From 391e05cbee6ff84bce60b665be60b4e5f049ee7f Mon Sep 17 00:00:00 2001
From: Falko Timme <ft@falkotimme.com>
Date: Tue, 22 Oct 2013 12:48:51 -0400
Subject: [PATCH] - Display hostname next to IP (where available) in the jQuery IP suggestion box.

---
 server/plugins-available/ftpuser_base_plugin.inc.php |   22 +++++++++++++++++++++-
 1 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index 42edbb5..66723d2 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -69,15 +69,25 @@
 	function insert($event_name,$data) {
 		global $app, $conf;
 		
+        $app->uses('system');
+        
     if(!is_dir($data['new']['dir'])) {
       $app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.",LOGLEVEL_DEBUG);
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
+      $app->system->web_folder_protection($web['document_root'],false);
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
+	  $app->system->web_folder_protection($web['document_root'],true);
       
-      $app->log("Added ftpuser_dir: ".$data['new']['dir'],LOGLEVEL_DEBUG);
+	  $app->log("Added ftpuser_dir: ".$data['new']['dir'],LOGLEVEL_DEBUG);
     }
     
 	}
@@ -85,13 +95,23 @@
 	function update($event_name,$data) {
 		global $app, $conf;
 		
+        $app->uses('system');
+        
     if(!is_dir($data['new']['dir'])) {
       $app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.",LOGLEVEL_DEBUG);
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+
+      $app->system->web_folder_protection($web['document_root'],false);
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
+	  $app->system->web_folder_protection($web['document_root'],true);
       
       $app->log("Added ftpuser_dir: ".$data['new']['dir'],LOGLEVEL_DEBUG);
     }

--
Gitblit v1.9.1