From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 interface/web/tools/form/interface_settings.tform.php |   50 +++++++++++++++++++++++---------------------------
 1 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/interface/web/tools/form/interface_settings.tform.php b/interface/web/tools/form/interface_settings.tform.php
index b3466d9..c93da46 100644
--- a/interface/web/tools/form/interface_settings.tform.php
+++ b/interface/web/tools/form/interface_settings.tform.php
@@ -84,14 +84,27 @@
 //* Pick out modules
 //* TODO: limit to activated modules of the user
 $modules_list = array();
-$handle = @opendir(ISPC_WEB_PATH); 
-while ($file = @readdir ($handle)) { 
-    if ($file != '.' && $file != '..') {
-        if(@is_dir(ISPC_WEB_PATH."/$file")) {
-            if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
-				$modules_list[$file] = $file;
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
+	$handle = @opendir(ISPC_WEB_PATH); 
+	while ($file = @readdir ($handle)) { 
+		if ($file != '.' && $file != '..') {
+			if(@is_dir(ISPC_WEB_PATH."/$file")) {
+				if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
+					$modules_list[$file] = $file;
+				}
 			}
-        }
+		}
+	}
+} else {
+	$tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = '".$_SESSION["s"]["user"]['username']."'");
+	$modules = $tmp['modules'];
+	//$modules = $conf['interface_modules_enabled'];
+	if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+		$modules .= ',client';
+	}
+	$tmp = explode(',',$modules);
+	foreach($tmp as $m) {
+		$modules_list[$m] = $m;
 	}
 }
 
@@ -113,7 +126,9 @@
 while ($file = @readdir ($handle)) { 
     if (substr($file, 0, 1) != '.') {
         if(@is_dir(ISPC_THEMES_PATH."/$file")) {
-			$themes_list[$file] = $file;
+			if(!file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") || (@file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") && trim(@file_get_contents(ISPC_THEMES_PATH."/$file/ispconfig_version")) == ISPC_APP_VERSION)) {
+                $themes_list[$file] = $file;
+            }
         }
 	}
 }
@@ -136,25 +151,6 @@
 			'separator'	=> '',
 			'width'		=> '30',
 			'maxlength'	=> '255',
-			'rows'		=> '',
-			'cols'		=> ''
-		),
-		'language' => array (
-			'datatype'	=> 'VARCHAR',
-			'formtype'	=> 'SELECT',
-                        'validators'	=> array ( 0 => array (	'type'	=> 'NOTEMPTY',
-                                                                'errmsg'=> 'language_is_empty'),
-                                                   1 => array (	'type'	=> 'REGEX',
-                                                                'regex' => '/^[a-z]{2}$/i',
-                                                                'errmsg'=> 'language_regex_mismatch'),
-                                                ),
-			'regex'		=> '',
-			'errmsg'	=> '',
-			'default'	=> '',
-			'value'		=> $language_list,
-			'separator'	=> '',
-			'width'		=> '30',
-			'maxlength'	=> '2',
 			'rows'		=> '',
 			'cols'		=> ''
 		),

--
Gitblit v1.9.1