Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 28th May 2013, 09:00
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Default

Quote:
Originally Posted by till View Post
There is no api function availbale for that. The places were we use such conversions (e.g. web statistics) it is hard coded. Its a good idea to add it as a filter in the next version.
For testing, I'm trying to add this :
Code:
function filterField($field_name, $field_value, $filters, $filter_event) {

                        global $app;
                        $returnval = $field_value;

                        //* Loop trough all filters
                        foreach($filters as $filter) {
                                if($filter['event'] == $filter_event) {
                                        switch ($filter['type']) {
                                                case 'TOLOWER':
                                                        $returnval = strtolower($returnval);
                                                break;
                                                case 'TOUPPER':
                                                        $returnval = strtoupper($returnval);
                                                break;
                                                case 'IDNTOASCII':
                                                        $returnval = $app->functions->idn_encode($returnval);
                                                break;
                                                case 'IDNTOUTF8':
                                                        $returnval = $app->functions->idn_decode($returnval);
                                                break;
                                                case 'FORMATED_BYTES':
                                                        $unit = array('Bytes', 'KB', 'MB', 'GB', 'TB');
                                                        $returnval= @round($value/pow(1024, ($i = floor(log($returnval, 1024)))), 2).' '.$unit[$i];
                                                //   In the next try, will implement this on the functions class ..   
                                               // $returnval = $app->functions->convertSize($returnval);
                                                break;          
                                                default:
                                                        $this->errorMessage .= "Unknown Filter: ".$filter['type'];
                                                break;

                                        }
                                }
                        }
            return $returnval;
        }
on the tform.inc files ..
And on the tfrom file module :
Code:
'filters'   => array( 0 => array( 'event' => 'SHOW',
                                              'type' => 'FORMATED_BYTES')
											  ),
but no lucky, not working.. Is we forget something else ?

Last edited by remy74; 28th May 2013 at 10:03.
Reply With Quote
Sponsored Links
  #12  
Old 28th May 2013, 10:07
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

Ok it's working, implement this on functions.inc.php (before the last '}' of the file) :

Code:
	public function formatBytes($size, $precision = 2) {
        $base=log($size)/log(1024);
        $suffixes=array('','k','M','G','T');
        return round(pow(1024,$base-floor($base)),$precision).$suffixes[floor($base)];	
        
		}
And on tform.inc.php :
Code:
       function filterField($field_name, $field_value, $filters, $filter_event) {

			global $app;
			$returnval = $field_value;
				
			//* Loop trough all filters
			foreach($filters as $filter) {
				if($filter['event'] == $filter_event) {
					switch ($filter['type']) {
						case 'TOLOWER':
							$returnval = strtolower($returnval);
						break;
						case 'TOUPPER':
							$returnval = strtoupper($returnval);
						break;
						case 'IDNTOASCII':
							$returnval = $app->functions->idn_encode($returnval);
						break;
						case 'IDNTOUTF8':
							$returnval = $app->functions->idn_decode($returnval);
						break;
						case 'BYTES':
                                                // format the value for bytes, return a TEXT / VARCHAR, not integer !
							$returnval = $app->functions->formatBytes($returnval);
						break;	
						default:
							$this->errorMessage .= "Unknown Filter: ".$filter['type'];
						break;
						
					}
				}
			}
            return $returnval;
        }
Maybe this will help someone else.
Reply With Quote
The Following 2 Users Say Thank You to remy74 For This Useful Post:
florian030 (28th May 2013), till (28th May 2013)
  #13  
Old 28th May 2013, 14:11
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 233
Thanks: 8
Thanked 64 Times in 55 Posts
Default

Quote:
Thanks for your answer, but what do you mean about this ?
Do you said that you have implement this ?
Not reallay - it´s implemented in cron_daily.php but not as an api-function (btw: thanks for writing the patch).

I only posted my code as it allows to define the precision.
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
The Following User Says Thank You to florian030 For This Useful Post:
remy74 (29th May 2013)
  #14  
Old 28th May 2013, 15:41
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Default

Quote:
Originally Posted by florian030 View Post
Not reallay - it´s implemented in cron_daily.php but not as an api-function (btw: thanks for writing the patch).

I only posted my code as it allows to define the precision.
Ok, thanks for your reply. It's real simple patch, and it's working for me because only used for "SHOW" events not "SAVE".
So the patch is not complete (I think..)
When I will have time, will try to see the other event..
Reply With Quote
  #15  
Old 29th May 2013, 08:20
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Good work, seems to be an interesting plugin.

