From f2fc77f29ce81b6493ab629e0f8f9da2b3df857d Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 31 Jul 2014 15:46:18 -0400
Subject: [PATCH] Improved input validation.

---
 interface/web/sites/form/shell_user.tform.php |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/interface/web/sites/form/shell_user.tform.php b/interface/web/sites/form/shell_user.tform.php
index ab7cef1..d8df458 100644
--- a/interface/web/sites/form/shell_user.tform.php
+++ b/interface/web/sites/form/shell_user.tform.php
@@ -197,6 +197,12 @@
 			'shell' => array (
 				'datatype' => 'VARCHAR',
 				'formtype' => 'TEXT',
+				'validators' => array ( 0 => array ( 	'type' => 'NOTEMPTY',
+														'errmsg'=> 'shell_error_empty'),
+										1 => array ( 	'type' => 'REGEX',
+															'regex' => '/^\/[a-zA-Z0-9\/]{5,20}$/',
+															'errmsg'=> 'shell_error_regex'),
+				),
 				'default' => '/bin/bash',
 				'value'  => '',
 				'width'  => '30',
@@ -205,8 +211,11 @@
 			'dir' => array (
 				'datatype' => 'VARCHAR',
 				'formtype' => 'TEXT',
-				'validators' => array (  0 => array ( 'type' => 'NOTEMPTY',
-						'errmsg'=> 'directory_error_empty'),
+				'validators' => array ( 0 => array ( 	'type' => 'NOTEMPTY',
+														'errmsg'=> 'directory_error_empty'),
+										1 => array ( 	'type' => 'REGEX',
+															'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
+															'errmsg'=> 'directory_error_regex'),
 				),
 				'default' => '',
 				'value'  => '',

--
Gitblit v1.9.1