Skip to content
Browse files

Fixes issue (needs testing though!) for issue reported here: http://f…

…orums.zpanelcp.com/showthread.php?27898-Serious-Remote-Execution-Exploit-in-Zpanel-10-0-0-2 - Users have been advised on the forums to disable this module until their server is now running the patched file (as pushed in this commit.)
  • Loading branch information...
1 parent 4303fcf commit fe9cec7a8164801e2b3755b7abeabdd607f97906 @bobsta63 committed Jun 7, 2013
Showing with 9 additions and 9 deletions.
  1. +9 −9 modules/htpasswd/code/controller.ext.php
View
18 modules/htpasswd/code/controller.ext.php
@@ -3,7 +3,7 @@
/**
*
* ZPanel - A Cross-Platform Open-Source Web Hosting Control panel.
- *
+ *
* @package ZPanel
* @version $Id$
* @author Bobby Allen - ballen@zpanelcp.com
@@ -134,7 +134,7 @@ static function DirectoryIsProtected($uid, $folder) {
static function ExecuteDeleteHTA($id) {
global $zdbh;
runtime_hook::Execute('OnBeforeDeleteHTAccess');
- //$row = $zdbh->query("SELECT * FROM x_htaccess WHERE ht_id_pk=" . $id . "")->fetch();
+ //$row = $zdbh->query("SELECT * FROM x_htaccess WHERE ht_id_pk=" . $id . "")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_htaccess WHERE ht_id_pk=:id");
$numrows->bindParam(':id', $id);
@@ -197,12 +197,12 @@ static function ExecuteCreateHTA($userid, $inAuthName, $inHTUsername, $inHTPassw
}
runtime_hook::Execute('OnBeforeCreateHTAccess');
$sql = $zdbh->prepare("INSERT INTO x_htaccess (
- ht_acc_fk,
- ht_user_vc,
+ ht_acc_fk,
+ ht_user_vc,
ht_dir_vc,
ht_created_ts) VALUES (
- :userid,
- :inHTUsername,
+ :userid,
+ :inHTUsername,
:inPath,
:time)");
$time = time();
@@ -212,7 +212,7 @@ static function ExecuteCreateHTA($userid, $inAuthName, $inHTUsername, $inHTPassw
$sql->bindParam(':time', $time);
$sql->execute();
- //$row = $zdbh->query("SELECT * FROM x_htaccess WHERE ht_acc_fk =" . $userid . " AND ht_deleted_ts IS NULL ORDER BY ht_id_pk DESC LIMIT 1")->fetch();
+ //$row = $zdbh->query("SELECT * FROM x_htaccess WHERE ht_acc_fk =" . $userid . " AND ht_deleted_ts IS NULL ORDER BY ht_id_pk DESC LIMIT 1")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_htaccess WHERE ht_acc_fk =:userid AND ht_deleted_ts IS NULL ORDER BY ht_id_pk DESC LIMIT 1");
$numrows->bindParam(':userid', $userid);
$numrows->execute();
@@ -236,9 +236,9 @@ static function ExecuteCreateHTA($userid, $inAuthName, $inHTUsername, $inHTPassw
$htpasswd_exe = ctrl_options::GetSystemOption('htpasswd_exe') . " -b -m -c " .
$htaccesfiledir .
$row['ht_id_pk'] . ".htpasswd " .
- $inHTUsername . " " . $inHTPassword . "";
+ escapeshellarg($inHTUsername) . " " . escapeshellarg($inHTPassword) . "";
- system($htpasswd_exe);
+ system($htpasswd_exe);
} else {
$sql = $zdbh->prepare("DELETE FROM x_htaccess WHERE ht_id_pk=:ht_id_pk");
$sql->bindParam(':ht_id_pk', $row['ht_id_pk']);

0 comments on commit fe9cec7

Please sign in to comment.
Something went wrong with that request. Please try again.