Skip to content

Commit 938baf0

Browse files
author
Till Brehm
committed
Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5
2 parents 07bf128 + 6d21f16 commit 938baf0

File tree

1 file changed

+18
-4
lines changed

1 file changed

+18
-4
lines changed

server/plugins-available/shelluser_base_plugin.inc.php

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,12 @@ function insert($event_name, $data) {
7474

7575
//* Check if the resulting path is inside the docroot
7676
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
77-
if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
78-
$app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
77+
if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
78+
$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
79+
return false;
80+
}
81+
if(strpos($data['new']['dir'], '/../') !== false || substr($data['new']['dir'],-3) == '/..') {
82+
$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
7983
return false;
8084
}
8185

@@ -137,8 +141,13 @@ function update($event_name, $data) {
137141

138142
//* Check if the resulting path is inside the docroot
139143
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
140-
if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
141-
$app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
144+
if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
145+
$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
146+
return false;
147+
}
148+
149+
if(strpos($data['new']['dir'], '/../') !== false || substr($data['new']['dir'],-3) == '/..') {
150+
$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
142151
return false;
143152
}
144153

@@ -163,6 +172,11 @@ function update($event_name, $data) {
163172
$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
164173
*/
165174
//$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
175+
if($data['new']['dir'] != $data['old']['dir'] && !is_dir($data['new']['dir'])){
176+
$app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700');
177+
$app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username']));
178+
$app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup']));
179+
}
166180
$app->system->usermod($data['old']['username'], 0, $app->system->getgid($data['new']['pgroup']), $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
167181
$app->log("Updated shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG);
168182

0 commit comments

Comments
 (0)