From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/sites/shell_user_edit.php |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index c3102cd..e09d8dd 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -81,7 +81,7 @@
 		
 		if ($this->dataRecord['username'] != ""){
 			/* REMOVE the restriction */
-			$app->tpl->setVar("username", str_replace($shelluser_prefix , '', $this->dataRecord['username']));
+			$app->tpl->setVar("username", preg_replace('/'.$shelluser_prefix.'/', '', $this->dataRecord['username'], 1));
 		}
 		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
 			$app->tpl->setVar("username_prefix", $global_config['shelluser_prefix']);
@@ -111,6 +111,10 @@
 		
 		if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />';
 		if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />';
+		if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />';
+		if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'./')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />';
+		
+		if(isset($this->dataRecord['ssh_rsa'])) $this->dataRecord['ssh_rsa'] = trim($this->dataRecord['ssh_rsa']);
 		
 		parent::onSubmit();
 	}

--
Gitblit v1.9.1