Insufficient escaping of whitespace in FTP user paths, fixes #5350

f343e169 · Marius Burkard · eae23686 · f343e169 · f343e169
Commit f343e169 authored 5 years ago by Marius Burkard
--- a/interface/web/sites/form/ftp_user.tform.php
+++ b/interface/web/sites/form/ftp_user.tform.php
@@ -276,7 +276,10 @@ if($app->auth->is_admin()) {
 				'formtype'  => 'TEXT',
 				'validators'    => array (  0 => array (    'type'  => 'NOTEMPTY',
 						'errmsg'=> 'directory_error_empty'),
-					1 => array (    'type'  => 'CUSTOM',
+											1 => array ( 	'type' => 'REGEX',
+															'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
+															'errmsg'=> 'directory_error_regex'),
+					2 => array (    'type'  => 'CUSTOM',
 						'class' => 'validate_ftpuser',
 						'function' => 'ftp_dir',
 						'errmsg' => 'directory_error_notinweb'),

--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -83,8 +83,7 @@ class ftpuser_base_plugin {
 			}
 			$app->system->web_folder_protection($web['document_root'], false);
-			exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
+			$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
-			exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
 			$app->system->web_folder_protection($web['document_root'], true);
 			$app->log("Added ftpuser_dir: ".$data['new']['dir'], LOGLEVEL_DEBUG);
@@ -109,8 +108,7 @@ class ftpuser_base_plugin {
 			}
 			$app->system->web_folder_protection($web['document_root'], false);
-			exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
+			$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
-			exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
 			$app->system->web_folder_protection($web['document_root'], true);