From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
interface/web/tools/form/interface_settings.tform.php | 52 +++++++++++++++++++++++-----------------------------
1 files changed, 23 insertions(+), 29 deletions(-)
diff --git a/interface/web/tools/form/interface_settings.tform.php b/interface/web/tools/form/interface_settings.tform.php
index b43e1c6..52db8aa 100644
--- a/interface/web/tools/form/interface_settings.tform.php
+++ b/interface/web/tools/form/interface_settings.tform.php
@@ -60,8 +60,8 @@
*/
-$form['title'] = 'Interface Settings';
-$form['description'] = '';
+$form['title'] = 'interface_head_txt';
+$form['description'] = 'interface_desc_txt';
$form['name'] = 'interface';
$form['action'] = 'interface_settings.php';
$form['db_table'] = 'sys_user';
@@ -84,14 +84,25 @@
//* Pick out modules
//* TODO: limit to activated modules of the user
$modules_list = array();
-$handle = @opendir(ISPC_WEB_PATH);
-while ($file = @readdir ($handle)) {
- if ($file != '.' && $file != '..') {
- if(@is_dir(ISPC_WEB_PATH."/$file")) {
- if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
- $modules_list[$file] = $file;
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
+ $handle = @opendir(ISPC_WEB_PATH);
+ while ($file = @readdir ($handle)) {
+ if ($file != '.' && $file != '..') {
+ if(@is_dir(ISPC_WEB_PATH."/$file")) {
+ if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
+ $modules_list[$file] = $file;
+ }
}
- }
+ }
+ }
+} else {
+ $modules = $conf['interface_modules_enabled'];
+ if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $modules .= ',client';
+ }
+ $tmp = explode(',',$modules);
+ foreach($tmp as $m) {
+ $modules_list[$m] = $m;
}
}
@@ -113,7 +124,9 @@
while ($file = @readdir ($handle)) {
if (substr($file, 0, 1) != '.') {
if(@is_dir(ISPC_THEMES_PATH."/$file")) {
- $themes_list[$file] = $file;
+ if(!file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") || (@file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") && trim(@file_get_contents(ISPC_THEMES_PATH."/$file/ispconfig_version")) == ISPC_APP_VERSION)) {
+ $themes_list[$file] = $file;
+ }
}
}
}
@@ -136,25 +149,6 @@
'separator' => '',
'width' => '30',
'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
- ),
- 'language' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'SELECT',
- 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
- 'errmsg'=> 'language_is_empty'),
- 1 => array ( 'type' => 'REGEX',
- 'regex' => '/^[a-z]{2}$/i',
- 'errmsg'=> 'language_regex_mismatch'),
- ),
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => $language_list,
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '2',
'rows' => '',
'cols' => ''
),
--
Gitblit v1.9.1