE mailbox SET password=%c, modified = now(), password_expiry = now() + interval 90 day';` + +of course, you may adapt to the expiration value to suit. + + +## Changes in Dovecot (adapt if you use another LDA) + +Edit dovecot-mysql.conf file, and replace the user_query (and only this one) to be based on this query: + +``` +password_query = SELECT username as user, password, concat('/var/vmail/', maildir) as userdb_var, concat('maildir:/var/vmail/', maildir) as userdb_mail, 20001 as userdb_uid, 20001 as userdb_gid, m.domain FROM mailbox m, domain d where d.domain = m.domain and m.username = '%u' AND m.active = '1' AND (m.password_expiry > now() or d.password_expiry = 0) +``` + + +Of course, you may require to adapt the uid, gid, maildir and table to your setup. + + +## Changes in system + +You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration. An example is given below. + +Edit the script to adapt the variables to your setup. + +This script is using `postfixadmin.my.cnf` to read credentials, which might look a bit like : + +```ini +[client] +user = me +password = secret +host = hostname +``` + +Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400). + +### Expiration Script + +```bash +#!/bin/bash + +#Adapt to your setup + +POSTFIX_DB="postfixadmin" +MYSQL_CREDENTIALS_FILE="postfixadmin.my.cnf" + [email protected] + +# Change this list to change notification times and when ... +for INTERVAL in 30 14 7 +do + LOWER=$(( $INTERVAL - 1 )) + + QUERY="SELECT username,password_expiry FROM mailbox WHERE password_expiry > now() + interval $LOWER DAY AND password_expiry < NOW() + interval $INTERVAL DAY" + + mysql --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" -B -N -e "$QUERY" | while IFS=$'\t' read -a RESULT ; do + echo -e "Dear User, \n Your password will expire on ${RESULT[1]}" | mail -s "Password 30 days before expiration notication" -r $REPLY_ADDRESS ${RESULT[0]} + done +done + +``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/SECURITY.md new/postfixadmin-postfixadmin-3.3.10/SECURITY.md --- old/postfixadmin-postfixadmin-3.3.9/SECURITY.md 1970-01-01 01:00:00.000000000 +0100 +++ new/postfixadmin-postfixadmin-3.3.10/SECURITY.md 2021-08-09 10:41:35.000000000 +0200 @@ -0,0 +1,23 @@ +# Security Policy + +## Supported Versions + +As of 2021/08 - + +| Version | Supported | +| ------- | ------------------ | +| 'dev' | :x: GitHub 'master' branch, use at own risk! | +| 3.3.x | :white_check_mark: | +| 3.2.x | Security/critical fixes only | +| < 3.2.x | :x: | + +Releases are published at : + + * https://github.com/postfixadmin/postfixadmin/releases + * ocassionally at https://sourceforge.net/projects/postfixadmin/ - sometimes with RPM/DEB packages. + +## Reporting a Vulnerability + +Either message GingerDog or cboltz on the PostfixAdmin libera chat - IRC channel, or email. Email addresses can be found in the 'git' changelog. + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/VIRTUAL_VACATION/vacation.pl new/postfixadmin-postfixadmin-3.3.10/VIRTUAL_VACATION/vacation.pl --- old/postfixadmin-postfixadmin-3.3.9/VIRTUAL_VACATION/vacation.pl 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/VIRTUAL_VACATION/vacation.pl 2021-08-09 10:41:35.000000000 +0200 @@ -56,9 +56,12 @@ # port to connect to; defaults to 25 for non-SSL, 465 for 'ssl', 587 for 'starttls' our $smtp_server_port = 25; +# this is the local address from which to connect +our $smtp_client = 'localhost'; + # this is the helo we [the vacation script] use on connection; you may need to change this to your hostname or something, # depending upon what smtp helo restrictions you have in place within Postfix. -our $smtp_client = 'localhost'; +our $smtp_helo = 'localhost.localdomain'; # send mail encrypted or plaintext # if 'starttls', use STARTTLS; if 'ssl' (or 1), connect securely; otherwise, no security @@ -476,6 +479,7 @@ ssl => $smtp_ssl, timeout => $smtp_timeout, localaddr => $smtp_client, + helo => $smtp_helo, debug => 0, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/common.php new/postfixadmin-postfixadmin-3.3.10/common.php --- old/postfixadmin-postfixadmin-3.3.9/common.