From e98a15838d8aed330ac7b1bb373b54524ea2a269 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 01 Aug 2014 05:47:00 -0400
Subject: [PATCH] Improved input validation for settings that are acessible by the admin user.
---
interface/web/sites/form/ftp_user.tform.php | 14 +
interface/lib/classes/validate_systemuser.inc.php | 64 +++++++
interface/web/sites/web_vhost_subdomain_edit.php | 2
interface/web/sites/shell_user_edit.php | 7
interface/web/admin/lib/lang/en_server_config.lng | 50 +++++
interface/web/sites/form/shell_user.tform.php | 14 +
interface/web/sites/ftp_user_edit.php | 8
interface/web/admin/form/server_config.tform.php | 353 +++++++++++++++++++++++++++++----------
8 files changed, 407 insertions(+), 105 deletions(-)
diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php
new file mode 100644
index 0000000..f1bbd2b
--- /dev/null
+++ b/interface/lib/classes/validate_systemuser.inc.php
@@ -0,0 +1,64 @@
+<?php
+
+/*
+Copyright (c) 2014, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class validate_systemuser {
+
+ /*
+ Validator function to check if a given user is ok.
+ */
+ function check_sysuser($field_name, $field_value, $validator) {
+ global $app;
+
+ $errmsg = $validator['errmsg'];
+ $check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false;
+
+ if($app->functions->is_allowed_user(trim(strtolower($field_value)),$check_names) == false) {
+ return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ }
+ }
+
+ /*
+ Validator function to check if a given group is ok.
+ */
+ function check_sysgroup($field_name, $field_value, $validator) {
+ global $app;
+
+ $errmsg = $validator['errmsg'];
+ $check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false;
+
+ if($app->functions->is_allowed_group(trim(strtolower($field_value)),$check_names) == false) {
+ return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ }
+ }
+
+
+
+
+}
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 4fa7179..01ac568 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -167,8 +167,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '/var/backup',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'backup_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'backup_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'backup_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -274,8 +277,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '/home/vmail/[domain]/[localpart]/',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'maildir_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'maildir_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]]{5,128}$/',
+ 'errmsg'=> 'maildir_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -285,8 +291,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '/home/vmail/',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'homedir_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'homedir_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'homedir_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -308,8 +317,11 @@
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '5000',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'mailuser_uid_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'mailuser_uid_error_empty'),
+ 1 => array('type' => 'RANGE',
+ 'range' => '1999:',
+ 'errmsg' => 'mailuser_uid_error_range'),
),
'value' => '',
'width' => '10',
@@ -319,8 +331,11 @@
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '5000',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'mailuser_gid_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'mailuser_gid_error_empty'),
+ 1 => array('type' => 'RANGE',
+ 'range' => '1999:',
+ 'errmsg' => 'mailuser_gid_error_range'),
),
'value' => '',
'width' => '10',
@@ -330,8 +345,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => 'vmail',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'mailuser_name_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'mailuser_name_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(?!ispconfig|root)([a-zA-Z0-9]{1,20})$/',
+ 'errmsg'=> 'mailuser_name_error_regex'),
),
'value' => '',
'width' => '10',
@@ -341,8 +359,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => 'vmail',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'mailuser_group_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'mailuser_group_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(?!ispconfig|root)([a-zA-Z0-9]{1,20})$/',
+ 'errmsg'=> 'mailuser_group_name_error_regex'),
),
'value' => '',
'width' => '10',
@@ -450,8 +471,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'getmail_config_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'getmail_config_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'getmail_config_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -481,8 +505,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'website_basedir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'website_basedir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'website_basedir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -492,8 +519,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'website_path_error_empty'),
+ 'validators' => array( 0 => array( 'type' => 'NOTEMPTY',
+ 'errmsg' => 'website_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]]{5,128}$/',
+ 'errmsg'=> 'website_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -503,8 +533,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'website_symlinks_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'website_symlinks_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]\:]{5,128}$/',
+ 'errmsg'=> 'website_symlinks_error_regex'),
),
'value' => '',
'width' => '40',
