Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
I
ISPConfig 3
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 485
    • Issues 485
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 23
    • Merge Requests 23
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #5350

Closed
Open
Opened Jul 22, 2019 by WHO@who

Insufficient escaping of whitespace in FTP user paths

Under "Web pages" => "Web access" => "FTP user" => Edit or create new => "Options" => "Directory

If you store e.g. /var/www/clients/client23/web167/ /root/TEST the folder TEST with the user rights of the FTP account will be created in /root/. What is even worse is that the permissions of existing folders are overwritten.

Scope: A valid client login with active website module and the permission to add FTP users in client limits is required to access the FTP user path setting.

Note: The original report has been translated to English by ISPConfig developers and the scope information has been added.

Edited Jul 23, 2019 by Till Brehm
Assignee
Assign to
3.1.14p2
Milestone
3.1.14p2
Assign milestone
Time tracking
None
Due date
None
Reference: ispconfig/ispconfig3#5350