From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 server/plugins-available/nginx_plugin.inc.php |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 2c347f4..0e0d9c3 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -99,7 +99,7 @@
 		$app->uses('getconf');
 		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
 		if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
-			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);	
+			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR);	
 		
 		//* Only vhosts can have a ssl cert
 		if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;
@@ -678,6 +678,9 @@
 			}
 		}
 
+		//* add the nginx user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update
+		if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
+		
 		//* If the security level is set to high
 		if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
 		
@@ -716,13 +719,10 @@
 					//* add the nginx user to the client group in the chroot environment
 					$tmp_groupfile = $app->system->server_conf['group_datei'];
 					$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
-					$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+					$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
 					$app->system->server_conf['group_datei'] = $tmp_groupfile;
 					unset($tmp_groupfile);
 				}
-
-				//* add the nginx user to the client group
-				$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
 				
 				//* Chown all default directories
 				$app->system->chown($data['new']['document_root'],'root');

--
Gitblit v1.9.1