From 69a57d959dc422eaa4d10ba7005bd884b87b5fdf Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 03 Jun 2015 13:02:55 -0400
Subject: [PATCH] Added csrf protection to dns wizard.

---
 server/lib/classes/system.inc.php |   26 +++++++++++++-------------
 1 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 9bd3e00..b92cae5 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -1721,14 +1721,14 @@
 
 	function getinitcommand($servicename, $action, $init_script_directory = ''){
 		global $conf;
-		// systemd
-		if(is_executable('/bin/systemd')){
-			return 'systemctl '.$action.' '.$servicename.'.service';
-		}
 		// upstart
 		if(is_executable('/sbin/initctl')){
 			exec('/sbin/initctl version 2>/dev/null | /bin/grep -q upstart', $retval['output'], $retval['retval']);
 			if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
+		}
+		// systemd
+		if(is_executable('/bin/systemd') || is_executable('/usr/bin/systemctl')){
+			return 'systemctl '.$action.' '.$servicename.'.service';
 		}
 		// sysvinit
 		if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
@@ -1765,8 +1765,8 @@
 		global $app;
 		
 		$cmd = '';
-		if(is_installed('apache2ctl')) $cmd = 'apache2ctl -t -D DUMP_MODULES';
-		elseif(is_installed('apachectl')) $cmd = 'apachectl -t -D DUMP_MODULES';
+		if($this->is_installed('apache2ctl')) $cmd = 'apache2ctl -t -D DUMP_MODULES';
+		elseif($this->is_installed('apachectl')) $cmd = 'apachectl -t -D DUMP_MODULES';
 		else {
 			$app->log("Could not check apache modules, apachectl not found.", LOGLEVEL_WARN);
 			return array();
@@ -1824,7 +1824,7 @@
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($username,$name_blacklist)) return false;
 		
-		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;
+		if(preg_match('/^[a-zA-Z0-9\.\-_]{1,32}$/', $username) == false) return false;
 		
 		if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;
 		
@@ -1835,16 +1835,16 @@
 	
 	public function is_allowed_group($groupname, $check_id = true, $restrict_names = false) {
 		global $app;
-		echo 1;
+		
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($groupname,$name_blacklist)) return false;
-		echo 2;
-		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;
-		echo 3;
+		
+		if(preg_match('/^[a-zA-Z0-9\.\-_]{1,32}$/', $groupname) == false) return false;
+		
 		if($check_id && intval($this->getgid($groupname)) < $this->min_gid) return false;
-		echo 4;
+		
 		if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
-		echo 5;
+		
 		return true;
 	}
 	

--
Gitblit v1.9.1