From 6ccc2ac44dc49125b8fc60872c024f944a32a5e6 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 24 Jun 2013 05:39:27 -0400
Subject: [PATCH] Extended FTP user path checks.
---
interface/lib/classes/functions.inc.php | 107 ++++++++++++++++++++++++++++++-----------------------
1 files changed, 61 insertions(+), 46 deletions(-)
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index fcb6055..74f8400 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -130,10 +130,21 @@
}
public function get_ispconfig_url() {
+ global $app;
+
$url = (stristr($_SERVER['SERVER_PROTOCOL'],'HTTPS') || stristr($_SERVER['HTTPS'],'on'))?'https':'http';
- $url .= '://'.$_SERVER['SERVER_NAME'];
- if($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
- $url .= ':'.$_SERVER['SERVER_PORT'];
+ if($_SERVER['SERVER_NAME'] != '_') {
+ $url .= '://'.$_SERVER['SERVER_NAME'];
+ if($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
+ $url .= ':'.$_SERVER['SERVER_PORT'];
+ }
+ } else {
+ $app->uses("getconf");
+ $server_config = $app->getconf->get_server_config(1,'server');
+ $url .= '://'.$server_config['hostname'];
+ if($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
+ $url .= ':'.$_SERVER['SERVER_PORT'];
+ }
}
return $url;
}
@@ -303,7 +314,7 @@
}
public function intval($string, $force_numeric = false) {
- if(intval($string) == 2147483647) {
+ if(intval($string) == 2147483647 || ($string > 0 && intval($string) < 0)) {
if($force_numeric == true) return floatval($string);
elseif(preg_match('/^([-]?)[0]*([1-9][0-9]*)([^0-9].*)*$/', $string, $match)) return $match[1].$match[2];
else return 0;
@@ -315,7 +326,7 @@
/** IDN converter wrapper.
* all converter classes should be placed in ISPC_CLASS_PATH.'/idn/'
*/
- public function idn_encode($domain) {
+ private function _idn_encode_decode($domain, $encode = true) {
if($domain == '') return '';
if(preg_match('/^[0-9\.]+$/', $domain)) return $domain; // may be an ip address - anyway does not need to bee encoded
@@ -326,56 +337,60 @@
$domain = substr($domain, strrpos($domain, '@') + 1);
}
- if(function_exists('idn_to_ascii')) {
- $domain = idn_to_ascii($domain);
- } elseif(file_exists(ISPC_CLASS_PATH.'/idn/idna_convert.class.php')) {
- /* use idna class:
- * @author Matthias Sommerfeld <mso@phlylabs.de>
- * @copyright 2004-2011 phlyLabs Berlin, http://phlylabs.de
- * @version 0.8.0 2011-03-11
- */
-
- if(!is_object($this->idn_converter) || $this->idn_converter_name != 'idna_convert.class') {
- include_once(ISPC_CLASS_PATH.'/idn/idna_convert.class.php');
- $this->idn_converter = new idna_convert(array('idn_version' => 2008));
- $this->idn_converter_name = 'idna_convert.class';
+ if($encode == true) {
+ if(function_exists('idn_to_ascii')) {
+ $domain = idn_to_ascii($domain);
+ } elseif(file_exists(ISPC_CLASS_PATH.'/idn/idna_convert.class.php')) {
+ /* use idna class:
+ * @author Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2011 phlyLabs Berlin, http://phlylabs.de
+ * @version 0.8.0 2011-03-11
+ */
+
+ if(!is_object($this->idn_converter) || $this->idn_converter_name != 'idna_convert.class') {
+ include_once(ISPC_CLASS_PATH.'/idn/idna_convert.class.php');
+ $this->idn_converter = new idna_convert(array('idn_version' => 2008));
+ $this->idn_converter_name = 'idna_convert.class';
+ }
+ $domain = $this->idn_converter->encode($domain);
}
- $domain = $this->idn_converter->encode($domain);
+ } else {
+ if(function_exists('idn_to_utf8')) {
+ $domain = idn_to_utf8($domain);
+ } elseif(file_exists(ISPC_CLASS_PATH.'/idn/idna_convert.class.php')) {
+ /* use idna class:
+ * @author Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2011 phlyLabs Berlin, http://phlylabs.de
+ * @version 0.8.0 2011-03-11
+ */
+
+ if(!is_object($this->idn_converter) || $this->idn_converter_name != 'idna_convert.class') {
+ include_once(ISPC_CLASS_PATH.'/idn/idna_convert.class.php');
+ $this->idn_converter = new idna_convert(array('idn_version' => 2008));
+ $this->idn_converter_name = 'idna_convert.class';
+ }
+ $domain = $this->idn_converter->decode($domain);
+ }
}
if($user_part !== false) return $user_part . '@' . $domain;
else return $domain;
}
+
+ public function idn_encode($domain) {
+ $domains = explode("\n", $domain);
+ for($d = 0; $d < count($domains); $d++) {
+ $domains[$d] = $this->_idn_encode_decode($domains[$d], true);
+ }
+ return implode("\n", $domains);
+ }
public function idn_decode($domain) {
- if($domain == '') return '';
- if(preg_match('/^[0-9\.]+$/', $domain)) return $domain; // may be an ip address - anyway does not need to bee decoded
-
- // get domain and user part if it is an email
- $user_part = false;
- if(strpos($domain, '@') !== false) {
- $user_part = substr($domain, 0, strrpos($domain, '@'));
- $domain = substr($domain, strrpos($domain, '@') + 1);
+ $domains = explode("\n", $domain);
+ for($d = 0; $d < count($domains); $d++) {
+ $domains[$d] = $this->_idn_encode_decode($domains[$d], false);
}
- if(function_exists('idn_to_utf8')) {
- $domain = idn_to_utf8($domain);
- } elseif(file_exists(ISPC_CLASS_PATH.'/idn/idna_convert.class.php')) {
- /* use idna class:
- * @author Matthias Sommerfeld <mso@phlylabs.de>
- * @copyright 2004-2011 phlyLabs Berlin, http://phlylabs.de
- * @version 0.8.0 2011-03-11
- */
-
- if(!is_object($this->idn_converter) || $this->idn_converter_name != 'idna_convert.class') {
- include_once(ISPC_CLASS_PATH.'/idn/idna_convert.class.php');
- $this->idn_converter = new idna_convert(array('idn_version' => 2008));
- $this->idn_converter_name = 'idna_convert.class';
- }
- $domain = $this->idn_converter->decode($domain);
- }
-
- if($user_part !== false) return $user_part . '@' . $domain;
- else return $domain;
+ return implode("\n", $domains);
}
}
--
Gitblit v1.9.1