Skip to content

Commit 93570fc

Browse files
davidlstdavidlst
committed
Check in 1.5.0
1 parent c39181f commit 93570fc

File tree

184 files changed

+2238
-671
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

184 files changed

+2238
-671
lines changed

dist/admin/html.open/lib/CAuthorizer.php

+19-17
Original file line numberDiff line numberDiff line change
@@ -14,18 +14,17 @@ class CAuthorizer
1414
// prevent an object from being constructed
1515
private function __construct()
1616
{
17-
$label = preg_replace('/\W/', '_', SERVER_ROOT);
18-
$this->_id_field = "{$label}_uid";
19-
$this->_pass_field = "{$label}_pass";
17+
$label = strtoupper(substr(md5(SERVER_ROOT), 0, 16));
18+
$this->_id_field = 'LSID' . $label;
19+
$this->_pass_field = 'LSPA' . $label;
2020

21-
session_name("{$label}WEBUI"); // to prevent conflicts with other app sessions
21+
session_name('LSUI' . $label); // to prevent conflicts with other app sessions
2222
session_start();
2323

2424
if (!array_key_exists('changed', $_SESSION)) {
2525
$_SESSION['changed'] = false;
2626
}
2727

28-
2928
if (!array_key_exists('valid', $_SESSION)) {
3029
$_SESSION['valid'] = false;
3130
}
@@ -168,16 +167,14 @@ public function ShowLogin($is_https, &$msg)
168167
$userid = $result['userid'];
169168
$pass = $result['pass'];
170169
} else if ($is_https && isset($_POST['userid'])) {
171-
$userid = UIBase::GrabGoodInput('POST', 'userid');
170+
$userid = UIBase::GrabInput('POST', 'userid');
172171
$pass = UIBase::GrabInput('POST', 'pass');
173172
}
174173

175-
if ($userid != null) {
176-
if ($this->authenticate($userid, $pass) === true)
177-
return false;
178-
else
179-
$msg = DMsg::Err('err_login');
174+
if ($userid != null && ($this->authenticate($userid, $pass) === true)) {
175+
return false;
180176
}
177+
$msg = DMsg::Err('err_login');
181178
return true;
182179
}
183180

@@ -203,7 +200,11 @@ private function clear()
203200
private function authenticate($authUser, $authPass)
204201
{
205202
$auth = false;
206-
if (strlen($authUser) && strlen($authPass)) {
203+
$authUser1 = escapeshellcmd($authUser);
204+
205+
if (($authUser === $authUser1)
206+
&& !preg_match('/[:\/]/', $authUser)
207+
&& strlen($authUser) && strlen($authPass)) {
207208
$filename = SERVER_ROOT . 'admin/conf/htpasswd';
208209
$fd = fopen($filename, 'r');
209210
if (!$fd) {
@@ -216,7 +217,7 @@ private function authenticate($authUser, $authPass)
216217
$lines = explode("\n", $all);
217218
foreach ($lines as $line) {
218219
list($user, $pass) = explode(':', $line);
219-
if ($user == $authUser) {
220+
if ($user === $authUser) {
220221
if ($pass[0] != '$')
221222
$salt = substr($pass, 0, 2);
222223
else
@@ -248,7 +249,7 @@ private function authenticate($authUser, $authPass)
248249

249250
$this->updateAccessTime(array($secretKey0, $secretKey1));
250251
} else {
251-
$this->emailFailedLogin($authUser);
252+
$this->emailFailedLogin($authUser1);
252253
}
253254

254255
return $auth;
@@ -263,11 +264,12 @@ private function emailFailedLogin($authUser)
263264

264265
$emails = Service::ServiceData(SInfo::DATA_ADMIN_EMAIL);
265266
if ($emails != null) {
266-
$hostname = gethostbyaddr($ip);
267267
$date = date("F j, Y, g:i a");
268268

269-
$repl = array('%%date%%' => $date, '%%authUser%%' => $authUser, '%%ip%%' => $ip,
270-
'%%hostname%%' => $hostname, '%%url%%' => $url);
269+
$repl = array('%%date%%' => $date,
270+
'%%authUser%%' => $authUser,
271+
'%%ip%%' => $ip,
272+
'%%url%%' => $url);
271273

272274
$subject = DMsg::UIStr('mail_failedlogin');
273275
$contents = DMsg::UIStr('mail_failedlogin_c', $repl);

dist/admin/html.open/lib/CValidation.php

+22-2
Original file line numberDiff line numberDiff line change
@@ -278,7 +278,7 @@ protected function isValidAttr($attr, $node)
278278
return 1;
279279
}
280280

281-
$chktype = array('uint', 'name', 'vhname', 'dbname', 'sel', 'sel1', 'sel2',
281+
$chktype = array('uint', 'name', 'vhname', 'dbname', 'admname', 'sel', 'sel1', 'sel2',
282282
'bool', 'file', 'filep', 'file0', 'file1', 'filetp', 'filevh', 'path',
283283
'uri', 'expuri', 'url', 'httpurl', 'email', 'dir', 'addr', 'wsaddr', 'parse');
284284

@@ -331,6 +331,26 @@ protected function chkAttr_sel_val($attr, $val, &$err)
331331
return 1;
332332
}
333333