@@ -536,8 +569,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'vhost_conf_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'vhost_conf_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'vhost_conf_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -547,8 +583,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'vhost_conf_enabled_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'vhost_conf_enabled_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'vhost_conf_enabled_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -558,8 +597,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'nginx_vhost_conf_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'nginx_vhost_conf_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'nginx_vhost_conf_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -569,8 +611,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'nginx_vhost_conf_enabled_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'nginx_vhost_conf_enabled_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'nginx_vhost_conf_enabled_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -579,6 +624,10 @@
'CA_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'validators' => array( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_\/]{0,128}$/',
+ 'errmsg'=> 'ca_path_error_regex'),
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -678,6 +727,13 @@
'default' => '',
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apache_user_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysuser',
+ 'check_names' => false,
+ 'errmsg' => 'invalid_apache_user_txt'
+ ),
),
'value' => '',
'width' => '40',
@@ -689,6 +745,13 @@
'default' => '',
'validators' => array(0 => array('type' => 'NOTEMPTY',
'errmsg' => 'apache_group_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysgroup',
+ 'check_names' => false,
+ 'errmsg' => 'invalid_apache_group_txt'
+ ),
),
'value' => '',
'width' => '40',
@@ -715,8 +778,15 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'nginx_user_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'nginx_user_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysuser',
+ 'check_names' => false,
+ 'errmsg' => 'invalid_nginx_user_txt'
+ ),
),
'value' => '',
'width' => '40',
@@ -726,8 +796,15 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'nginx_group_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'nginx_group_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysgroup',
+ 'check_names' => false,
+ 'errmsg' => 'invalid_nginx_group_txt'
+ ),
),
'value' => '',
'width' => '40',
@@ -737,8 +814,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_ini_path_apache_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_ini_path_apache_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'php_ini_path_apache_error_regex'),
),
'value' => '',
'width' => '40',
@@ -748,8 +828,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_ini_path_cgi_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_ini_path_cgi_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'php_ini_path_cgi_error_regex'),
),
'value' => '',
'width' => '40',
@@ -759,8 +842,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_fpm_init_script_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_fpm_init_script_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_]{1,128}$/',
+ 'errmsg'=> 'php_fpm_init_script_error_regex'),
),
'value' => '',
'width' => '40',
@@ -770,8 +856,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_fpm_ini_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_fpm_ini_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'php_fpm_ini_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -781,8 +870,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_fpm_pool_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_fpm_pool_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'php_fpm_pool_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -792,7 +884,7 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
+ 'validators' => array(0 => array('type' => 'ISPOSITIVE',
'errmsg' => 'php_fpm_start_port_error_empty'),
),
'value' => '',
@@ -803,8 +895,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_fpm_socket_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_fpm_socket_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'php_fpm_socket_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -814,8 +909,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'php_open_basedir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'php_open_basedir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_\/\]\[\:]{1,}$/',
+ 'errmsg'=> 'php_open_basedir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -825,8 +923,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'nginx_cgi_socket_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'nginx_cgi_socket_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'nginx_cgi_socket_error_regex'),
),
'value' => '',
'width' => '40',
@@ -836,8 +937,8 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'htaccess_allow_override_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'htaccess_allow_override_error_empty'),
),
'value' => '',
'width' => '40',
@@ -884,6 +985,12 @@
'awstats_data_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'awstats_data_dir_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'awstats_data_dir_error_regex'),
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -892,6 +999,12 @@
'awstats_pl' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'awstats_pl_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'awstats_pl_error_regex'),
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -900,6 +1013,12 @@
'awstats_buildstaticpages_pl' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'awstats_buildstaticpages_pl_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'awstats_buildstaticpages_pl_error_regex'),
+ ),
'default' => '',
'value' => '',
'width' => '40',
@@ -923,8 +1042,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'bind_user_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'bind_user_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(?!ispconfig)([a-zA-Z0-9]{1,20})$/',
+ 'errmsg'=> 'invalid_bind_user_txt'),
),
'value' => '',
'width' => '40',
@@ -934,8 +1056,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'bind_group_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'bind_group_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(?!ispconfig)([a-zA-Z0-9]{1,20})$/',
