From 8d1b1f1017502c63751d7741df7240d4dd20027e Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 20 Aug 2012 07:37:01 -0400
Subject: [PATCH] Added web_folder name check for reserved names and already taken names FS#1993 - Creating Subdomains as VirtualHost

---
 interface/web/sites/web_vhost_subdomain_edit.php |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index afe8c38..a5866c8 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -245,7 +245,16 @@
 		$this->parent_domain_record = $parent_domain;
         
         $read_limits = array('limit_cgi', 'limit_ssi', 'limit_perl', 'limit_ruby', 'limit_python', 'force_suexec', 'limit_hterror', 'limit_wildcard', 'limit_ssl');
-
+        $this->dataRecord['web_folder'] = strtolower($this->dataRecord['web_folder']);
+        $forbidden_folders = array('', 'cgi-bin', 'web', 'log', 'private', 'ssl', 'tmp', 'webdav');
+        if(in_array($this->dataRecord['web_folder'], $forbidden_folders) || preg_match('/^log_web\d+$/', $this->dataRecord['web_folder'])) {
+            $app->tform->errorMessage .= $app->tform->lng("web_folder_invalid_txt")."<br>";
+        }
+        // check for duplicate folder usage
+        $check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain' AND `parent_domain_id` = '" . intval($this->dataRecord['parent_domain_id']) . "' AND `web_folder` = '" . $app->db->quote($this->dataRecord['web_folder']) . "'");
+        if($check && $check['cnt'] > 0) {
+            $app->tform->errorMessage .= $app->tform->lng("web_folder_unique_txt")."<br>";
+        }
 
 		if($_SESSION["s"]["user"]["typ"] != 'admin') {
 			// Get the limits of the client

--
Gitblit v1.9.1