334+
protected function chkAttr_admname($attr, $node)
335+
{
336+
$val = preg_replace("/\s+/", ' ', $node->Get(CNode::FLD_VAL));
337+
$node->SetVal($val);
338+
$err = '';
339+
if (strlen($val) > 25) {
340+
$err = 'name cannot be longer than 25 characters';
341+
} else {
342+
$v1 = escapeshellcmd($val);
343+
if ($v1 !== $val) {
344+
$err = 'invalid characters in name';
345+
}
346+
}
347+
if ($err != '') {
348+
$node->SetErr($err);
349+
return -1;
350+
}
351+
return 1;
352+
}
353+
334354
protected function chkAttr_name($attr, $node)
335355
{
336356
$node->SetVal(preg_replace("/\s+/", ' ', $node->Get(CNode::FLD_VAL)));
@@ -347,7 +367,7 @@ protected function chkAttr_name_val($attr, $val, &$err)
347367
return -1;
348368
}
349369
if (strlen($val) > 100) {
350-
$err = 'name can not be longer than 100 characters';
370+
$err = 'name cannot be longer than 100 characters';
351371
return -1;
352372
}
353373
return 1;

dist/admin/html.open/lib/DAttrHelp.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -38,14 +38,14 @@ public function Render($blocked_version = 0)
3838
$buf .= $this->desc
3939
. '<br><br>';
4040
if ($this->syntax) {
41-
$buf .= '<strong>' . DMsg::UIStr('note_syntax') . ':</strong> '
41+
$buf .= '<div class="popover-mono"><strong>' . DMsg::UIStr('note_syntax') . ':</strong> '
4242
. $this->syntax
43-
. '<br><br>';
43+
. '</div><br>';
4444
}
4545
if ($this->example) {
46-
$buf .= '<strong>' . DMsg::UIStr('note_example') . ':</strong> '
46+
$buf .= '<div class="popover-mono"><strong>' . DMsg::UIStr('note_example') . ':</strong> '
4747
. $this->example
48-
. '<br><br>';
48+
. '</div><br>';
4949
}
5050
if ($this->tips) {
5151
$buf .= '<strong>' . DMsg::UIStr('note_tips') . ':</strong><ul type=circle>';

dist/admin/html.open/lib/DTblDefBase.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -1298,7 +1298,7 @@ protected function add_T_GENERAL1($id)
12981298
{
12991299
$attrs = array(
13001300
$this->_attrs['tp_vhRoot'],
1301-
self::NewParseTextAttr('configFile', DMsg::ALbl('l_configfile'), '/\$VH_NAME.+\.conf$/', DMsg::ALbl('parse_tpvhconffile'), false, 'templateVHConfigFile'),
1301+
self::NewParseTextAttr('configFile', DMsg::ALbl('l_configfile'), '/\$VH_NAME.*\.conf$/', DMsg::ALbl('parse_tpvhconffile'), false, 'templateVHConfigFile'),
13021302
$this->_attrs['vh_maxKeepAliveReq'],
13031303
$this->_attrs['vh_smartKeepAlive']
13041304
);
@@ -1372,7 +1372,7 @@ protected function add_ADM_USR_TOP($id)
13721372
protected function add_ADM_USR($id)
13731373
{
13741374
$attrs = array(
1375-
self::NewTextAttr('name', DMsg::ALbl('l_username'), 'name', false),
1375+
self::NewTextAttr('name', DMsg::ALbl('l_username'), 'admname', false),
13761376
self::NewPassAttr('oldpass', DMsg::ALbl('l_oldpass'), false, 'adminOldPass'),
13771377
self::NewPassAttr('pass', DMsg::ALbl('l_newpass'), false),
13781378
self::NewPassAttr('pass1', DMsg::ALbl('l_retypepass'), false)
@@ -1383,7 +1383,7 @@ protected function add_ADM_USR($id)
13831383
protected function add_ADM_USR_NEW($id)
13841384
{
13851385
$attrs = array(
1386-
self::NewTextAttr('name', DMsg::ALbl('l_username'), 'name', false),
1386+
self::NewTextAttr('name', DMsg::ALbl('l_username'), 'admname', false),
13871387
self::NewPassAttr('pass', DMsg::ALbl('l_newpass'), false),
13881388
self::NewPassAttr('pass1', DMsg::ALbl('l_retypepass'), false)
13891389
);

dist/admin/html.open/lib/blowfish.php

+1-4
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,5 @@
11
<?php
22

3-
/* $Id: blowfish.php,v 1.3 2008/02/20 23:24:59 gwang Exp $ */
4-
// vim: expandtab sw=4 ts=4 sts=4:
5-
63
/**
74
* The Cipher_blowfish:: class implements the Cipher interface enryption data
85
* using the Blowfish algorithm.
@@ -389,7 +386,7 @@ function encryptBlock($block, $key = null)
389386
$parts = $this->_encryptBlock($L, $R);
390387
return pack("NN", $parts['L'], $parts['R']);
391388
}
392-
389+
393390
/**
394391
* Encrypt a block on data.
395392
*

dist/admin/html.open/lib/util/build_php/BuildConfig.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -25,10 +25,10 @@ public static function GetVersion($field)
2525

2626
case self::PHP_VERSION: return
2727
array(
28-
'7.2.7',
29-
'7.1.19',
30-
'7.0.30',
31-
'5.6.36',
28+
'7.2.9',
29+
'7.1.21',
30+
'7.0.31',
31+
'5.6.37',
3232
'5.5.38',
3333
'5.4.45',
3434
'5.3.29',

0 commit comments

Comments
 (0)