From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
interface/web/vm/templates/openvz_vm_advanced_edit.htm | 114 ++++++++++++++++++++++++++++----------------------------
1 files changed, 57 insertions(+), 57 deletions(-)
diff --git a/interface/web/vm/templates/openvz_vm_advanced_edit.htm b/interface/web/vm/templates/openvz_vm_advanced_edit.htm
index 36981a8..0226eda 100644
--- a/interface/web/vm/templates/openvz_vm_advanced_edit.htm
+++ b/interface/web/vm/templates/openvz_vm_advanced_edit.htm
@@ -3,62 +3,62 @@
<div class="panel panel_openvz_vm">
- <div class="pnl_formsarea">
- <fieldset class="inlineLabels"><legend>Advanced</legend>
- <div class="ctrlHolder">
- <label for="veid">{tmpl_var name='veid_txt'}</label>
- <input name="veid" id="veid" value="{tmpl_var name='veid'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" />
- </div>
- <div class="ctrlHolder">
- <p class="label">{tmpl_var name='create_dns_txt'}</p>
- <div class="multiField">
- {tmpl_var name='create_dns'}
- </div>
- </div>
- <div class="ctrlHolder">
- <label for="diskspace">{tmpl_var name='diskspace_txt'}</label>
- <input name="diskspace" id="diskspace" value="{tmpl_var name='diskspace'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> GB
- </div>
- <div class="ctrlHolder">
- <label for="ram">{tmpl_var name='ram_txt'}</label>
- <input name="ram" id="ram" value="{tmpl_var name='ram'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> MB
- </div>
- <div class="ctrlHolder">
- <label for="ram_burst">{tmpl_var name='ram_burst_txt'}</label>
- <input name="ram_burst" id="ram_burst" value="{tmpl_var name='ram_burst'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> MB
- </div>
- <div class="ctrlHolder">
- <label for="cpu_units">{tmpl_var name='cpu_units_txt'}</label>
- <input name="cpu_units" id="cpu_units" value="{tmpl_var name='cpu_units'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (8 - 500000)
- </div>
- <div class="ctrlHolder">
- <label for="cpu_num">{tmpl_var name='cpu_num_txt'}</label>
- <input name="cpu_num" id="cpu_num" value="{tmpl_var name='cpu_num'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (1 - 64)
- </div>
- <div class="ctrlHolder">
- <label for="cpu_limit">{tmpl_var name='cpu_limit_txt'}</label>
- <input name="cpu_limit" id="cpu_limit" value="{tmpl_var name='cpu_limit'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (10 - 6400)
- </div>
- <div class="ctrlHolder">
- <label for="io_priority">{tmpl_var name='io_priority_txt'}</label>
- <input name="io_priority" id="io_priority" value="{tmpl_var name='io_priority'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (0 - 7)
- </div>
- <div class="ctrlHolder">
- <label for="nameserver">{tmpl_var name='nameserver_txt'}</label>
- <input name="nameserver" id="nameserver" value="{tmpl_var name='nameserver'}" size="30" maxlength="255" type="text" class="textInput" /> {tmpl_var name='nameserver_desc_txt'}
- </div>
- <div class="ctrlHolder">
- <label for="capability">{tmpl_var name='capability_txt'}</label>
- <input name="capability" id="capability" value="{tmpl_var name='capability'}" size="30" maxlength="255" type="text" class="textInput" />
- </div>
- </fieldset>
-
- <input type="hidden" name="id" value="{tmpl_var name='id'}">
-
- <div class="buttonHolder buttons">
- <button class="positive iconstxt icoPositive" type="button" value="{tmpl_var name='btn_save_txt'}" onClick="submitForm('pageForm','vm/openvz_vm_edit.php');"><span>{tmpl_var name='btn_save_txt'}</span></button>
