Commit f343e169 authored by Marius Burkard's avatar Marius Burkard

Insufficient escaping of whitespace in FTP user paths, fixes #5350

parent eae23686
Pipeline #1239 passed with stage
in 2 minutes and 41 seconds
......@@ -276,7 +276,10 @@ if($app->auth->is_admin()) {
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'directory_error_empty'),
1 => array ( 'type' => 'CUSTOM',
1 => array ( 'type' => 'REGEX',
'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
'errmsg'=> 'directory_error_regex'),
2 => array ( 'type' => 'CUSTOM',
'class' => 'validate_ftpuser',
'function' => 'ftp_dir',
'errmsg' => 'directory_error_notinweb'),
......
......@@ -83,8 +83,7 @@ class ftpuser_base_plugin {
}
$app->system->web_folder_protection($web['document_root'], false);
exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
$app->system->web_folder_protection($web['document_root'], true);
$app->log("Added ftpuser_dir: ".$data['new']['dir'], LOGLEVEL_DEBUG);
......@@ -109,8 +108,7 @@ class ftpuser_base_plugin {
}
$app->system->web_folder_protection($web['document_root'], false);
exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
$app->system->web_folder_protection($web['document_root'], true);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment