From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.
---
interface/web/admin/form/users.tform.php | 40 ++++++++++++++++++++++++++++------------
1 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/interface/web/admin/form/users.tform.php b/interface/web/admin/form/users.tform.php
index e756e47..b6ff5f3 100644
--- a/interface/web/admin/form/users.tform.php
+++ b/interface/web/admin/form/users.tform.php
@@ -60,15 +60,16 @@
*/
-$form['title'] = 'Users';
+$form['title'] = 'Users';
$form['description'] = 'Form to edit systemusers.';
-$form['name'] = 'users';
-$form['action'] = 'users_edit.php';
-$form['db_table'] = 'sys_user';
+$form['name'] = 'users';
+$form['action'] = 'users_edit.php';
+$form['db_table'] = 'sys_user';
$form['db_table_idx'] = 'userid';
+$form["db_history"] = "no";
$form['tab_default'] = 'users';
$form['list_default'] = 'users_list.php';
-$form['auth'] = 'yes';
+$form['auth'] = 'yes';
//* 0 = id of the user, > 0 id must match with id of current user
$form['auth_preset']['userid'] = 0;
@@ -76,9 +77,9 @@
$form['auth_preset']['groupid'] = 0;
//** Permissions are: r = read, i = insert, u = update, d = delete
-$form['auth_preset']['perm_user'] = 'riud';
-$form['auth_preset']['perm_group'] = 'riud'; //r = read, i = insert, u = update, d = delete
-$form['auth_preset']['perm_other'] = ''; //r = read, i = insert, u = update, d = delete
+$form['auth_preset']['perm_user'] = 'riud';
+$form['auth_preset']['perm_group'] = 'riud';
+$form['auth_preset']['perm_other'] = '';
//* Pick out modules
$modules_list = array();
@@ -86,7 +87,7 @@
while ($file = @readdir ($handle)) {
if ($file != '.' && $file != '..') {
if(@is_dir(ISPC_WEB_PATH."/$file")) {
- if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login') {
+ if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
$modules_list[$file] = $file;
}
}
@@ -99,7 +100,9 @@
while ($file = @readdir ($handle)) {
if (substr($file, 0, 1) != '.') {
if(@is_dir(ISPC_THEMES_PATH."/$file")) {
- $themes_list[$file] = $file;
+ if(!file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") || (@file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") && trim(@file_get_contents(ISPC_THEMES_PATH."/$file/ispconfig_version")) == ISPC_APP_VERSION)) {
+ $themes_list[$file] = $file;
+ }
}
}
}
@@ -136,8 +139,20 @@
'username' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
- 'regex' => '/^.{1,30}$/',
- 'errmsg' => 'username_err',
+ 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
+ 'errmsg'=> 'username_empty'),
+ 1 => array ( 'type' => 'UNIQUE',
+ 'errmsg'=> 'username_unique'),
+ 2 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[\w\.\-\_]{0,64}$/',
+ 'errmsg'=> 'username_err'),
+ 3 => array ( 'type' => 'CUSTOM',
+ 'class' => 'validate_client',
+ 'function' => 'username_collision',
+ 'errmsg'=> 'username_error_collision'),
+ ),
+ 'regex' => '',
+ 'errmsg' => '',
'default' => '',
'value' => '',
'separator' => '',
@@ -149,6 +164,7 @@
'passwort' => array (
'datatype' => 'VARCHAR',
'formtype' => 'PASSWORD',
+ 'encryption' => 'CRYPT',
'regex' => '',
'errmsg' => '',
'default' => '',
--
Gitblit v1.9.1