Fixed some errors in user check of apache and nginx plugin.

Author: Till Brehm

interface/lib/classes/functions.inc.php

@@ -430,7 +430,7 @@ public function is_allowed_user($username, $restrict_names = false) {
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($username,$name_blacklist)) return false;
 
-		if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
+		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;
 
 		if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
 
@@ -443,7 +443,7 @@ public function is_allowed_group($groupname, $restrict_names = false) {
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($groupname,$name_blacklist)) return false;
 
-		if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
+		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;
 
 		if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
 

server/lib/classes/system.inc.php

@@ -1824,7 +1824,7 @@ public function is_allowed_user($username, $check_id = true, $restrict_names = f
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($username,$name_blacklist)) return false;
 
-		if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
+		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $username) == false) return false;
 
 		if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;
 
@@ -1833,18 +1833,18 @@ public function is_allowed_user($username, $check_id = true, $restrict_names = f
 		return true;
 	}
 
-	public function is_allowed_group($groupname, $restrict_names = false) {
+	public function is_allowed_group($groupname, $check_id = true, $restrict_names = false) {
 		global $app;
-		
+		echo 1;
 		$name_blacklist = array('root','ispconfig','vmail','getmail');
 		if(in_array($groupname,$name_blacklist)) return false;
-		
-		if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
-		
-		if(intval($this->getgid($groupname)) < $this->min_gid) return false;
-		
+		echo 2;
+		if(preg_match('/^[a-zA-Z0-9\.\-]{1,32}$/', $groupname) == false) return false;
+		echo 3;
+		if($check_id && intval($this->getgid($groupname)) < $this->min_gid) return false;
+		echo 4;
 		if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
-		
+		echo 5;
 		return true;
 	}
 

server/plugins-available/apache2_plugin.inc.php

@@ -344,9 +344,9 @@ function update($event_name, $data) {
 			if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);
 			return 0;
 		}
-		if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)
-			|| !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {
-			$app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);
+		if($app->system->is_allowed_user($data['new']['system_user'], $app->system->is_user($data['new']['system_user']), true) == false
+			|| $app->system->is_allowed_group($data['new']['system_group'], $app->system->is_group($data['new']['system_group']), true) == false) {
+			$app->log('Websites cannot be owned by the root user or group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);
 			return 0;
 		}
 		if(trim($data['new']['domain']) == '') {