Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Dirk Dankhoff
ISPConfig 3
Commits
bbb954fd
Commit
bbb954fd
authored
Apr 04, 2012
by
tbrehm
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Extended path checks for ftp and shell users.
parent
217b8d78
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
34 additions
and
0 deletions
+34
-0
interface/web/sites/ftp_user_edit.php
interface/web/sites/ftp_user_edit.php
+2
-0
interface/web/sites/lib/lang/en_ftp_user.lng
interface/web/sites/lib/lang/en_ftp_user.lng
+2
-0
interface/web/sites/lib/lang/en_shell_user.lng
interface/web/sites/lib/lang/en_shell_user.lng
+2
-0
interface/web/sites/shell_user_edit.php
interface/web/sites/shell_user_edit.php
+2
-0
server/plugins-available/ftpuser_base_plugin.inc.php
server/plugins-available/ftpuser_base_plugin.inc.php
+12
-0
server/plugins-available/shelluser_base_plugin.inc.php
server/plugins-available/shelluser_base_plugin.inc.php
+14
-0
No files found.
interface/web/sites/ftp_user_edit.php
View file @
bbb954fd
...
...
@@ -106,6 +106,8 @@ class page_action extends tform_actions {
if
(
isset
(
$this
->
dataRecord
[
'username'
])
&&
trim
(
$this
->
dataRecord
[
'username'
])
==
''
)
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'username_error_empty'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'username'
])
&&
empty
(
$this
->
dataRecord
[
'parent_domain_id'
]))
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'parent_domain_id_error_empty'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'dir'
])
&&
stristr
(
$this
->
dataRecord
[
'dir'
],
'..'
))
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'dir_dot_error'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'dir'
])
&&
stristr
(
$this
->
dataRecord
[
'dir'
],
'./'
))
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'dir_slashdot_error'
)
.
'<br />'
;
parent
::
onSubmit
();
}
...
...
interface/web/sites/lib/lang/en_ftp_user.lng
View file @
bbb954fd
...
...
@@ -26,4 +26,6 @@ $wb["directory_error_empty"] = 'Directory empty.';
$wb
[
'directory_error_notinweb'
]
=
'Directory not inside of web root directory.'
;
$wb
[
"parent_domain_id_error_empty"
]
=
'No website selected.'
;
$wb
[
"quota_size_error_regex"
]
=
'Quota: enter a -1 for unlimited or a number > 0'
;
$wb
[
'dir_dot_error'
]
=
'No .. in path allowed.'
;
$wb
[
'dir_slashdot_error'
]
=
'No ./ in path allowed.'
;
?>
interface/web/sites/lib/lang/en_shell_user.lng
View file @
bbb954fd
...
...
@@ -21,4 +21,6 @@ $wb["directory_error_empty"] = 'Directory empty.';
$wb
[
"limit_shell_user_txt"
]
=
'The max number of shell users is reached.'
;
$wb
[
"parent_domain_id_error_empty"
]
=
'No website selected.'
;
$wb
[
"ssh_rsa_txt"
]
=
'SSH-RSA Public Key (for key-based logins)'
;
$wb
[
'dir_dot_error'
]
=
'No .. in path allowed.'
;
$wb
[
'dir_slashdot_error'
]
=
'No ./ in path allowed.'
;
?>
interface/web/sites/shell_user_edit.php
View file @
bbb954fd
...
...
@@ -111,6 +111,8 @@ class page_action extends tform_actions {
if
(
isset
(
$this
->
dataRecord
[
'username'
])
&&
trim
(
$this
->
dataRecord
[
'username'
])
==
''
)
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'username_error_empty'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'username'
])
&&
empty
(
$this
->
dataRecord
[
'parent_domain_id'
]))
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'parent_domain_id_error_empty'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'dir'
])
&&
stristr
(
$this
->
dataRecord
[
'dir'
],
'..'
))
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'dir_dot_error'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'dir'
])
&&
stristr
(
$this
->
dataRecord
[
'dir'
],
'./'
))
$app
->
tform
->
errorMessage
.
=
$app
->
tform
->
lng
(
'dir_slashdot_error'
)
.
