From e372dd6925058eddf34e5b2b5ca59a5707befb37 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Fri, 11 Oct 2013 02:58:52 -0400
Subject: [PATCH] Implemented: - javascript hooks prepared (onAfterContentLoad is first available hook) - new abstract class for GET and POST requests - new js.d directory that is included into main template
---
interface/lib/classes/validate_ftpuser.inc.php | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php
index 7e04cb9..60768a3 100644
--- a/interface/lib/classes/validate_ftpuser.inc.php
+++ b/interface/lib/classes/validate_ftpuser.inc.php
@@ -47,7 +47,7 @@
$ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");
- if(!$ftp_data["parent_domain_id"]) {
+ if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
@@ -57,7 +57,7 @@
}
$domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($ftp_data["parent_domain_id"])."'");
- if(!$domain_data["domain_id"]) {
+ if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
@@ -72,7 +72,12 @@
$doc_root .= "/";
if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
+
+ if(stristr($field_value,'..') or stristr($field_value,'./') or stristr($field_value,'/.')) $is_ok = false;
+ //* Final check if docroot path of website is >= 5 chars
+ if(strlen($doc_root) < 5) $is_ok = false;
+
if($is_ok == false) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
--
Gitblit v1.9.1