PHP module_controller::invalidPath Exemples

Exemple #1

Fichier : controller.ext.php Projet : Boter/madmin-core

 static function ExecuteCreateFTP($uid, $username, $password, $destination, $domainDestination, $access_type, $home)
 {
     global $zdbh;
     global $controller;
     $currentuser = ctrl_users::GetUserDetail($uid);
     $username = $currentuser['username'] . '_' . $username;
     runtime_hook::Execute('OnBeforeCreateFTPAccount');
     if (fs_director::CheckForEmptyValue(self::CheckForErrors($username, $password))) {
         // Check to see if its a new home directory or use a current one...
         if ($home == 1) {
             $homedirectory_to_use = '/' . str_replace('.', '_', $username);
             $full_path = ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . $homedirectory_to_use . '/';
             // Create the new home directory... (If it doesnt already exist.)
             if (!file_exists($full_path)) {
                 @mkdir($full_path, 777);
                 @chmod($full_path, 0777);
             }
         } else {
             if ($home == 3) {
                 $homedirectory_to_use = '/' . $domainDestination;
             } else {
                 $homedirectory_to_use = '/' . $destination;
             }
         }
         // Check if Path is inside user home directory.
         $full_homeDir = ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . $homedirectory_to_use . '/';
         $baseDir = ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'];
         $realPath = realpath($full_homeDir);
         if (0 !== strpos($realPath, $baseDir)) {
             self::$invalidPath = true;
             return false;
         }
         $sql = $zdbh->prepare("INSERT INTO x_ftpaccounts (ft_acc_fk, ft_user_vc, ft_directory_vc, ft_access_vc, ft_password_vc, ft_created_ts) VALUES (:userid, :username, :homedir, :accesstype, :password, :time)");
         $sql->bindParam(':userid', $currentuser['userid']);
         $sql->bindParam(':username', $username);
         $sql->bindParam(':homedir', $homedirectory_to_use);
         $sql->bindParam(':accesstype', $access_type);
         $sql->bindParam(':password', $password);
         $sql->bindParam(':time', time());
         $sql->execute();
         self::$create = true;
         // Include FTP server specific file here.
         $FtpModuleFile = 'modules/' . $controller->GetControllerRequest('URL', 'module') . '/code/' . ctrl_options::GetSystemOption('ftp_php');
         if (file_exists($FtpModuleFile)) {
             include $FtpModuleFile;
         }
         runtime_hook::Execute('OnAfterCreateFTPAccount');
         return true;
     }
     return false;
 }