Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Webslice
ISPConfig 3
Commits
f343e169
Commit
f343e169
authored
Jul 23, 2019
by
Marius Burkard
Browse files
Insufficient escaping of whitespace in FTP user paths, fixes #5350
parent
eae23686
Changes
2
Hide whitespace changes
Inline
Side-by-side
interface/web/sites/form/ftp_user.tform.php
View file @
f343e169
...
...
@@ -276,7 +276,10 @@ if($app->auth->is_admin()) {
'formtype'
=>
'TEXT'
,
'validators'
=>
array
(
0
=>
array
(
'type'
=>
'NOTEMPTY'
,
'errmsg'
=>
'directory_error_empty'
),
1
=>
array
(
'type'
=>
'CUSTOM'
,
1
=>
array
(
'type'
=>
'REGEX'
,
'regex'
=>
'/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/'
,
'errmsg'
=>
'directory_error_regex'
),
2
=>
array
(
'type'
=>
'CUSTOM'
,
'class'
=>
'validate_ftpuser'
,
'function'
=>
'ftp_dir'
,
'errmsg'
=>
'directory_error_notinweb'
),
...
...
server/plugins-available/ftpuser_base_plugin.inc.php
View file @
f343e169
...
...
@@ -83,8 +83,7 @@ class ftpuser_base_plugin {
}
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
false
);
exec
(
'mkdir -p '
.
escapeshellcmd
(
$data
[
'new'
][
'dir'
]));
exec
(
'chown '
.
escapeshellcmd
(
$web
[
"system_user"
])
.
':'
.
escapeshellcmd
(
$web
[
'system_group'
])
.
' '
.
$data
[
'new'
][
'dir'
]);
$app
->
system
->
mkdirpath
(
$data
[
'new'
][
'dir'
],
0755
,
$web
[
"system_user"
],
$web
[
"system_group"
]);
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
true
);
$app
->
log
(
"Added ftpuser_dir: "
.
$data
[
'new'
][
'dir'
],
LOGLEVEL_DEBUG
);
...
...
@@ -109,8 +108,7 @@ class ftpuser_base_plugin {
}
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
false
);
exec
(
'mkdir -p '
.
escapeshellcmd
(
$data
[
'new'
][
'dir'
]));
exec
(
'chown '
.
escapeshellcmd
(
$web
[
"system_user"
])
.
':'
.
escapeshellcmd
(
$web
[
'system_group'
])
.
' '
.
$data
[
'new'
][
'dir'
]);
$app
->
system
->
mkdirpath
(
$data
[
'new'
][
'dir'
],
0755
,
$web
[
"system_user"
],
$web
[
"system_group"
]);
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
true
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment