ISPConfig3 devel
parent: 7d9346a9 | patch | commit | ignore whitespace
Till Brehm
2014-08-01 15687e27652852fa205f9e0d5de245bb9a44a618 
Fixed some errors in user check of apache and nginx plugin.
3 files modified
28 ■■■■ changed files
interface/lib/classes/functions.inc.php 4 ●●●● patch | view | raw | blame | history
server/lib/classes/system.inc.php 18 ●●●● patch | view | raw | blame | history
server/plugins-available/apache2_plugin.inc.php 6 ●●●● patch | view | raw | blame | history 
 interface/lib/classes/functions.inc.php


@@ -430,7 +430,7 @@


        $name_blacklist = array('root','ispconfig','vmail','getmail');


        if(in_array($username,$name_blacklist)) return false;


        


        if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;


        if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;


        


        if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;


        


@@ -443,7 +443,7 @@


        $name_blacklist = array('root','ispconfig','vmail','getmail');


        if(in_array($groupname,$name_blacklist)) return false;


        


        if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;


        if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;


        


        if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;


        




 server/lib/classes/system.inc.php


@@ -1824,7 +1824,7 @@


        $name_blacklist = array('root','ispconfig','vmail','getmail');


        if(in_array($username,$name_blacklist)) return false;


        


        if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;


        if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;


        


        if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;


        


@@ -1833,18 +1833,18 @@


        return true;


    }


    


    public function is_allowed_group($groupname, $restrict_names = false) {


    public function is_allowed_group($groupname, $check_id = true, $restrict_names = false) {


        global $app;


		


        echo 1;


        $name_blacklist = array('root','ispconfig','vmail','getmail');


        if(in_array($groupname,$name_blacklist)) return false;


		


        if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;


		


        if(intval($this->getgid($groupname)) < $this->min_gid) return false;


		


        echo 2;


        if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;


        echo 3;


        if($check_id && intval($this->getgid($groupname)) < $this->min_gid) return false;


        echo 4;


        if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;


		


        echo 5;


        return true;


    }


    




 server/plugins-available/apache2_plugin.inc.php


@@ -344,9 +344,9 @@


            if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);


            return 0;


        }


        if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)


            || !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {


            $app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);


        if($app->system->is_allowed_user($data['new']['system_user'], $app->system->is_user($data['new']['system_user']), true) == false


            || $app->system->is_allowed_group($data['new']['system_group'], $app->system->is_group($data['new']['system_group']), true) == false) {


            $app->log('Websites cannot be owned by the root user or group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);


            return 0;


        }


        if(trim($data['new']['domain']) == '') {