From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
interface/web/tools/form/interface_settings.tform.php | 25 ++++++++++++++++++-------
1 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/interface/web/tools/form/interface_settings.tform.php b/interface/web/tools/form/interface_settings.tform.php
index 49ed62d..52db8aa 100644
--- a/interface/web/tools/form/interface_settings.tform.php
+++ b/interface/web/tools/form/interface_settings.tform.php
@@ -84,14 +84,25 @@
//* Pick out modules
//* TODO: limit to activated modules of the user
$modules_list = array();
-$handle = @opendir(ISPC_WEB_PATH);
-while ($file = @readdir ($handle)) {
- if ($file != '.' && $file != '..') {
- if(@is_dir(ISPC_WEB_PATH."/$file")) {
- if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
- $modules_list[$file] = $file;
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
+ $handle = @opendir(ISPC_WEB_PATH);
+ while ($file = @readdir ($handle)) {
+ if ($file != '.' && $file != '..') {
+ if(@is_dir(ISPC_WEB_PATH."/$file")) {
+ if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
+ $modules_list[$file] = $file;
+ }
}
- }
+ }
+ }
+} else {
+ $modules = $conf['interface_modules_enabled'];
+ if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $modules .= ',client';
+ }
+ $tmp = explode(',',$modules);
+ foreach($tmp as $m) {
+ $modules_list[$m] = $m;
}
}
--
Gitblit v1.9.1