- <button class="negative iconstxt icoNegative" type="button" value="{tmpl_var name='btn_cancel_txt'}" onClick="loadContent('vm/openvz_vm_list.php');"><span>{tmpl_var name='btn_cancel_txt'}</span></button>
+ <div class="pnl_formsarea">
+ <fieldset class="inlineLabels"><legend>Advanced</legend>
+ <div class="ctrlHolder">
+ <label for="veid">{tmpl_var name='veid_txt'}</label>
+ <input name="veid" id="veid" value="{tmpl_var name='veid'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" />
+ </div>
+ <div class="ctrlHolder">
+ <p class="label">{tmpl_var name='create_dns_txt'}</p>
+ <div class="multiField">
+ {tmpl_var name='create_dns'}
+ </div>
+ </div>
+ <div class="ctrlHolder">
+ <label for="diskspace">{tmpl_var name='diskspace_txt'}</label>
+ <input name="diskspace" id="diskspace" value="{tmpl_var name='diskspace'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> GB
+ </div>
+ <div class="ctrlHolder">
+ <label for="ram">{tmpl_var name='ram_txt'}</label>
+ <input name="ram" id="ram" value="{tmpl_var name='ram'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> MB
+ </div>
+ <div class="ctrlHolder">
+ <label for="ram_burst">{tmpl_var name='ram_burst_txt'}</label>
+ <input name="ram_burst" id="ram_burst" value="{tmpl_var name='ram_burst'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> MB
+ </div>
+ <div class="ctrlHolder">
+ <label for="cpu_units">{tmpl_var name='cpu_units_txt'}</label>
+ <input name="cpu_units" id="cpu_units" value="{tmpl_var name='cpu_units'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (8 - 500000)
+ </div>
+ <div class="ctrlHolder">
+ <label for="cpu_num">{tmpl_var name='cpu_num_txt'}</label>
+ <input name="cpu_num" id="cpu_num" value="{tmpl_var name='cpu_num'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (1 - 64)
+ </div>
+ <div class="ctrlHolder">
+ <label for="cpu_limit">{tmpl_var name='cpu_limit_txt'}</label>
+ <input name="cpu_limit" id="cpu_limit" value="{tmpl_var name='cpu_limit'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (10 - 6400)
+ </div>
+ <div class="ctrlHolder">
+ <label for="io_priority">{tmpl_var name='io_priority_txt'}</label>
+ <input name="io_priority" id="io_priority" value="{tmpl_var name='io_priority'}" size="30" maxlength="255" type="text" class="textInput formLengthLimit" /> (0 - 7)
+ </div>
+ <div class="ctrlHolder">
+ <label for="nameserver">{tmpl_var name='nameserver_txt'}</label>
+ <input name="nameserver" id="nameserver" value="{tmpl_var name='nameserver'}" size="30" maxlength="255" type="text" class="textInput" /> {tmpl_var name='nameserver_desc_txt'}
+ </div>
+ <div class="ctrlHolder">
+ <label for="capability">{tmpl_var name='capability_txt'}</label>
+ <input name="capability" id="capability" value="{tmpl_var name='capability'}" size="30" maxlength="255" type="text" class="textInput" />
+ </div>
+ </fieldset>
+
+ <input type="hidden" name="id" value="{tmpl_var name='id'}">
+
+ <div class="buttonHolder buttons">
+ <button class="positive iconstxt icoPositive" type="button" value="{tmpl_var name='btn_save_txt'}" onclick="submitForm('pageForm','vm/openvz_vm_edit.php');"><span>{tmpl_var name='btn_save_txt'}</span></button>
+ <button class="negative iconstxt icoNegative" type="button" value="{tmpl_var name='btn_cancel_txt'}" onclick="loadContent('vm/openvz_vm_list.php');"><span>{tmpl_var name='btn_cancel_txt'}</span></button>
+ </div>
</div>
- </div>
-</div>
+</div>
\ No newline at end of file
--
Gitblit v1.9.1