But...

Quote:
Originally Posted by remy74 View Post
Dear All,

Is there a way for doing that ?
like that :

Code:
$liste["name"] 				= "Exchange_details";
// Database table
$liste["table"] 			        = "AD_MY_TABLE";
$liste["where"] 			= "columns='" .  $_REQUEST['id']  ."'";
Eventhough this was just sample code, would you mind validating and escaping all external input, e.g. here to validate $_REQUEST['id'] for beein just numbers or characters what ever will be the right syntax, and if the valid charset could lead to sql injection or similar, you should escape it additionally.
Btw this should happen for all data that you can not control, in this case also for data you gather from and to the exchange side.
Reply With Quote
The Following User Says Thank You to Ben For This Useful Post:
remy74 (29th May 2013)
  #16  
Old 29th May 2013, 08:29
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

Quote:
Originally Posted by Ben View Post
Good work, seems to be an interesting plugin.

But...



Eventhough this was just sample code, would you mind validating and escaping all external input, e.g. here to validate $_REQUEST['id'] for beein just numbers or characters what ever will be the right syntax, and if the valid charset could lead to sql injection or similar, you should escape it additionally.
Btw this should happen for all data that you can not control, in this case also for data you gather from and to the exchange side.
Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.

We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.
Reply With Quote
  #17  
Old 29th May 2013, 08:38
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Quote:
Originally Posted by remy74 View Post
Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.

We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.
Good to read. If there is code ready, just provide a link where to look at it.

@Falko / Till: There isn't a kind of security best practices in context of ISPConfig3 module development, so that not every interested developer needs to read all the OWASP stuff totally as probably some of those issues are solve by helper functions. So the dev' "just" needs to unterstand the issue and why to use such helpers.
Reply With Quote
The Following User Says Thank You to Ben For This Useful Post:
remy74 (29th May 2013)
  #18  
Old 29th May 2013, 14:39
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

Hi all,
I have another question about "validators".

At what time does they operate ?
For example :

We use the beforeUpdate to set others SQL, and we use $app->tform->getDataRecord($this->id) to get old informations and compare it to the new to be sure that we need to update it or not.

We have also put some validator on all forms, but the validators returns errors on update (I guess).

But if we try this way, when validators returns errors, the beforeUpdate was already called. And if we use AfterUpdate, the old Data is = new data..

Do we can check with other way the old / new data ? or do we have an option to check all validators beforeUpdate ?

Hope this is clear for who reading this...

For information, the module is in multiple parts :

- Windows service
=> read / write ActiveDirectory / Set Exchange Command
=> read / write to mysql

- ISPConfig module
=> read / write mysql using ISPConfig Class
=> read/ write to others mysql using custom query for command to Windows Service. (with sys_group, sys_userid etc..)


Thanks all in advance
Reply With Quote
  #19  
Old 29th May 2013, 15:12
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

In fact, we just need to knows if there is a simple function to track which data was modified, after they are validate.
Reply With Quote
  #20  
Old 29th May 2013, 15:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
 
Default

Quote:
Originally Posted by remy74 View Post
In fact, we just need to knows if there is a simple function to track which data was modified, after they are validate.
The data si saved in the onUpdateSave function of the tform_actions class. You can either completely override that function in case you want to store data in another source like a file, ldap or similar instaed of mysql or you override it and call the parent function after you executed your custom code.

Example:

Code:
myform extends tform_actions {

function onUpdateSave($sql) {

... do something ...

parent::onUpdateSave($sql);

}


}
if you want to get the changes of a record, use the diffrec function of the mysql library. This function is used by ispconfig to detect which differences have to be saved into the sys_datalog for processing on the server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 29th May 2013 at 15:22.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
remy74 (29th May 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freeradius and Mysql uvstudios HOWTO-Related Questions 4 19th February 2014 12:11
Proftpd + MySQL virtual users, can't connect geekman HOWTO-Related Questions 28 27th September 2010 18:03
FreeRadius + MySQL working, but I don't know how to customise SQL queries awe Installation/Configuration 4 4th April 2010 23:28
ffmpeg Video support for ubuntu 7.10 [suphp-ispconfig] amaurib Installation/Configuration 13 16th February 2010 17:26
Webmin docs missing namit Server Operation 11 5th January 2006 09:51


All times are GMT +2. The time now is 23:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.