maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix forgotten ->escape in customer_ftp

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-11-17 10:51:28 +01:00
parent 50b9eec6c1
commit cf4865828c
2 changed files with 7 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
customer_domains.php
View File

@@ -18,11 +18,6 @@
*/ */
define('AREA', 'customer'); define('AREA', 'customer');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require ("./lib/init.php"); require ("./lib/init.php");
if(isset($_POST['id'])) { if(isset($_POST['id'])) {
@@ -717,14 +712,6 @@ if($page == 'overview') {
$cert_content = openssl_x509_parse($ssl_cert_file); $cert_content = openssl_x509_parse($ssl_cert_file);
if (is_array($cert_content) && isset($cert_content['subject']) && isset($cert_content['subject']['CN'])) { if (is_array($cert_content) && isset($cert_content['subject']) && isset($cert_content['subject']['CN'])) {
// TODO self-signed certs might differ and don't need/want this
/*
$domain = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAINS."` WHERE `id`='".(int)$id."'");
if (strtolower($cert_content['subject']['CN']) != strtolower($idna_convert->decode($domain['domain']))) {
standard_error('sslcertificatewrongdomain');
}
*/
// bool openssl_x509_check_private_key ( mixed $cert , mixed $key ) // bool openssl_x509_check_private_key ( mixed $cert , mixed $key )
// Checks whether the given key is the private key that corresponds to cert. // Checks whether the given key is the private key that corresponds to cert.
if (openssl_x509_check_private_key($ssl_cert_file, $ssl_key_file) === false) { if (openssl_x509_check_private_key($ssl_cert_file, $ssl_key_file) === false) {

13
customer_ftp.php
View File

@@ -119,11 +119,12 @@ if ($page == 'overview') {
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "` $stmt = Database::prepare("
SET `members`=REPLACE(`members`,'," . $db->escape($result['username']) . "','') UPDATE `" . TABLE_FTP_GROUPS . "` SET
WHERE `customerid`='" . (int)$userinfo['customerid'] . "'" `members` = REPLACE(`members`, :username,'')
); WHERE `customerid` = :customerid
Database::pexecute($stmt, array("username" => $result['username'], "customerid" => $userinfo['customerid'])); ");
Database::pexecute($stmt, array("username" => ",".$result['username'], "customerid" => $userinfo['customerid']));
$log->logAction(USR_ACTION, LOG_INFO, "deleted ftp-account '" . $result['username'] . "'"); $log->logAction(USR_ACTION, LOG_INFO, "deleted ftp-account '" . $result['username'] . "'");
@@ -140,7 +141,7 @@ if ($page == 'overview') {
); );
Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {
ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']); ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']);
} }