From 42539643c396f9d8865dcf9a51b13dc869709d16 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Wed, 13 Aug 2014 07:16:50 -0400 Subject: [PATCH] Merge remote-tracking branch 'ispc/stable-3.0.5' into stable-3.0.5 --- interface/web/sites/shell_user_edit.php | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php index 3c72a5f..f301139 100644 --- a/interface/web/sites/shell_user_edit.php +++ b/interface/web/sites/shell_user_edit.php @@ -135,6 +135,8 @@ } } unset($blacklist); + + if($app->functions->is_allowed_user(trim(strtolower($this->dataRecord['username']))) == false) $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt'); /* * If the names should be restricted -> do it! @@ -163,6 +165,11 @@ $dir = $app->db->quote($web["document_root"]); $uid = $app->db->quote($web["system_user"]); $gid = $app->db->quote($web["system_group"]); + + // Check system user and group + if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) { + $app->error($app->tform->lng('invalid_system_user_or_group_txt')); + } // The FTP user shall be owned by the same group then the website $sys_groupid = $app->functions->intval($web['sys_groupid']); -- Gitblit v1.9.1