gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: bd0845d9 | patch | commit | ignore whitespace

- Fixed: Needed permission check of parent domain (folder)

mcramer

2013-08-06 daeda679cdab5a18d0d57ff177f1152ceaad706e

- Fixed: Needed permission check of parent domain (folder)

10 files modified

	interface/web/sites/cron_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_edit.php	5 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/ftp_user_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/shell_user_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_aliasdomain_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_folder_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_folder_user_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_subdomain_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_vhost_subdomain_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/webdav_user_edit.php	3 ●●●●● patch \| view \| raw \| blame \| history

 interface/web/sites/cron_edit.php

@@ -104,7 +104,8 @@
        }
        
        // Get the record of the parent domain
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        // Set fixed values
        $this->dataRecord["server_id"] = $parent_domain["server_id"];

 interface/web/sites/database_edit.php

@@ -136,6 +136,9 @@
    function onSubmit() {
        global $app, $conf;

        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
@@ -186,7 +189,7 @@
    function onBeforeUpdate() {
        global $app, $conf, $interfaceConf;

        //* Site shell not be empty
        //* Site shall not be empty
        if($this->dataRecord['parent_domain_id'] == 0) $app->tform->errorMessage .= $app->tform->lng("database_site_error_empty").'<br />';
        
        //* Get the database name and database user prefix

 interface/web/sites/ftp_user_edit.php

@@ -91,7 +91,8 @@
        global $app, $conf;
        
        // Get the record of the parent domain
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        // Set a few fixed values
        $this->dataRecord["server_id"] = $parent_domain["server_id"];

 interface/web/sites/shell_user_edit.php

@@ -99,7 +99,8 @@
        global $app, $conf;
        
        // Get the record of the parent domain
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        // Set a few fixed values
        $this->dataRecord["server_id"] = $parent_domain["server_id"];

 interface/web/sites/web_aliasdomain_edit.php

@@ -143,7 +143,8 @@
        }
        
        // Get the record of the parent domain
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        // Set a few fixed values
        $this->dataRecord["type"] = 'alias';

 interface/web/sites/web_folder_edit.php

@@ -55,7 +55,8 @@
        global $app, $conf;
        
        // Get the record of the parent domain
        $parent_domain = $app->db->queryOneRecord("select server_id FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        // Set a few fixed values
        $this->dataRecord["server_id"] = $parent_domain["server_id"];

 interface/web/sites/web_folder_user_edit.php

@@ -55,7 +55,8 @@
        global $app, $conf;
        
        // Get the record of the parent domain
        $folder = $app->db->queryOneRecord("select server_id FROM web_folder WHERE web_folder_id = ".$app->functions->intval(@$this->dataRecord["web_folder_id"]));
        $folder = $app->db->queryOneRecord("select * FROM web_folder WHERE web_folder_id = ".$app->functions->intval(@$this->dataRecord["web_folder_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$folder || $folder['web_folder_id'] != @$this->dataRecord['web_folder_id']) $app->tform->errorMessage .= $app->tform->lng("no_folder_perm"););
        
        // Set a few fixed values
        $this->dataRecord["server_id"] = $folder["server_id"];

 interface/web/sites/web_subdomain_edit.php

@@ -132,7 +132,8 @@
        global $app, $conf;
        
        // Get the record of the parent domain
        $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
        
        $app->uses('ini_parser,getconf');
        $settings = $app->getconf->get_global_config('domains');

 interface/web/sites/web_vhost_subdomain_edit.php

@@ -321,7 +321,8 @@
            unset($tmp);
        }
        
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

        // Set a few fixed values
        $this->dataRecord["type"] = 'vhostsubdomain';

 interface/web/sites/webdav_user_edit.php

@@ -98,7 +98,8 @@
        global $app, $conf;

        /* Get the record of the parent domain */
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

        /*
         * Set a few fixed values

			@@ -104,7 +104,8 @@
			}

			// Get the record of the parent domain
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set fixed values
			$this->dataRecord["server_id"] = $parent_domain["server_id"];

			@@ -136,6 +136,9 @@
			function onSubmit() {
			global $app, $conf;

			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			if($_SESSION["s"]["user"]["typ"] != 'admin') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			@@ -186,7 +189,7 @@
			function onBeforeUpdate() {
			global $app, $conf, $interfaceConf;

			//* Site shell not be empty
			//* Site shall not be empty
			if($this->dataRecord['parent_domain_id'] == 0) $app->tform->errorMessage .= $app->tform->lng("database_site_error_empty").'<br />';

			//* Get the database name and database user prefix

			@@ -91,7 +91,8 @@
			global $app, $conf;

			// Get the record of the parent domain
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set a few fixed values
			$this->dataRecord["server_id"] = $parent_domain["server_id"];

			@@ -99,7 +99,8 @@
			global $app, $conf;

			// Get the record of the parent domain
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set a few fixed values
			$this->dataRecord["server_id"] = $parent_domain["server_id"];

			@@ -143,7 +143,8 @@
			}

			// Get the record of the parent domain
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set a few fixed values
			$this->dataRecord["type"] = 'alias';

			@@ -55,7 +55,8 @@
			global $app, $conf;

			// Get the record of the parent domain
			$parent_domain = $app->db->queryOneRecord("select server_id FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set a few fixed values
			$this->dataRecord["server_id"] = $parent_domain["server_id"];

			@@ -132,7 +132,8 @@
			global $app, $conf;

			// Get the record of the parent domain
			$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			$app->uses('ini_parser,getconf');
			$settings = $app->getconf->get_global_config('domains');

			@@ -321,7 +321,8 @@
			unset($tmp);
			}

			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set a few fixed values
			$this->dataRecord["type"] = 'vhostsubdomain';

			@@ -98,7 +98,8 @@
			global $app, $conf;

			/* Get the record of the parent domain */
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			/*
			* Set a few fixed values