From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/plugins-available/cron_plugin.inc.php |   23 +++++++++++++----------
 1 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index d02b1fd..7d3c138 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -92,17 +92,20 @@
 		}
 
 		//* get data from web
-		$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
+		$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
 		if(!$parent_domain["domain_id"]) {
 			$app->log("Parent domain not found", LOGLEVEL_WARN);
 			return 0;
-		} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
-			$app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
-			return 0;
 		}
 
+		if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
+			|| !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
+			$app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
+			return false;
+		}
+		
 		// Get the client ID
-		$client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["new"]["sys_groupid"]));
+		$client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["new"]["sys_groupid"]);
 		$client_id = intval($client["client_id"]);
 		unset($client);
 
@@ -158,14 +161,14 @@
 		global $app, $conf;
 
 		//* get data from web
-		$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["old"]["parent_domain_id"]));
+		$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["old"]["parent_domain_id"]);
 		if(!$parent_domain["domain_id"]) {
 			$app->log("Parent domain not found", LOGLEVEL_WARN);
 			return 0;
 		}
 
 		// Get the client ID
-		$client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["old"]["sys_groupid"]));
+		$client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["old"]["sys_groupid"]);
 		$client_id = intval($client["client_id"]);
 		unset($client);
 
@@ -193,7 +196,7 @@
 		$chr_cmd_count = 0;
 
 		//* read all active cron jobs from database and write them to file
-		$cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ".intval($this->parent_domain["domain_id"]) . " AND c.`active` = 'y'");
+		$cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ? AND c.`active` = 'y'", $this->parent_domain["domain_id"]);
 		if($cron_jobs && count($cron_jobs) > 0) {
 			foreach($cron_jobs as $job) {
 				if($job['run_month'] == '@reboot') {
@@ -207,7 +210,7 @@
 				$log_root = '';
 				if($job['log'] == 'y') {
 					if($job['type'] != 'chrooted') $log_root = $this->parent_domain['document_root'];
-					$log_root .= '/log';
+					$log_root .= '/private';
 					
 					$log_target = '>>' . $log_root . '/cron.log 2>>' . $log_root . '/cron_error.log';
 					$log_wget_target = $log_root . '/cron_wget.log';
@@ -231,7 +234,7 @@
 					$job['command'] = str_replace('[web_root]', $web_root, $job['command']);
 
 					$command .= "\t";
-					if($job['type'] != 'chrooted' && substr($job['command'], 0, 1) != "/") $command .= $this->parent_domain['document_root'].'/';
+					//if($job['type'] != 'chrooted' && substr($job['command'], 0, 1) != "/") $command .= $this->parent_domain['document_root'].'/';
 					$command .= $job['command'] . " " . $log_target;
 				}
 

--
Gitblit v1.9.1