Merged revisions 2173-2174 from stable branch.

Author: tbrehm

interface/lib/classes/remoting_lib.inc.php

@@ -661,11 +661,11 @@ function getDataRecord($primary_id) {
 		}
 
 		function ispconfig_sysuser_add($params,$insert_id){
-			global $app,$sql1;
+			global $conf,$app,$sql1;
 			$username = $app->db->quote($params["username"]);
 			$password = $app->db->quote($params["password"]);
 			if(!isset($params['modules'])) {
-				$modules = 'dashboard,mail,sites,dns,tools';
+				$modules = $conf['interface_modules_enabled'];
 			} else {
 				$modules = $app->db->quote($params['modules']);
 			}

interface/lib/classes/validate_ftpuser.inc.php

@@ -72,6 +72,8 @@ function ftp_dir($field_name, $field_value, $validator) {
 
         $doc_root .= "/";
         if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
+		
+		if(stristr($field_value,'..') or stristr($field_value,'./') or stristr($field_value,'/.')) $is_ok = false;
 
         if($is_ok == false) {
             $errmsg = $validator['errmsg'];

interface/web/sites/form/ftp_user.tform.php

@@ -126,7 +126,7 @@
 	)
 );
 
-if($_SESSION["s"]["user"]["typ"] == 'admin') {
+if($app->auth->is_admin()) {
 
 $form["tabs"]['advanced'] = array (
     'title'     => "Options",