tbrehm
2012-04-04 217b8d78eef89fea9b3fd8adcea32f66934f898a
Fixed: FS#2157 - Add new Webdav user" can chmod and chown entire server from client interface
2 files modified
6 ■■■■ changed files
interface/web/sites/lib/lang/en_webdav_user.lng 2 ●●●●● patch | view | raw | blame | history
interface/web/sites/webdav_user_edit.php 4 ●●● patch | view | raw | blame | history
interface/web/sites/lib/lang/en_webdav_user.lng
@@ -13,4 +13,6 @@
$wb["directory_error_empty"] = 'Directory empty.';
$wb["parent_domain_id_error_empty"] = 'No website selected.';
$wb['password_strength_txt'] = 'Password strength';
$wb['dir_dot_error'] = 'No .. in path allowed.';
$wb['dir_slashdot_error'] = 'No ./ in path allowed.';
?>
interface/web/sites/webdav_user_edit.php
@@ -114,7 +114,9 @@
         */
        if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />';
        if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />';
        if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />';
        if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'./')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />';
        parent::onSubmit();
    }