From 746bf0f5cd4a3a650a0bfa1c1149d4e1331774a0 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 08 Aug 2014 04:53:48 -0400
Subject: [PATCH] Fixed: FS#3607 - Permissions of .htaccess file in stats folder are wrong

---
 server/plugins-available/shelluser_base_plugin.inc.php |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 0ceced9..e331624 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -82,6 +82,13 @@
 			$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
 			return false;
 		}
+		
+		if(!$app->system->is_allowed_user($data['new']['username'], false, false)
+			|| !$app->system->is_allowed_user($data['new']['puser'], true, true)
+			|| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
+			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
+			return false;
+		}
 
 		if($app->system->is_user($data['new']['puser'])) {
 
@@ -151,6 +158,13 @@
 			return false;
 		}
 
+		if(!$app->system->is_allowed_user($data['new']['username'], false, false)
+			|| !$app->system->is_allowed_user($data['new']['puser'], true, true)
+			|| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
+			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
+			return false;
+		}
+		
 		if($app->system->is_user($data['new']['puser'])) {
 			// Get the UID of the parent user
 			$uid = intval($app->system->getuid($data['new']['puser']));

--
Gitblit v1.9.1