ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Falko Timme
2013-10-22 391e05cbee6ff84bce60b665be60b4e5f049ee7f 
 interface/web/sites/ftp_user_edit.php


@@ -91,7 +91,15 @@


      global $app, $conf;


      


      // Get the record of the parent domain


      $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));


      if(isset($this->dataRecord["parent_domain_id"])) {


         $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


         if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


      } else {


         $tmp = $app->tform->getDataRecord($this->id);


         $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


         if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


         unset($tmp);


      }


      


      // Set a few fixed values


      $this->dataRecord["server_id"] = $parent_domain["server_id"];


@@ -177,6 +185,23 @@


         $app->db->query($sql);


      }


      


      //* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user


      if(isset($this->dataRecord['dir']) && $this->dataRecord['dir'] != $this->oldDataRecord['dir'] && !$app->auth->is_admin()) {


         $vd = new validate_ftpuser;


         $error_message = $vd->ftp_dir('dir', $this->dataRecord['dir'], '');


         //* This check should normally never be triggered


         //* Set the path to a safe path (web doc root).


         if($error_message != '') {


            $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"]));


            $dir = $web["document_root"];


            $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id;


            $app->db->query($sql);


            $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1);


         }


			


      }


		


   }


}