'<br />'
;
if
(
isset
(
$this
->
dataRecord
[
'ssh_rsa'
]))
$this
->
dataRecord
[
'ssh_rsa'
]
=
trim
(
$this
->
dataRecord
[
'ssh_rsa'
]);
...
...
server/plugins-available/ftpuser_base_plugin.inc.php
View file @
bbb954fd
...
...
@@ -74,6 +74,12 @@ class ftpuser_base_plugin {
$web
=
$app
->
db
->
queryOneRecord
(
"SELECT * FROM web_domain WHERE domain_id = "
.
intval
(
$data
[
'new'
][
'parent_domain_id'
]));
//* Check if the resulting path is inside the docroot
if
(
substr
(
realpath
(
$data
[
'new'
][
'dir'
]),
0
,
strlen
(
$web
[
'document_root'
]))
!=
$web
[
'document_root'
])
{
$app
->
log
(
'User dir is outside of docroot.'
,
LOGLEVEL_WARN
);
return
false
;
}
exec
(
'mkdir -p '
.
escapeshellcmd
(
$data
[
'new'
][
'dir'
]));
exec
(
'chown '
.
escapeshellcmd
(
$web
[
"system_user"
])
.
':'
.
escapeshellcmd
(
$web
[
'system_group'
])
.
' '
.
$data
[
'new'
][
'dir'
]);
...
...
@@ -90,6 +96,12 @@ class ftpuser_base_plugin {
$web
=
$app
->
db
->
queryOneRecord
(
"SELECT * FROM web_domain WHERE domain_id = "
.
intval
(
$data
[
'new'
][
'parent_domain_id'
]));
//* Check if the resulting path is inside the docroot
if
(
substr
(
realpath
(
$data
[
'new'
][
'dir'
]),
0
,
strlen
(
$web
[
'document_root'
]))
!=
$web
[
'document_root'
])
{
$app
->
log
(
'User dir is outside of docroot.'
,
LOGLEVEL_WARN
);
return
false
;
}
exec
(
'mkdir -p '
.
escapeshellcmd
(
$data
[
'new'
][
'dir'
]));
exec
(
'chown '
.
escapeshellcmd
(
$web
[
"system_user"
])
.
':'
.
escapeshellcmd
(
$web
[
'system_group'
])
.
' '
.
$data
[
'new'
][
'dir'
]);
...
...
server/plugins-available/shelluser_base_plugin.inc.php
View file @
bbb954fd
...
...
@@ -72,6 +72,13 @@ class shelluser_base_plugin {
$app
->
uses
(
'system'
);
//* Check if the resulting path is inside the docroot
$web
=
$app
->
db
->
queryOneRecord
(
"SELECT * FROM web_domain WHERE domain_id = "
.
intval
(
$data
[
'new'
][
'parent_domain_id'
]));
if
(
substr
(
realpath
(
$data
[
'new'
][
'dir'
]),
0
,
strlen
(
$web
[
'document_root'
]))
!=
$web
[
'document_root'
])
{
$app
->
log
(
'Directory of the shell user is outside of website docroot.'
,
LOGLEVEL_WARN
);
return
false
;
}
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'puser'
]))
{
// Get the UID of the parent user
$uid
=
intval
(
$app
->
system
->
getuid
(
$data
[
'new'
][
'puser'
]));
...
...
@@ -121,6 +128,13 @@ class shelluser_base_plugin {
$app
->
uses
(
'system'
);
//* Check if the resulting path is inside the docroot
$web
=
$app
->
db
->
queryOneRecord
(
"SELECT * FROM web_domain WHERE domain_id = "
.
intval
(
$data
[
'new'
][
'parent_domain_id'
]));
if
(
substr
(
realpath
(
$data
[
'new'
][
'dir'
]),
0
,
strlen
(
$web
[
'document_root'
]))
!=
$web
[
'document_root'
])
{
$app
->
log
(
'Directory of the shell user is outside of website docroot.'
,
LOGLEVEL_WARN
);
return
false
;
}
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'puser'
]))
{
// Get the UID of the parent user
$uid
=
intval
(
$app
->
system
->
getuid
(
$data
[
'new'
][
'puser'
]));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment