From 15687e27652852fa205f9e0d5de245bb9a44a618 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 01 Aug 2014 07:25:56 -0400
Subject: [PATCH] Fixed some errors in user check of apache and nginx plugin.
---
server/plugins-available/apache2_plugin.inc.php | 6 +++---
interface/lib/classes/functions.inc.php | 4 ++--
server/lib/classes/system.inc.php | 18 +++++++++---------
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 29feffd..e37edda 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -430,7 +430,7 @@
$name_blacklist = array('root','ispconfig','vmail','getmail');
if(in_array($username,$name_blacklist)) return false;
- if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
+ if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;
if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
@@ -443,7 +443,7 @@
$name_blacklist = array('root','ispconfig','vmail','getmail');
if(in_array($groupname,$name_blacklist)) return false;
- if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
+ if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;
if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 3001c64..9bd3e00 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -1824,7 +1824,7 @@
$name_blacklist = array('root','ispconfig','vmail','getmail');
if(in_array($username,$name_blacklist)) return false;
- if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
+ if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;
if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;
@@ -1833,18 +1833,18 @@
return true;
}
- public function is_allowed_group($groupname, $restrict_names = false) {
+ public function is_allowed_group($groupname, $check_id = true, $restrict_names = false) {
global $app;
-
+ echo 1;
$name_blacklist = array('root','ispconfig','vmail','getmail');
if(in_array($groupname,$name_blacklist)) return false;
-
- if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
-
- if(intval($this->getgid($groupname)) < $this->min_gid) return false;
-
+ echo 2;
+ if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;
+ echo 3;
+ if($check_id && intval($this->getgid($groupname)) < $this->min_gid) return false;
+ echo 4;
if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
-
+ echo 5;
return true;
}
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index b1411c9..350c037 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -344,9 +344,9 @@
if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);
return 0;
}
- if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)
- || !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {
- $app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);
+ if($app->system->is_allowed_user($data['new']['system_user'], $app->system->is_user($data['new']['system_user']), true) == false
+ || $app->system->is_allowed_group($data['new']['system_group'], $app->system->is_group($data['new']['system_group']), true) == false) {
+ $app->log('Websites cannot be owned by the root user or group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);
return 0;
}
if(trim($data['new']['domain']) == '') {
--
Gitblit v1.9.1