Insufficient escaping of whitespace in FTP user paths, fixes #5350

Marius Burkard · Marius Burkard · commit f343e169a2af · 2019-07-23T19:32:22.000+02:00
diff --git a/interface/web/sites/form/ftp_user.tform.php b/interface/web/sites/form/ftp_user.tform.php
@@ -276,7 +276,10 @@
 				'formtype'  => 'TEXT',
 				'validators'    => array (  0 => array (    'type'  => 'NOTEMPTY',
 						'errmsg'=> 'directory_error_empty'),
-					1 => array (    'type'  => 'CUSTOM',
+											1 => array ( 	'type' => 'REGEX',
+															'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
+															'errmsg'=> 'directory_error_regex'),
+					2 => array (    'type'  => 'CUSTOM',
 						'class' => 'validate_ftpuser',
 						'function' => 'ftp_dir',
 						'errmsg' => 'directory_error_notinweb'),
diff --git a/server/plugins-available/ftpuser_base_plugin.inc.php b/server/plugins-available/ftpuser_base_plugin.inc.php
@@ -83,8 +83,7 @@ function insert($event_name, $data) {
 			}
 
 			$app->system->web_folder_protection($web['document_root'], false);
-			exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
-			exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
+			$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
 			$app->system->web_folder_protection($web['document_root'], true);
 
 			$app->log("Added ftpuser_dir: ".$data['new']['dir'], LOGLEVEL_DEBUG);
@@ -109,8 +108,7 @@ function update($event_name, $data) {
 			}
 
 			$app->system->web_folder_protection($web['document_root'], false);
-			exec('mkdir -p '.escapeshellcmd($data['new']['dir']));
-			exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);
+			$app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);
 			$app->system->web_folder_protection($web['document_root'], true);
 			
 			

Original file line number	Diff line number	Diff line change
`@@ -83,8 +83,7 @@ function insert($event_name, $data) {`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`$app->system->web_folder_protection($web['document_root'], false);`
`86`		`- exec('mkdir -p '.escapeshellcmd($data['new']['dir']));`
`87`		`- exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);`
	`86`	`+ $app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);`
`88`	`87`	`$app->system->web_folder_protection($web['document_root'], true);`
`89`	`88`
`90`	`89`	`$app->log("Added ftpuser_dir: ".$data['new']['dir'], LOGLEVEL_DEBUG);`
`@@ -109,8 +108,7 @@ function update($event_name, $data) {`
`109`	`108`	`}`
`110`	`109`
`111`	`110`	`$app->system->web_folder_protection($web['document_root'], false);`
`112`		`- exec('mkdir -p '.escapeshellcmd($data['new']['dir']));`
`113`		`- exec('chown '.escapeshellcmd($web["system_user"]).':'.escapeshellcmd($web['system_group']).' '.$data['new']['dir']);`
	`111`	`+ $app->system->mkdirpath($data['new']['dir'], 0755, $web["system_user"], $web["system_group"]);`
`114`	`112`	`$app->system->web_folder_protection($web['document_root'], true);`
`115`	`113`
`116`	`114`