ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2011-12-15 e589cc1dbb43111f7b7ecf21c99820baa8b7f45c 
 server/plugins-available/nginx_plugin.inc.php


@@ -1105,7 +1105,7 @@


      if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);


      if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);


      $folder_path = escapeshellcmd($website['document_root'].'/web/'.$folder['path']);


      if(substr($folder_path,-1) != '/' && $folder['path'] != '') $folder_path .= '/';


      if(substr($folder_path,-1) != '/') $folder_path .= '/';


      


      //* Check if the resulting path is inside the docroot


      if(stristr($folder_path,'..') || stristr($folder_path,'./') || stristr($folder_path,'\\')) {


@@ -1163,7 +1163,7 @@


      


      $folder_id = $data['old']['web_folder_id'];


      


      $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));


      $folder = $data['old'];


      $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));


      


      if(!is_array($folder) or !is_array($website)) {


@@ -1175,7 +1175,7 @@


      if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);


      if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);


      $folder_path = realpath($website['document_root'].'/web/'.$folder['path']);


      if(substr($folder_path,-1) != '/' && $folder['path'] != '') $folder_path .= '/';


      if(substr($folder_path,-1) != '/') $folder_path .= '/';


      


      //* Check if the resulting path is inside the docroot


      if(substr($folder_path,0,strlen($website['document_root'])) != $website['document_root']) {


@@ -1209,12 +1209,12 @@


      if(substr($data['old']['path'],0,1) == '/') $data['old']['path'] = substr($data['old']['path'],1);


      if(substr($data['old']['path'],-1) == '/') $data['old']['path'] = substr($data['old']['path'],0,-1);


      $old_folder_path = realpath($website['document_root'].'/web/'.$data['old']['path']);


      if(substr($old_folder_path,-1) != '/' && $data['old']['path'] != '') $old_folder_path .= '/';


      if(substr($old_folder_path,-1) != '/') $old_folder_path .= '/';


         


      if(substr($data['new']['path'],0,1) == '/') $data['new']['path'] = substr($data['new']['path'],1);


      if(substr($data['new']['path'],-1) == '/') $data['new']['path'] = substr($data['new']['path'],0,-1);


      $new_folder_path = escapeshellcmd($website['document_root'].'/web/'.$data['new']['path']);


      if(substr($new_folder_path,-1) != '/' && $data['new']['path'] != '') $new_folder_path .= '/';


      if(substr($new_folder_path,-1) != '/') $new_folder_path .= '/';


      


      //* Check if the resulting path is inside the docroot


      if(stristr($new_folder_path,'..') || stristr($new_folder_path,'./') || stristr($new_folder_path,'\\')) {