From f343e169a2afda4512cf64d98b074ded71fbe532 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Tue, 23 Jul 2019 19:32:22 +0200
Subject: [PATCH] Insufficient escaping of whitespace in FTP user paths, fixes
 #5350

---
 interface/web/sites/form/ftp_user.tform.php          | 5 ++++-
 server/plugins-available/ftpuser_base_plugin.inc.php | 6 ++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/interface/web/sites/form/ftp_user.tform.php b/interface/web/sites/form/ftp_user.tform.php
index 239bfdb858..5e77de4b5f 100644
--- a/interface/web/sites/form/ftp_user.tform.php
+++ b/interface/web/sites/form/ftp_user.tform.php
@@ -276,7 +276,10 @@ if($app->auth->is_admin()) {
 				'formtype'  => 'TEXT',
 				'validators'    => array (  0 => array (    'type'  => 'NOTEMPTY',
 						'errmsg'=> 'directory_error_empty'),
-					1 => array (    'type'  => 'CUSTOM',
+											1 => array ( 	'type' => 'REGEX',
+															'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
+															'errmsg'=> 'directory_error_regex'),
+					2 => array (    'type'  => 'CUSTOM',
 						'class' => 'validate_ftpuser',
 						'function' => 'ftp_dir',
 						'errmsg' => 'directory_error_notinweb'),
diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
index af5870a4ba..c34371a181 100644
--- a/server/plugins-available/ftpuser_base_plugin.inc.php
+++ b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -83,8 +83,7 @@ class ftpuser_base_plugin {
 			}
 
 			$app->system->web_folder_protection($web['document_root'], false);
-			exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
-			exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
+			$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
 			$app->system->web_folder_protection($web['document_root'], true);
 
 			$app->log("Added ftpuser_dir: ".$data['new']['dir'], LOGLEVEL_DEBUG);
@@ -109,8 +108,7 @@ class ftpuser_base_plugin {
 			}
 
 			$app->system->web_folder_protection($web['document_root'], false);
-			exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
-			exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
+			$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
 			$app->system->web_folder_protection($web['document_root'], true);
 			
 			
-- 
GitLab