Commit 217b8d78 authored by tbrehm's avatar tbrehm

Fixed: FS#2157 - Add new Webdav user" can chmod and chown entire server from client interface

parent 8c080c6d
...@@ -13,4 +13,6 @@ $wb["username_error_regex"] = 'The username contains charachters that are not al ...@@ -13,4 +13,6 @@ $wb["username_error_regex"] = 'The username contains charachters that are not al
$wb["directory_error_empty"] = 'Directory empty.'; $wb["directory_error_empty"] = 'Directory empty.';
$wb["parent_domain_id_error_empty"] = 'No website selected.'; $wb["parent_domain_id_error_empty"] = 'No website selected.';
$wb['password_strength_txt'] = 'Password strength'; $wb['password_strength_txt'] = 'Password strength';
$wb['dir_dot_error'] = 'No .. in path allowed.';
$wb['dir_slashdot_error'] = 'No ./ in path allowed.';
?> ?>
...@@ -114,7 +114,9 @@ class page_action extends tform_actions { ...@@ -114,7 +114,9 @@ class page_action extends tform_actions {
*/ */
if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />'; if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />';
if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />'; if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />';
if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'..')) $app->tform->errorMessage .= $app->tform->lng('dir_dot_error').'<br />';
if(isset($this->dataRecord['dir']) && stristr($this->dataRecord['dir'],'./')) $app->tform->errorMessage .= $app->tform->lng('dir_slashdot_error').'<br />';
parent::onSubmit(); parent::onSubmit();
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment