| | |
|---|
| | | $app->db->query($sql); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user |
|---|
| | | if(isset($this->dataRecord['dir']) && $this->dataRecord['dir'] != $this->oldDataRecord['dir'] && !$app->auth->is_admin()) { |
|---|
| | | $vd = new validate_ftpuser; |
|---|
| | | $error_message = $vd->ftp_dir('dir', $this->dataRecord['dir'], ''); |
|---|
| | | //* This check should normally never be triggered |
|---|
| | | //* Set the path to a safe path (web doc root). |
|---|
| | | if($error_message != '') { |
|---|
| | | $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'"); |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"])); |
|---|
| | | $dir = $web["document_root"]; |
|---|
| | | $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id; |
|---|
| | | $app->db->query($sql); |
|---|
| | | $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
