gitlabFork/ISPConfig3.git - Solinfo Gitblit

- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

commit \| author \| age
e98a15	1	<?php
TB	2
	3	/*
	4	Copyright (c) 2014, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class validate_systemuser {
e23c47	32
TB	33	function get_error($errmsg) {
	34	global $app;
	35
	36	if(isset($app->tform->wordbook[$errmsg])) {
	37	return $app->tform->wordbook[$errmsg]."<br>\r\n";
	38	} else {
	39	return $errmsg."<br>\r\n";
	40	}
	41	}
e98a15	42
TB	43	/*
	44	Validator function to check if a given user is ok.
	45	*/
	46	function check_sysuser($field_name, $field_value, $validator) {
	47	global $app;
	48
e23c47	49	//* Skip Test if we have the placeholder input of the remote APi for the web_domain system_user field here.
TB	50	if($field_name == 'system_user' && $field_value == '-') return '';
	51
	52	//* Check the input
e98a15	53	$errmsg = $validator['errmsg'];
TB	54	$check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false;
	55
	56	if($app->functions->is_allowed_user(trim(strtolower($field_value)),$check_names) == false) {
e23c47	57	return $this->get_error($errmsg);
e98a15	58	}
TB	59	}
	60
	61	/*
	62	Validator function to check if a given group is ok.
	63	*/
	64	function check_sysgroup($field_name, $field_value, $validator) {
	65	global $app;
	66
e23c47	67	//* Skip Test if we have the placeholder input of the remote APi for the web_domain system_group field here.
TB	68	if($field_name == 'system_group' && $field_value == '-') return '';
	69
e98a15	70	$errmsg = $validator['errmsg'];
TB	71	$check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false;
	72
	73	if($app->functions->is_allowed_group(trim(strtolower($field_value)),$check_names) == false) {
e23c47	74	return $this->get_error($errmsg);
e98a15	75	}
TB	76	}
	77
9edea9	78	/*
TB	79	Validator function to check if a given dir is ok.
	80	*/
	81	function shelluser_dir($field_name, $field_value, $validator) {
	82	global $app;
e23c47	83
TB	84	$primary_id = (isset($app->tform->primary_id) && $app->tform->primary_id > 0)?$app->tform->primary_id:$app->remoting_lib->primary_id;
	85	$primary_id = $app->functions->intval($primary_id);
	86
	87	if($primary_id == 0 && !isset($app->remoting_lib->dataRecord['parent_domain_id'])) {
9edea9	88	$errmsg = $validator['errmsg'];
TB	89	if(isset($app->tform->wordbook[$errmsg])) {
	90	return $app->tform->wordbook[$errmsg]."<br>\r\n";
	91	} else {
	92	return $errmsg."<br>\r\n";
	93	}
	94	}
	95
e23c47	96	if($primary_id > 0) {
TB	97	//* get parent_domain_id from website
cc7a82	98	$shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);
e23c47	99	if(!is_array($shell_data) \|\| $shell_data["parent_domain_id"] < 1) {
TB	100	$errmsg = $validator['errmsg'];
	101	if(isset($app->tform->wordbook[$errmsg])) {
	102	return $app->tform->wordbook[$errmsg]."<br>\r\n";
	103	} else {
	104	return $errmsg."<br>\r\n";
	105	}
9edea9	106	} else {
e23c47	107	$parent_domain_id = $shell_data["parent_domain_id"];
9edea9	108	}
e23c47	109	} else {
TB	110	//* get parent_domain_id from dataRecord when we have a insert operation trough remote API
	111	$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
9edea9	112	}
TB	113
cc7a82	114	$domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
9edea9	115	if(!is_array($domain_data) \|\| $domain_data["domain_id"] < 1) {
TB	116	$errmsg = $validator['errmsg'];
	117	if(isset($app->tform->wordbook[$errmsg])) {
	118	return $app->tform->wordbook[$errmsg]."<br>\r\n";
	119	} else {
	120	return $errmsg."<br>\r\n";
	121	}
	122	}
	123
	124	$doc_root = $domain_data["document_root"];
	125	$is_ok = false;
	126	if($doc_root == $field_value) $is_ok = true;
	127
	128	$doc_root .= "/";
	129	if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
	130
	131	if(stristr($field_value, '..') or stristr($field_value, './') or stristr($field_value, '/.')) $is_ok = false;
	132
	133	//* Final check if docroot path of website is >= 5 chars
	134	if(strlen($doc_root) < 5) $is_ok = false;
	135
	136	if($is_ok == false) {
	137	$errmsg = $validator['errmsg'];
	138	if(isset($app->tform->wordbook[$errmsg])) {
	139	return $app->tform->wordbook[$errmsg]."<br>\r\n";
	140	} else {
	141	return $errmsg."<br>\r\n";
	142	}
	143	}
	144	}
e98a15	145
TB	146	}