ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2013-07-31 615a0a96618fa99e7e452523145d6c0f238d4473 
 interface/web/sites/ftp_user_edit.php


@@ -79,14 +79,10 @@


      


      if ($this->dataRecord['username'] != ""){


         /* REMOVE the restriction */


         $app->tpl->setVar("username", preg_replace('/'.$ftpuser_prefix.'/' , '', $this->dataRecord['username'], 1));


         $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix));


      }


      if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


         $app->tpl->setVar("username_prefix", $global_config['ftpuser_prefix']);


      }


      else {


         $app->tpl->setVar("username_prefix", $ftpuser_prefix);


      }


        


        $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']));




      parent::onShowEnd();


   }


@@ -95,7 +91,7 @@


      global $app, $conf;


      


      // Get the record of the parent domain


      $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".intval(@$this->dataRecord["parent_domain_id"]));


      $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));


      


      // Set a few fixed values


      $this->dataRecord["server_id"] = $parent_domain["server_id"];


@@ -116,6 +112,8 @@


      $app->uses('getconf,tools_sites');


      $global_config = $app->getconf->get_global_config('sites');


      $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord);




        $this->dataRecord['username_prefix'] = $ftpuser_prefix;


      


      if ($app->tform->errorMessage == '') {


         $this->dataRecord['username'] = $ftpuser_prefix . $this->dataRecord['username'];


@@ -127,7 +125,7 @@


      function onAfterInsert() {


      global $app, $conf;


      


      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($this->dataRecord["parent_domain_id"]));


      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


      $server_id = $web["server_id"];


      $dir = $web["document_root"];


      $uid = $web["system_user"];


@@ -151,6 +149,10 @@


      $global_config = $app->getconf->get_global_config('sites');


      $ftpuser_prefix = $app->tools_sites->replacePrefix($global_config['ftpuser_prefix'], $this->dataRecord);


      


        $old_record = $app->tform->getDataRecord($this->id);


        $ftpuser_prefix = $app->tools_sites->getPrefix($old_record['username_prefix'], $ftpuser_prefix);


        $this->dataRecord['username_prefix'] = $ftpuser_prefix;


        


      /* restrict the names */


      if ($app->tform->errorMessage == '') {


         $this->dataRecord['username'] = $ftpuser_prefix . $this->dataRecord['username'];


@@ -162,7 +164,7 @@


      


      //* When the site of the FTP user has been changed


      if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {


         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($this->dataRecord["parent_domain_id"]));


         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


         $server_id = $web["server_id"];


         $dir = $web["document_root"];


         $uid = $web["system_user"];


@@ -175,6 +177,23 @@


         $app->db->query($sql);


      }


      


      //* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user


      if(isset($this->dataRecord['dir']) && $this->dataRecord['dir'] != $this->oldDataRecord['dir'] && !$app->auth->is_admin()) {


         $vd = new validate_ftpuser;


         $error_message = $vd->ftp_dir('dir', $this->dataRecord['dir'], '');


         //* This check should normally never be triggered


         //* Set the path to a safe path (web doc root).


         if($error_message != '') {


            $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"]));


            $dir = $web["document_root"];


            $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id;


            $app->db->query($sql);


            $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1);


         }


			


      }


		


   }


}