maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

try to reduce weird path-values when people are getting creative, fixes #487

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2017-11-27 08:14:31 +01:00
parent cb31c5258d
commit a5251824ae
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
customer_domains.php
View File

@@ -327,6 +327,9 @@ if ($page == 'overview') {
} }
if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) { if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
if (strstr($path, ":") !== FALSE) {
standard_error('pathmaynotcontaincolon');
}
// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
// set default path to subdomain or domain name // set default path to subdomain or domain name
if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) { if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -334,9 +337,6 @@ if ($page == 'overview') {
} else { } else {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
} }
if (strstr($path, ":") !== FALSE) {
standard_error('pathmaynotcontaincolon');
}
} else { } else {
$_doredirect = true; $_doredirect = true;
} }
@@ -571,6 +571,9 @@ if ($page == 'overview') {
} }
if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) { if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
if (strstr($path, ":") !== FALSE) {
standard_error('pathmaynotcontaincolon');
}
// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
// set default path to subdomain or domain name // set default path to subdomain or domain name
if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) { if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -578,9 +581,6 @@ if ($page == 'overview') {
} else { } else {
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
} }
if (strstr($path, ":") !== FALSE) {
standard_error('pathmaynotcontaincolon');
}
} else { } else {
$_doredirect = true; $_doredirect = true;
} }