From e0dc711c2b2dc4e2ec397d7f53910f11e1ca4ade Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 02 Sep 2013 04:14:56 -0400
Subject: [PATCH] - Changed previous commit to check for read permissions only on download action
---
interface/web/sites/shell_user_edit.php | 24 +++++++++++++++++++-----
1 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index f6b145f..a18dd8e 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -99,7 +99,17 @@
global $app, $conf;
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
+ //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ if(isset($this->dataRecord["parent_domain_id"])) {
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ } else {
+ $tmp = $app->tform->getDataRecord($this->id);
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ unset($tmp);
+ }
// Set a few fixed values
$this->dataRecord["server_id"] = $parent_domain["server_id"];
@@ -121,7 +131,7 @@
$blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist');
foreach($blacklist as $line) {
if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){
- $app->tform->errorMessage .= 'The username is not allowed.';
+ $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
}
}
unset($blacklist);
@@ -135,9 +145,11 @@
$global_config = $app->getconf->get_global_config('sites');
$shelluser_prefix = $app->tools_sites->replacePrefix($global_config['shelluser_prefix'], $this->dataRecord);
- $this->dataRecord['username_prefix'] = ($shelluser_prefix === '' ? '#' : $shelluser_prefix);
+ $this->dataRecord['username_prefix'] = $shelluser_prefix;
/* restrict the names */
$this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username'];
+
+ if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt");
}
parent::onBeforeInsert();
}
@@ -166,7 +178,7 @@
$blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist');
foreach($blacklist as $line) {
if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){
- $app->tform->errorMessage .= 'The username is not allowed.';
+ $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
}
}
unset($blacklist);
@@ -184,10 +196,12 @@
$old_record = $app->tform->getDataRecord($this->id);
$shelluser_prefix = $app->tools_sites->getPrefix($old_record['username_prefix'], $shelluser_prefix);
- $this->dataRecord['username_prefix'] = ($shelluser_prefix === '' ? '#' : $shelluser_prefix);
+ $this->dataRecord['username_prefix'] = $shelluser_prefix;
/* restrict the names */
$this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username'];
+
+ if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt");
}
}
--
Gitblit v1.9.1