CAcert Code Development list.

[Michael Tänzer <michael.taenzer AT cacert.org>]

Hi folks,

We have a fix for https://bugs.cacert.org/view.php?id=789
"Editing domain for organisations does not work"

The fix was reviewed by Dirk Astrath (dastrath) and me (NEOatNHNG) and
tested by Ulrich Schröter (Uli60), Marcus Mängel (INOPIAE) and JensK.

Diff is attached. Please also run the locale makefile so that our
translators see the new strings (if present) on
https://translations.cacert.org and new translations get imported into
the system.

Changed files:
includes/account.php
pages/account/29.php
pages/account/30.php


-- 
Have a nice day,
Michael Tänzer
diff --git a/includes/account.php b/includes/account.php
index 24c61d8..e64f360 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2138,9 +2138,9 @@
 
 	if($oldid == 29 && $process != "")
 	{
-		$domain = mysql_real_escape_string(stripslashes(trim($domainname)));
+		$domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
 
-		$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
+		$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
 		$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
 		if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
 		{
@@ -2150,12 +2150,12 @@
 		}
 	}
 
-	if(($oldid == 29 || $oldid == 30) && $process != _("Cancel"))
+	if(($oldid == 29 || $oldid == 30) && $process != "")      // _("Cancel") is handled in front of account.php
 	{
 		$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
 				`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
 				`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
-				`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+				`orgdomains`.`id`='".intval($domid)."'";
 		$res = mysql_query($query);
 		while($row = mysql_fetch_assoc($res))
 			mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
@@ -2163,7 +2163,7 @@
 		$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
 				`orgemaillink`.`domid`=`orgdomains`.`id` and
 				`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
-				`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+				`orgdomains`.`id`='".intval($domid)."'";
 		$res = mysql_query($query);
 		while($row = mysql_fetch_assoc($res))
 			mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
@@ -2171,23 +2171,23 @@
 
 	if($oldid == 29 && $process != "")
 	{
-		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
-		mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
+		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+		mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
 		showheader(_("My CAcert.org Account!"));
 		printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
-		echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+		echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
 		showfooter();
 		exit;
 	}
 
 	if($oldid == 30 && $process != "")
 	{
-		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
+		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
 		$domain = $row['domain'];
-		mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
+		mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
 		showheader(_("My CAcert.org Account!"));
 		printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
-		echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+		echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
 		showfooter();
 		exit;
 	}
@@ -2960,6 +2960,4 @@
 		$_SESSION['_config']['orgid'] = intval($orgid);
 	if(intval($memid) > 0)
 		$_SESSION['_config']['memid'] = intval($memid);
-	if(intval($domid) > 0)
-		$_SESSION['_config']['domid'] = intval($domid);
 ?>
diff --git a/pages/account/29.php b/pages/account/29.php
index c1a3def..4229b3b 100644
--- a/pages/account/29.php
+++ b/pages/account/29.php
@@ -35,10 +35,12 @@
     <td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td>
   </tr>
   <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+    <td class="DataTD"><input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
+    <td class="DataTD"><input type="submit" name="process" value="<?=_("Update")?>"></td>
   </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=intval($id)?>">
 <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
 
 </form>
diff --git a/pages/account/30.php b/pages/account/30.php
index 30c86f3..0c7d337 100644
--- a/pages/account/30.php
+++ b/pages/account/30.php
@@ -41,5 +41,6 @@
 <input type="hidden" name="oldid" value="<?=intval($id)?>">
 <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
 <input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>">
+<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
 
 </form>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature