From 2c030014892d479cbeb249993af95838dbe4e4aa Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 10 Aug 2009 17:04:20 -0700
Subject: [PATCH] Protect config file reads too

---
 htaccess-htpasswd/edit_dir.cgi | 2 ++
 htaccess-htpasswd/index.cgi    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/htaccess-htpasswd/edit_dir.cgi b/htaccess-htpasswd/edit_dir.cgi
index e1b119ea2..d55c40cbb 100755
--- a/htaccess-htpasswd/edit_dir.cgi
+++ b/htaccess-htpasswd/edit_dir.cgi
@@ -82,8 +82,10 @@ else {
 
 # Authentication realm
 if (!$in{'new'}) {
+	&switch_user();
 	$conf = &foreign_call($apachemod, "get_htaccess_config",
 			      "$dir->[0]/$config{'htaccess'}");
+	&switch_back();
 	$realm = &foreign_call($apachemod, "find_directive",
 			       "AuthName", $conf, 1);
 	}
diff --git a/htaccess-htpasswd/index.cgi b/htaccess-htpasswd/index.cgi
index 6f4d0d3f0..590bf8f63 100755
--- a/htaccess-htpasswd/index.cgi
+++ b/htaccess-htpasswd/index.cgi
@@ -58,6 +58,7 @@ if (@dirs) {
 	print &ui_columns_start([ $can_create ? ( "" ) : ( ),
 				  $text{'index_dir'},
 				  $text{'index_usersgroups'} ], 100, 0, \@tds);
+	&switch_user();
 	foreach $d (@dirs) {
 		local @cols;
 		if ($can_create) {
@@ -140,6 +141,7 @@ if (@dirs) {
 			print &ui_columns_row(\@cols, \@tds);
 			}
 		}
+	&switch_back();
 	print &ui_columns_end();
 	if ($can_create) {
 		print &ui_links_row(\@links);