+ 'errmsg'=> 'invalid_bind_group_txt'),
),
'value' => '',
'width' => '40',
@@ -945,8 +1070,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'bind_zonefiles_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'bind_zonefiles_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'bind_zonefiles_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -956,8 +1084,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'named_conf_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'named_conf_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'named_conf_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -967,8 +1098,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'named_conf_local_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'named_conf_local_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'named_conf_local_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -992,8 +1126,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'fastcgi_starter_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'fastcgi_starter_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]]{1,128}$/',
+ 'errmsg'=> 'fastcgi_starter_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1003,8 +1140,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'fastcgi_starter_script_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'fastcgi_starter_script_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'fastcgi_starter_script_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1014,8 +1154,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'fastcgi_alias_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'fastcgi_alias_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'fastcgi_alias_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1025,8 +1168,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'fastcgi_phpini_path_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'fastcgi_phpini_path_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]]{1,128}$/',
+ 'errmsg'=> 'fastcgi_phpini_path_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1036,7 +1182,7 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
+ 'validators' => array(0 => array('type' => 'ISPOSITIVE',
'errmsg' => 'fastcgi_children_error_empty'),
),
'value' => '',
@@ -1061,8 +1207,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'fastcgi_bin_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'fastcgi_bin_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]]{1,128}$/',
+ 'errmsg'=> 'fastcgi_bin_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1095,8 +1244,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'jailkit_chroot_home_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'jailkit_chroot_home_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/\[\]]{1,128}$/',
+ 'errmsg'=> 'jailkit_chroot_home_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1106,8 +1258,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'jailkit_chroot_app_sections_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'jailkit_chroot_app_sections_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\-\_\ ]{1,128}$/',
+ 'errmsg'=> 'jailkit_chroot_app_sections_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1117,8 +1272,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'jailkit_chroot_app_programs_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'jailkit_chroot_app_programs_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_\/\ ]{1,}$/',
+ 'errmsg'=> 'jailkit_chroot_app_programs_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1128,8 +1286,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'jailkit_chroot_cron_programs_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'jailkit_chroot_cron_programs_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\.\-\_\/\ ]{1,}$/',
+ 'errmsg'=> 'jailkit_chroot_cron_programs_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1217,8 +1378,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'vlogger_config_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'vlogger_config_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'vlogger_config_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1244,8 +1408,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'cron_init_script_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'cron_init_script_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-zA-Z0-9\-\_]{1,30}$/',
+ 'errmsg'=> 'cron_init_script_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1255,8 +1422,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'crontab_dir_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'crontab_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'crontab_dir_error_regex'),
),
'value' => '',
'width' => '40',
@@ -1266,8 +1436,11 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
- 'validators' => array(0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'cron_wget_error_empty'),
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'cron_wget_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'cron_wget_error_regex'),
),
'value' => '',
'width' => '40',
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 5ce704d..cc34e05 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -191,4 +191,54 @@
$wb['munin_url_note_txt'] = 'Placeholder:';
$wb['backup_dir_is_mount_txt'] = 'Backup directory is a mount?';
$wb['monitor_system_updates_txt'] = 'Check for Linux updates';
+$wb['invalid_apache_user_txt'] = 'Invalid apache user.';
+$wb['invalid_apache_group_txt'] = 'Invalid apache group.';
+$wb['backup_dir_error_regex'] = 'Invalid backup directory.';
+$wb['maildir_path_error_regex'] = 'Invalid maildir path.';
+$wb['homedir_path_error_regex'] = 'Invalid homedir path.';
+$wb['mailuser_name_error_regex'] = 'Invalid mailuser name.';
+$wb['mailuser_group_name_error_regex'] = 'Invalid mailuser group name.';
+$wb['mailuser_uid_error_range'] = 'Mailuser uid must be >= 2000';
+$wb['mailuser_gid_error_range'] = 'Mailuser gid must be >= 2000';
+$wb['getmail_config_dir_error_regex'] = 'Invalid getmail config directory.';
