From b889edb33e4a09cc1f65d2fb9ad9f9ea16b1eae9 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 04 Sep 2012 11:42:42 -0400
Subject: [PATCH] - Ported changes from Apache plugin to nginx plugin. - Fixed errors in system.inc.php-

---
 server/plugins-available/ftpuser_base_plugin.inc.php |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index 42edbb5..8cd2aa2 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -74,6 +74,12 @@
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr(realpath($data['new']['dir']),0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
       
@@ -90,6 +96,12 @@
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr(realpath($data['new']['dir']),0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
       

--
Gitblit v1.9.1