From 19b5e01da02aa2115ee802cf2e43a7f3e58f4eac Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 13 Aug 2014 13:28:03 -0400
Subject: [PATCH] Added function "is_superadmin" in auth library and improved other functions.

---
 interface/lib/classes/functions.inc.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 29feffd..8fed767 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -248,7 +248,7 @@
 		}
 
 		$ips = array();
-		$results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$type."'");
+		$results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$app->db->quote($type)."'");
 		if(!empty($results) && is_array($results)){
 			foreach($results as $result){
 				if(preg_match($regex, $result['ip'])){
@@ -430,7 +430,7 @@
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($username,$name_blacklist)) return false;
 		
-		if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
+		if(preg_match('/^[a-zA-Z0-9\.\-_]{1,32}$/', $username) == false) return false;
 		
 		if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
 		
@@ -443,7 +443,7 @@
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($groupname,$name_blacklist)) return false;
 		
-		if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
+		if(preg_match('/^[a-zA-Z0-9\.\-_]{1,32}$/', $groupname) == false) return false;
 		
 		if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
 		

--
Gitblit v1.9.1