From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 server/plugins-available/mysql_clientdb_plugin.inc.php |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index df840ee..ce6bb5a 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -164,6 +164,7 @@
                 $host_list = '';
                 if($data['new']['remote_access'] == 'y') {
                     $host_list = $data['new']['remote_ips'];
+                    if($host_list == '') $host_list = '%';
                 }
                 if($host_list != '') $host_list .= ',';
                 $host_list .= 'localhost';
@@ -208,6 +209,7 @@
             $host_list = '';
             if($data['new']['remote_access'] == 'y') {
                 $host_list = $data['new']['remote_ips'];
+                if($host_list == '') $host_list = '%';
             }
             if($host_list != '') $host_list .= ',';
             $host_list .= 'localhost';
@@ -364,7 +366,7 @@
         }
         
         
-        if($data['old']['database_user'] == $data['new']['database_user'] && $data['old']['database_password'] == $data['new']['database_password']) {
+        if($data['old']['database_user'] == $data['new']['database_user'] && ($data['old']['database_password'] == $data['new']['database_password'] || $data['new']['database_password'] == '')) {
             return;
         }
         
@@ -390,8 +392,8 @@
 				$app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'],LOGLEVEL_DEBUG);
 			}
 
-			if($data['new']['database_password'] != $data['old']['database_password']) {
-				$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
+			if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') {
+				$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
 				$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
 			}
         }

--
Gitblit v1.9.1