From 63ce187ffb230328bbd3e797c9d7d34b7584f4c8 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 31 Oct 2012 04:49:56 -0400
Subject: [PATCH] Fixed: FS#2512 - ISPConfig 3.0.4.6 cron log
---
interface/web/sites/webdav_user_edit.php | 19 ++++++++++---------
1 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php
index 5d5a617..8f11bb0 100644
--- a/interface/web/sites/webdav_user_edit.php
+++ b/interface/web/sites/webdav_user_edit.php
@@ -40,7 +40,6 @@
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
-require_once('tools.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('sites');
@@ -73,9 +72,9 @@
* If the names are restricted -> remove the restriction, so that the
* data can be edited
*/
- $app->uses('getconf');
+ $app->uses('getconf,tools_sites');
$global_config = $app->getconf->get_global_config('sites');
- $webdavuser_prefix = replacePrefix($global_config['webdavuser_prefix'], $this->dataRecord);
+ $webdavuser_prefix = $app->tools_sites->replacePrefix($global_config['webdavuser_prefix'], $this->dataRecord);
if ($this->dataRecord['username'] != "") {
/* REMOVE the restriction */
@@ -102,7 +101,7 @@
global $app, $conf;
/* Get the record of the parent domain */
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".intval(@$this->dataRecord["parent_domain_id"]));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
/*
* Set a few fixed values
@@ -114,7 +113,9 @@
*/
if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />';
if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />';
-
+ if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />';
+ if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'./')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />';
+
parent::onSubmit();
}
@@ -126,9 +127,9 @@
*/
if ($app->tform->errorMessage == '') {
- $app->uses('getconf');
+ $app->uses('getconf,tools_sites');
$global_config = $app->getconf->get_global_config('sites');
- $webdavuser_prefix = replacePrefix($global_config['webdavuser_prefix'], $this->dataRecord);
+ $webdavuser_prefix = $app->tools_sites->replacePrefix($global_config['webdavuser_prefix'], $this->dataRecord);
/* restrict the names */
$this->dataRecord['username'] = $webdavuser_prefix . $this->dataRecord['username'];
@@ -142,7 +143,7 @@
/*
* Get the data of the domain, owning the webdav user
*/
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($this->dataRecord["parent_domain_id"]));
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
/* The server is the server of the domain */
$this->dataRecord["server_id"] = $web["server_id"];
/* The Webdav user shall be owned by the same group then the website */
@@ -163,7 +164,7 @@
* we can not change the username and the dir, so get the "old" - data from the db
* and set it
*/
- $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".intval($this->id));
+ $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".$app->functions->intval($this->id));
$this->dataRecord["username"] = $data['username'];
$this->dataRecord["dir"] = $data['dir'];
$passwordOld = $data['password'];
--
Gitblit v1.9.1