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/common.php 2021-08-09 10:41:35.000000000 +0200 @@ -27,6 +27,9 @@ if (empty($_SESSION['flash'])) { $_SESSION['flash'] = array(); } + + // avoid clickjacking attacks? + header('X-Frame-Options: DENY'); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/functions.inc.php new/postfixadmin-postfixadmin-3.3.10/functions.inc.php --- old/postfixadmin-postfixadmin-3.3.9/functions.inc.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/functions.inc.php 2021-08-09 10:41:35.000000000 +0200 @@ -103,7 +103,8 @@ $_SESSION['sessid']['roles'] = array(); $_SESSION['sessid']['roles'][] = $is_admin ? 'admin' : 'user'; $_SESSION['sessid']['username'] = $username; - $_SESSION['PFA_token'] = md5(uniqid("", true)); + + $_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true)); return $status; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/model/Login.php new/postfixadmin-postfixadmin-3.3.10/model/Login.php --- old/postfixadmin-postfixadmin-3.3.9/model/Login.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/model/Login.php 2021-08-09 10:41:35.000000000 +0200 @@ -87,6 +87,31 @@ return false; } + /** + * returns user's domain name + * @param $username + * @return mixed|null + * @throws Exception + */ + protected function getUserDomain($username) { + $sql = "SELECT domain FROM {$this->table} WHERE username = :username AND active = :active"; + + $active = db_get_boolean(true); + + $values = [ + 'username' => $username, + 'active' => $active, + ]; + + // Fetch the domain + $result = db_query_one($sql, $values); + + if (is_array($result) && isset($result['domain'])) { + return $result['domain']; + } else { + return null; + } + } /** * @param string $username @@ -110,6 +135,14 @@ 'password' => pacrypt($new_password), ); + if (Config::bool('password_expiration')) { + $domain = $this->getUserDomain($username); + if (!is_null($domain)) { + $password_expiration_value = (int)get_password_expiration_value($domain); + $set['password_expiry'] = date('Y-m-d H:i', strtotime("+$password_expiration_value day")); + } + } + $result = db_update($this->table, 'username', $username, $set); if ($result != 1) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/model/VacationHandler.php new/postfixadmin-postfixadmin-3.3.10/model/VacationHandler.php --- old/postfixadmin-postfixadmin-3.3.9/model/VacationHandler.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/model/VacationHandler.php 2021-08-09 10:41:35.000000000 +0200 @@ -218,9 +218,15 @@ public function set_away($subject, $body, $interval_time, $activeFrom, $activeUntil) { $this->remove(); // clean out any notifications that might already have been sent. - $E_username = escape_string($this->username); - $activeFrom = date("Y-m-d 00:00:00", strtotime($activeFrom)); # TODO check if result looks like a valid date - $activeUntil = date("Y-m-d 23:59:59", strtotime($activeUntil)); # TODO check if result looks like a valid date + if (preg_match('/^\d{4}-\d{2}-\d{2}$/', $activeFrom)) { + $activeFrom .= ' 00:00:00'; + } + if (preg_match('/^\d{4}-\d{2}-\d{2}$/', $activeUntil)) { + $activeUntil .= ' 23:59:59'; + } + + $activeFrom = date("Y-m-d H:i", strtotime($activeFrom)); # TODO check if result looks like a valid date + $activeUntil = date("Y-m-d H:i", strtotime($activeUntil)); # TODO check if result looks like a valid date list(/*NULL*/, $domain) = explode('@', $this->username); $vacation_data = array( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/public/index.php new/postfixadmin-postfixadmin-3.3.10/public/index.php --- old/postfixadmin-postfixadmin-3.3.9/public/index.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/public/index.php 2021-08-09 10:41:35.000000000 +0200 @@ -42,7 +42,7 @@ <title>Welcome to Postfix Admin</title> </head> <body> - <img id="login_header_logo" src="{$rel_path}images/logo-default.png" /> + <img id="login_header_logo" src="images/logo-default.png" /> <h1>Welcome to Postfix Admin</h1> <h2>What is it?</h2> <p>Postfix Admin is a web based interface to configure and manage a Postfix based email server for many users.</p> @@ -84,7 +84,6 @@ <p>For further help, or documentation please check out - <ul> <li><a href="https://github.com/postfixadmin/postfixadmin";>GitHub - Postfix Admin</a> web site</li> - <li><a href="https://postfixadmin.org";>Postfix Admin</a> web site<br /></li> <li><a href="https://sourceforge.net/forum/forum.php?forum_id=676076";>Knowledge Base</a></li> </ul> </p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/public/setup.php new/postfixadmin-postfixadmin-3.3.10/public/setup.php --- old/postfixadmin-postfixadmin-3.3.9/public/setup.