From 9edea9976bd605071e0694a90d704266c0b7e0f9 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 14 Aug 2014 11:30:03 -0400
Subject: [PATCH] - Added warning in the interface when a path for a shelluser is set that is outside of the website docroot. - Added security settings feature to allow the root user of a server to control most aspects of whet the admin user of the controlpanel is allowed to do in system settings. This is especially useful for managed severs where the ispconfig admin user and the root user of the server are different persons.

---
 interface/web/admin/server_php_edit.php |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/interface/web/admin/server_php_edit.php b/interface/web/admin/server_php_edit.php
index aeac621..f60ae99 100644
--- a/interface/web/admin/server_php_edit.php
+++ b/interface/web/admin/server_php_edit.php
@@ -38,11 +38,12 @@
 * End Form configuration
 ******************************************/
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_server_php');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
@@ -56,7 +57,7 @@
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
-			$rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);
+			$rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
 			if($rec['server_id'] != $this->dataRecord["server_id"]) {
 				//* Add a error message and switch back to old server
 				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
@@ -65,9 +66,10 @@
 			unset($rec);
 		}
 	}
+
 }
 
 $page = new page_action;
 $page->onLoad();
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1