From 6a5113d75bd362a69aa0ce1a344e260cf257b61d Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 07 Aug 2014 03:26:03 -0400
Subject: [PATCH] Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

---
 interface/lib/classes/functions.inc.php |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index ddee8da..e37edda 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -427,7 +427,11 @@
 	public function is_allowed_user($username, $restrict_names = false) {
 		global $app;
 		
-		if($username == 'root') return false;
+		$name_blacklist = array('root','ispconfig','vmail','getmail');
+		if(in_array($username,$name_blacklist)) return false;
+		
+		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;
+		
 		if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
 		
 		return true;
@@ -436,7 +440,11 @@
 	public function is_allowed_group($groupname, $restrict_names = false) {
 		global $app;
 		
-		if($groupname == 'root') return false;
+		$name_blacklist = array('root','ispconfig','vmail','getmail');
+		if(in_array($groupname,$name_blacklist)) return false;
+		
+		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;
+		
 		if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
 		
 		return true;

--
Gitblit v1.9.1