+$wb['website_basedir_error_regex'] = 'Invalid website basedir.';
+$wb['website_symlinks_error_regex'] = 'Invalid website symlinks.';
+$wb['vhost_conf_dir_error_regex'] = 'Invalid vhost config directory.';
+$wb['vhost_conf_enabled_dir_error_regex'] = 'Invalid vhost conf enabled directory.';
+$wb['nginx_vhost_conf_dir_error_regex'] = 'Invalid nginx config directory.';
+$wb['nginx_vhost_conf_enabled_dir_error_regex'] = 'Invalid nginx conf enabled directory.';
+$wb['ca_path_error_regex'] = 'Invalid CA path.';
+$wb['invalid_nginx_user_txt'] = 'Invalid nginx user.';
+$wb['invalid_nginx_group_txt'] = 'Invalid nginx group.';
+$wb['php_ini_path_apache_error_regex'] = 'Invalid apache php.ini path.';
+$wb['php_ini_path_cgi_error_regex'] = 'Invalid cgi php.ini path.';
+$wb['php_fpm_init_script_error_regex'] = 'Invalid php-fpm init script.';
+$wb['php_fpm_ini_path_error_regex'] = 'Invalid php-fpm ini path.';
+$wb['php_fpm_pool_dir_error_regex'] = 'Invalid php-fpm pool directory.';
+$wb['php_fpm_socket_dir_error_regex'] = 'Invalid php-fpm socket directory.';
+$wb['php_open_basedir_error_regex'] = 'Invalid php open_basedir.';
+$wb['awstats_data_dir_empty'] = 'awstats data directory is empty';
+$wb['awstats_data_dir_error_regex'] = 'Invalid awstats data directory.';
+$wb['awstats_pl_empty'] = 'awstats.pl setting is empty.';
+$wb['awstats_pl_error_regex'] = 'Invalid awstats.pl path.';
+$wb['awstats_buildstaticpages_pl_empty'] = 'awstats_buildstaticpages.pl is empty';
+$wb['awstats_buildstaticpages_pl_error_regex'] = 'Invalid awstats_buildstaticpages.pl path.';
+$wb['invalid_bind_user_txt'] = 'Invalid BIND user.';
+$wb['invalid_bind_group_txt'] = 'Invalid BIND group.';
+$wb['bind_zonefiles_dir_error_regex'] = 'Invalid BIND zonefiles directory.';
+$wb['named_conf_path_error_regex'] = 'Invalid named.conf path.';
+$wb['named_conf_local_path_error_regex'] = 'Invalid named.conf.local path.';
+$wb['fastcgi_starter_path_error_regex'] = 'Invalid fastcgi starter path.';
+$wb['fastcgi_starter_script_error_regex'] = 'Invalid fastcgi starter script.';
+$wb['fastcgi_alias_error_regex'] = 'Invalid fastcgi alias.';
+$wb['fastcgi_phpini_path_error_regex'] = 'Invalid fastcgi path.';
+$wb['fastcgi_bin_error_regex'] = 'Invalid fastcgi bin.';
+$wb['jailkit_chroot_home_error_regex'] = 'Invalid jaikit chroot home.';
+$wb['jailkit_chroot_app_sections_error_regex'] = 'Invalid jaikit chroot sections.';
+$wb['jailkit_chroot_app_programs_error_regex'] = 'Invalid jaikit chroot app programs.';
+$wb['jailkit_chroot_cron_programs_error_regex'] = 'Invalid jaikit chroot cron programs.';
+$wb['vlogger_config_dir_error_regex'] = 'Invalid vlogger config dir.';
+$wb['cron_init_script_error_regex'] = 'Invalid cron init script.';
+$wb['crontab_dir_error_regex'] = 'Invalid crontab directory.';
+$wb['cron_wget_error_regex'] = 'Invalid cron wget path.';
?>
diff --git a/interface/web/sites/form/ftp_user.tform.php b/interface/web/sites/form/ftp_user.tform.php
index f328f7f..ef11b60 100644
--- a/interface/web/sites/form/ftp_user.tform.php
+++ b/interface/web/sites/form/ftp_user.tform.php
@@ -166,6 +166,13 @@
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysuser',
+ 'check_names' => true,
+ 'errmsg' => 'invalid_system_user_or_group_txt'
+ ),
),
'default' => '0',
'value' => '',
@@ -177,6 +184,13 @@
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'gid_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysgroup',
+ 'check_names' => true,
+ 'errmsg' => 'invalid_system_user_or_group_txt'
+ ),
),
'default' => '0',
'value' => '',
diff --git a/interface/web/sites/form/shell_user.tform.php b/interface/web/sites/form/shell_user.tform.php
index d8df458..062ed6e 100644
--- a/interface/web/sites/form/shell_user.tform.php
+++ b/interface/web/sites/form/shell_user.tform.php
@@ -177,6 +177,13 @@
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysuser',
+ 'check_names' => true,
+ 'errmsg' => 'invalid_system_user_or_group_txt'
+ ),
),
'default' => '0',
'value' => '',
@@ -188,6 +195,13 @@
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
+ 1 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_systemuser',
+ 'function' => 'check_sysgroup',
+ 'check_names' => true,
+ 'errmsg' => 'invalid_system_user_or_group_txt'
+ ),
),
'default' => '0',
'value' => '',
diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php
index edf47a3..ba695e0 100644
--- a/interface/web/sites/ftp_user_edit.php
+++ b/interface/web/sites/ftp_user_edit.php
@@ -154,14 +154,6 @@
function onBeforeUpdate() {
global $app, $conf, $interfaceConf;
-
- // Check system user and group
- if(isset($this->dataRecord['uid'])) {
- if($app->functions->is_allowed_user(strtolower($this->dataRecord['uid']),true) == false || $app->functions->is_allowed_group(strtolower($this->dataRecord['gid']),true) == false) {
- $app->tform->errorMessage .= $app->tform->lng('invalid_system_user_or_group_txt');
- }
- }
-
/*
* If the names should be restricted -> do it!
*/
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index 9731889..f301139 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -190,13 +190,6 @@
}
}
unset($blacklist);
-
- // Check system user and group
- if(isset($this->dataRecord['puser'])) {
- if($app->functions->is_allowed_user(strtolower($this->dataRecord['puser']),true) == false || $app->functions->is_allowed_group(strtolower($this->dataRecord['pgroup']),true) == false) {
- $app->tform->errorMessage .= $app->tform->lng('invalid_system_user_or_group_txt');
- }
- }
/*
* If the names should be restricted -> do it!
diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index 37359a2..ef1fc4c 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -341,6 +341,8 @@
$this->dataRecord["ipv6_address"] = $parent_domain["ipv6_address"];
$this->dataRecord["client_group_id"] = $parent_domain["client_group_id"];
$this->dataRecord["vhost_type"] = 'name';
+ $this->dataRecord["system_user"] = $parent_domain["system_user"];
+ $this->dataRecord["system_group"] = $parent_domain["system_group"];
$this->parent_domain_record = $parent_domain;
--
Gitblit v1.9.1