From 33e2c95c69b405f36caf9013ff9a256e6edf9500 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 11 Feb 2013 08:15:44 -0500
Subject: [PATCH] - htpasswd_stats file was not readable for apache user.

---
 server/plugins-available/ftpuser_base_plugin.inc.php |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index 42edbb5..8cd2aa2 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -74,6 +74,12 @@
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr(realpath($data['new']['dir']),0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
       
@@ -90,6 +96,12 @@
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr(realpath($data['new']['dir']),0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
       

--
Gitblit v1.9.1