From 64ea56164ad8f0f2cee5676f84d2d8f064e986e1 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 29 Jul 2014 11:55:13 -0400
Subject: [PATCH] Improved input validation

---
 server/lib/classes/system.inc.php |   57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 56 insertions(+), 1 deletions(-)

diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 16e91ae..049eb61 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -34,7 +34,9 @@
 	var $server_id;
 	var $server_conf;
 	var $data;
-
+	var $min_uid = 500;
+	var $min_gid = 500;
+	
 	/**
 	 * Construct for this class
 	 *
@@ -1785,6 +1787,59 @@
 		
 		return $modules;
 	}
+	
+	//* ISPConfig mail function
+	public function mail($to, $subject, $text, $from, $filepath = '', $filetype = 'application/pdf', $filename = '', $cc = '', $bcc = '', $from_name = '') {
+		global $app, $conf;
+
+		if($conf['demo_mode'] == true) $app->error("Mail sending disabled in demo mode.");
+
+		$app->uses('getconf,ispcmail');
+		$mail_config = $app->getconf->get_global_config('mail');
+		if($mail_config['smtp_enabled'] == 'y') {
+			$mail_config['use_smtp'] = true;
+			$app->ispcmail->setOptions($mail_config);
+		}
+		$app->ispcmail->setSender($from, $from_name);
+		$app->ispcmail->setSubject($subject);
+		$app->ispcmail->setMailText($text);
+
+		if($filepath != '') {
+			if(!file_exists($filepath)) $app->error("Mail attachement does not exist ".$filepath);
+			$app->ispcmail->readAttachFile($filepath);
+		}
+
+		if($cc != '') $app->ispcmail->setHeader('Cc', $cc);
+		if($bcc != '') $app->ispcmail->setHeader('Bcc', $bcc);
+
+		$app->ispcmail->send($to);
+		$app->ispcmail->finish();
+		
+		return true;
+	}
+	
+	public function is_allowed_user($username, $check_id = true, $restrict_names = false) {
+		global $app;
+		
+		if($username == 'root') return false;
+		if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;
+		
+		if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
+		
+		return true;
+	}
+	
+	public function is_allowed_group($groupname, $restrict_names = false) {
+		global $app;
+		
+		if($groupname == 'root') return false;
+		if(intval($this->getgid($groupname)) < $this->min_gid) return false;
+		
+		if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
+		
+		return true;
+	}
+	
 }
 
 ?>

--
Gitblit v1.9.1