From d32eb66f55eb71cf131e7204c8142b74f8c1632d Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:10:58 -0400
Subject: [PATCH] - Fixed FS#2950 - DNS: Empty TTL leads to zero TTL (should be empty to use the default instead).

---
 server/plugins-available/ftpuser_base_plugin.inc.php |   16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index 42edbb5..1b4a016 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -74,10 +74,16 @@
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
-      
-      $app->log("Added ftpuser_dir: ".$data['new']['dir'],LOGLEVEL_DEBUG);
+	  
+	  $app->log("Added ftpuser_dir: ".$data['new']['dir'],LOGLEVEL_DEBUG);
     }
     
 	}
@@ -90,6 +96,12 @@
       
       $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
       
+	  //* Check if the resulting path is inside the docroot
+	  if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
+		$app->log('User dir is outside of docroot.',LOGLEVEL_WARN);
+		return false;
+	  }
+	  
       exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
       exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
       

--
Gitblit v1.9.1