From 803a784d3bfa063f01783a9ef44a661f4ae41024 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 13 Nov 2012 09:21:01 -0500
Subject: [PATCH] Fixed: web folder check for vhost subdomains was not working correctly

---
 interface/web/sites/web_vhost_subdomain_edit.php |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index 3bee128..dff10c0 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -370,7 +370,10 @@
             
             $this->dataRecord['web_folder'] = strtolower($this->dataRecord['web_folder']);
             $forbidden_folders = array('', 'cgi-bin', 'web', 'log', 'private', 'ssl', 'tmp', 'webdav');
-            if(in_array($this->dataRecord['web_folder'], $forbidden_folders)) {
+            $check_folder = strtolower($this->dataRecord['web_folder']);
+            if(substr($check_folder, 0, 1) === '/') $check_folder = substr($check_folder, 1); // strip / at beginning to check against forbidden entries
+            if(strpos($check_folder, '/') !== false) $check_folder = substr($check_folder, 0, strpos($check_folder, '/')); // get the first part of the path to check it
+            if(in_array($check_folder, $forbidden_folders)) {
                 $app->tform->errorMessage .= $app->tform->lng("web_folder_invalid_txt")."<br>";
             }
             // check for duplicate folder usage

--
Gitblit v1.9.1