From e0dc711c2b2dc4e2ec397d7f53910f11e1ca4ade Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 02 Sep 2013 04:14:56 -0400
Subject: [PATCH] - Changed previous commit to check for read permissions only on download action

---
 server/lib/classes/system.inc.php |   31 ++++++++++++++++++++++++++++++-
 1 files changed, 30 insertions(+), 1 deletions(-)

diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 148193f..f6b52cf 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -598,6 +598,35 @@
 	}
 	
 	/**
+	* Return info about a group by name
+	*
+	*/
+	function posix_getgrnam($group) {
+		if(!function_exists('posix_getgrnam')){
+			$group_datei = $this->server_conf['group_datei'];
+			$cmd = 'grep -m 1 "^'.$group.':" '.$group_datei;
+			exec($cmd, $output, $return_var);
+			if($return_var != 0 || !$output[0]) return false;
+			list($f1, $f2, $f3, $f4) = explode(':', $output[0]);
+			$f2 = trim($f2);
+			$f3 = trim($f3);
+			$f4 = trim($f4);
+			if($f4 != ''){
+				$members = explode(',', $f4);
+			} else {
+				$members = array();
+			}
+			$group_details = array(	'name' => $group,
+									'passwd' => $f2,
+									'members' => $members,
+									'gid' => $f3);
+			return $group_details;	
+		} else {
+			return posix_getgrnam($group);
+		}
+    }
+	
+	/**
 	 * Get all information from a user
 	 *
 	 */
@@ -751,7 +780,7 @@
 		if(substr($path,0,1) != '/') return false;
 		
 		//* We allow only some characters in the path
-		if(!preg_match('/[a-zA-Z0-9_\.\-]{1,}/',$path)) return false;
+		if(!preg_match('/^\/[a-zA-Z0-9_\/\.\-]{1,}$/',$path)) return false;
 		
 		//* Check path for symlinks
 		$path_parts = explode('/',$path);

--
Gitblit v1.9.1