From f1f72ff9ddcfdeda9c05251ef410ff1dec238405 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 07 Jan 2013 10:17:09 -0500
Subject: [PATCH] Fixed: FS#2608 - Certain complex database passwords are not escaped properly (MySQL)  - passwords are now enrypted already in tform (and remoting) and not stored in datalog clear text  - clientdb plugin no longer encrypts password itself but receives crypted password

---
 interface/lib/classes/validate_ftpuser.inc.php |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/interface/lib/classes/validate_ftpuser.inc.php b/interface/lib/classes/validate_ftpuser.inc.php
index 7e04cb9..0682650 100644
--- a/interface/lib/classes/validate_ftpuser.inc.php
+++ b/interface/lib/classes/validate_ftpuser.inc.php
@@ -72,6 +72,8 @@
         
         $doc_root .= "/";
         if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
+		
+		if(stristr($field_value,'..') or stristr($field_value,'./') or stristr($field_value,'/.')) $is_ok = false;
         
         if($is_ok == false) {
             $errmsg = $validator['errmsg'];

--
Gitblit v1.9.1