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/public/setup.php 2021-08-09 10:41:35.000000000 +0200 @@ -333,23 +333,28 @@ <h2 class="h2">Database Update</h2> <?php - if ($authenticated) { $db = false; try { $db = db_connect(); } catch (\Exception $e) { - error_log("Couldn't perform PostfixAdmin database update - " . $e->getMessage()); + echo "<p class='h3 text-danger'>Something went wrong while trying to connect to the database. A message should be logged - check PHP's error_log (" . ini_get('error_log') . ')</p>\n'; + error_log("Couldn't perform PostfixAdmin database update - failed to connect to db? " . $e->getMessage() . " Trace: " . $e->getTraceAsString()); } if ($db) { - print "<p>Everything seems fine... attempting to create/update database structure</p>\n"; - require_once(dirname(__FILE__) . '/upgrade.php'); + echo "<p>Everything seems fine... attempting to create/update database structure</p>\n"; + try { + require_once(dirname(__FILE__) . '/upgrade.php'); + } catch (\Exception $e) { + if ($authenticated) { + echo "<p class='h3 text-danger'>Exception message: {$e->getMessage()} - check logs!</p>"; + } + echo "<p class='h3 text-danger'>Something went wrong while trying to apply database updates, a message should be logged - check PHP's error_log (" . ini_get('error_log') . ')</p>\n'; + error_log("Couldn't perform PostfixAdmin database update via upgrade.php - " . $e->getMessage() . " Trace: " . $e->getTraceAsString()); + } } else { echo "<h3 class='h3 text-danger'>Could not connect to database to perform updates; check PHP error log.</h3>"; } - } else { - echo "<h3 class='h3 text-warning'>Please login to see perform database update.</h3>"; - } ?> </div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/public/users/login.php new/postfixadmin-postfixadmin-3.3.10/public/users/login.php --- old/postfixadmin-postfixadmin-3.3.9/public/users/login.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/public/users/login.php 2021-08-09 10:41:35.000000000 +0200 @@ -70,8 +70,7 @@ if ($error) { flash_error($error); } - -$_SESSION['PFA_token'] = md5(uniqid('pfa' . rand(), true)); +$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true)); $smarty->assign('language_selector', language_selector(), false); $smarty->assign('smarty_template', 'login'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/public/vacation.php new/postfixadmin-postfixadmin-3.3.10/public/vacation.php --- old/postfixadmin-postfixadmin-3.3.9/public/vacation.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/public/vacation.php 2021-08-09 10:41:35.000000000 +0200 @@ -154,7 +154,7 @@ if ($action == 'fChange') { - ## check if ActiveUnitl is not back in time, + ## check if ActiveUntil is not back in time, ## because vacation.pl will report SMTP recipient $smtp_recipient which resolves to $email does not have an active vacation (rv: $rv, email: $email)" ## and will not send message diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/public/viewlog.php new/postfixadmin-postfixadmin-3.3.10/public/viewlog.php --- old/postfixadmin-postfixadmin-3.3.9/public/viewlog.php 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/public/viewlog.php 2021-08-09 10:41:35.000000000 +0200 @@ -67,12 +67,24 @@ $table_log = table_by_key('log'); $page_size = isset($CONF['page_size']) ? intval($CONF['page_size']) : 35; - $query = "SELECT timestamp,username,domain,action,data FROM $table_log WHERE domain= :domain ORDER BY timestamp DESC LIMIT $page_size"; + $where = []; + $params = []; + if($fDomain) { + $where[] = 'domain = :domain' ; + $params['domain'] = $fDomain; + } + + $where_sql = ''; + if(!empty($where)) { + $where_sql = 'WHERE ' . implode(' AND ', $where); + } + + $query = "SELECT timestamp,username,domain,action,data FROM $table_log $where_sql ORDER BY timestamp DESC LIMIT $page_size"; if (db_pgsql()) { - $query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain= :domain ORDER BY timestamp DESC LIMIT $page_size"; + $query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log $where_sql ORDER BY timestamp DESC LIMIT $page_size"; } - $result = db_query_all($query, array('domain' => $fDomain)); + $result = db_query_all($query, $params); foreach ($result as $row) { if (is_array($row) && db_pgsql()) { $row['timestamp'] = gmstrftime('%c %Z', $row['timestamp']); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/templates/editform.tpl new/postfixadmin-postfixadmin-3.3.10/templates/editform.tpl --- old/postfixadmin-postfixadmin-3.3.9/templates/editform.tpl 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/templates/editform.tpl 2021-08-09 10:41:35.000000000 +0200 @@ -42,7 +42,7 @@ {html_options output=$struct.{$key}.options values=$struct.{$key}.options selected=$value_{$key}} </select> {elseif $field.type == 'pass' || $field.type == 'b64p'} - <input class="form-control" type="password" name="value[{$key}]"/> + <input class="form-control" type="password" name="value[{$key}]" {if $key == 'password' || $key == 'password2'}autocomplete="new-password"{/if}/> {elseif $field.type == 'txtl'} <textarea class="form-control" rows="10" cols="35" name="value[{$key}]">{foreach key=key2 item=field2 from=$value_{$key}}{$field2} {/foreach}</textarea> {else} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/templates/password-change.tpl new/postfixadmin-postfixadmin-3.3.10/templates/password-change.tpl --- old/postfixadmin-postfixadmin-3.3.9/templates/password-change.tpl 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/templates/password-change.tpl 2021-08-09 10:41:35.000000000 +0200 @@ -29,14 +29,14 @@ <label for="fPassword"> {$PALANG.pPassword_password} </label> - <input class="form-control" type="password" name="fPassword"/> + <input class="form-control" type="password" name="fPassword" autocomplete="new-password"/> </div> <div class="form-group"> <label for="fPassword2"> {$PALANG.pPassword_password2} </label> - <input class="form-control" type="password" name="fPassword2"/> + <input class="form-control" type="password" name="fPassword2" autocomplete="new-password"/> </div> <button class="btn btn-primary" type="submit" name="submit" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/templates/password.tpl new/postfixadmin-postfixadmin-3.3.10/templates/password.tpl --- old/postfixadmin-postfixadmin-3.3.9/templates/password.tpl 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/templates/password.tpl 2021-08-09 10:41:35.000000000 +0200 @@ -17,13 +17,13 @@ <div class="form-group {if $pPassword_password_text}has-error{/if}"> <label class="col-md-4 col-sm-4 control-label" for="fPassword">{$PALANG.pPassword_password}:</label> <div class="col-md-6 col-sm-8"><input class="form-control" type="password" name="fPassword" - id="fPassword"/></div> + id="fPassword" autocomplete="new-password"/></div> <span class="help-block">{$pPassword_password_text}</span> </div> <div class="form-group"> <label class="col-md-4 col-sm-4 control-label" for="fPassword2">{$PALANG.pPassword_password2}:</label> <div class="col-md-6 col-sm-8"><input class="form-control" type="password" name="fPassword2" - id="fPassword2"/></div> + id="fPassword2" autocomplete="new-password"/></div> </div> </div> <div class="panel-footer"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfixadmin-postfixadmin-3.3.9/templates/vacation.tpl new/postfixadmin-postfixadmin-3.3.10/templates/vacation.tpl --- old/postfixadmin-postfixadmin-3.3.9/templates/vacation.tpl 2021-05-12 21:15:30.000000000 +0200 +++ new/postfixadmin-postfixadmin-3.3.10/templates/vacation.tpl 2021-08-09 10:41:35.000000000 +0200 @@ -17,7 +17,7 @@ class="form-control hidden"/> <div class="input-group date" id="datetimepicker-fActiveFrom"> <input type='text' name="fActiveFromForm" id="fActiveFromForm" value="{$tActiveFrom}" - class="form-control" readonly="readonly"/> + class="form-control" /> <span class="input-group-addon"><span class="glyphicon glyphicon-calendar"></span></span> </div> </div> @@ -31,7 +31,7 @@ <div class="input-group date" id="datetimepicker-fActiveUntil"> <input type='text' name="fActiveUntilForm" id="fActiveUntilForm" value="{$tActiveUntil}" - class="form-control" readonly="readonly"/> + class="form-control" /> <span class="input-group-addon"><span class="glyphicon glyphicon-calendar"></span></span> </div> </div>
