gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -45,7 +45,7 @@
			$app->auth->check_module_permissions('sites');

			// Loading classes
			$app->uses('tpl,tform,tform_actions');
			$app->uses('tpl,tform,tform_actions,tools_sites');
			$app->load('tform_actions');

			class page_action extends tform_actions {
			@@ -131,7 +131,7 @@

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.default_webserver, client.contact_name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			//* Get global web config
			$web_config = $app->getconf->get_server_config($parent_domain['server_id'], 'web');
			@@ -277,16 +277,7 @@
			/*
			* The domain-module is in use.
			*/
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			/*
			* The admin can select ALL domains, the user only the domains assigned to him
			*/
			$sql = "SELECT domain_id, domain FROM domain ";
			if ($_SESSION["s"]["user"]["typ"] != 'admin') {
			$sql .= "WHERE sys_groupid =" . $client_group_id;
			}
			$sql .= " ORDER BY domain";
			$domains = $app->db->queryAllRecords($sql);
			$domains = $app->tools_sites->getDomainModuleDomains();
			$domain_select = '';
			$selected_domain = '';
			if(is_array($domains) && sizeof($domains) > 0) {
			@@ -330,7 +321,8 @@
			unset($tmp);
			}

			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));
			$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
			if(!$parent_domain \|\| $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");

			// Set a few fixed values
			$this->dataRecord["type"] = 'vhostsubdomain';
			@@ -350,18 +342,12 @@
			$app->uses('ini_parser,getconf');
			$settings = $app->getconf->get_global_config('domains');
			if ($settings['use_domain_module'] == 'y') {
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);

			$sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($this->dataRecord['sel_domain']);
			if ($_SESSION["s"]["user"]["typ"] != 'admin') {
			$sql .= " AND sys_groupid =" . $client_group_id;
			}
			$domain_check = $app->db->queryOneRecord($sql);
			$domain_check = $app->tools_sites->checkDomainModuleDomain($this->dataRecord['sel_domain']);
			if(!$domain_check) {
			// invalid domain selected
			$app->tform->errorMessage .= $app->tform->lng("domain_error_empty")."<br />";
			} else {
			$this->dataRecord['domain'] = $this->dataRecord['domain'] . '.' . $domain_check['domain'];
			$this->dataRecord['domain'] = $this->dataRecord['domain'] . '.' . $domain_check;
			}
			} else {
			$this->dataRecord["domain"] = $this->dataRecord["domain"].'.'.$parent_domain["domain"];
			@@ -369,6 +355,8 @@


			$this->dataRecord['web_folder'] = strtolower($this->dataRecord['web_folder']);
			if(substr($this->dataRecord['web_folder'], 0, 1) === '/') $this->dataRecord['web_folder'] = substr($this->dataRecord['web_folder'], 1);
			if(substr($this->dataRecord['web_folder'], -1) === '/') $this->dataRecord['web_folder'] = substr($this->dataRecord['web_folder'], 0, -1);
			$forbidden_folders = array('', 'cgi-bin', 'log', 'private', 'ssl', 'tmp', 'webdav');
			$check_folder = strtolower($this->dataRecord['web_folder']);
			if(substr($check_folder, 0, 1) === '/') $check_folder = substr($check_folder, 1); // strip / at beginning to check against forbidden entries
			@@ -376,11 +364,17 @@
			if(in_array($check_folder, $forbidden_folders)) {
			$app->tform->errorMessage .= $app->tform->lng("web_folder_invalid_txt")."<br>";
			}

			// vhostsubdomains do not have a quota of their own
			$this->dataRecord["hd_quota"] = 0;

			// check for duplicate folder usage
			/*
			$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain' AND `parent_domain_id` = '" . $app->functions->intval($this->dataRecord['parent_domain_id']) . "' AND `web_folder` = '" . $app->db->quote($this->dataRecord['web_folder']) . "' AND `domain_id` != '" . $app->functions->intval($this->id) . "'");
			if($check && $check['cnt'] > 0) {
			$app->tform->errorMessage .= $app->tform->lng("web_folder_unique_txt")."<br>";
			}
			*/
			} else {
			$this->dataRecord["domain"] = $this->dataRecord["domain"].'.'.$parent_domain["domain"];
			}
			@@ -395,29 +389,20 @@
			if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
			if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
			if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
			if($client['force_suexec'] != 'n') $this->dataRecord['suexec'] = '-';
			if($client['force_suexec'] != 'n') $this->dataRecord['suexec'] = 'y';
			if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
			if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
			if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';

			//* Check the website quota of the client
			if(isset($_POST["hd_quota"]) && $client["limit_web_quota"] >= 0) {
			$tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));
			$webquota = $tmp["webquota"];
			$new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);
			if(($webquota + $new_web_quota > $client["limit_web_quota"]) \|\| ($new_web_quota < 0 && $client["limit_web_quota"] >= 0)) {
			$max_free_quota = floor($client["limit_web_quota"] - $webquota);
			if($max_free_quota < 0) $max_free_quota = 0;
			$app->tform->errorMessage .= $app->tform->lng("limit_web_quota_free_txt").": ".$max_free_quota." MB<br>";
			// Set the quota field to the max free space
			$this->dataRecord["hd_quota"] = $max_free_quota;
			}
			unset($tmp);
			unset($tmp_quota);

			// only generate quota and traffic warnings if value has changed
			if($this->id > 0) {
			$old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
			} else {
			$old_web_values = $_POST;
			}

			//* Check the traffic quota of the client
			if(isset($_POST["traffic_quota"]) && $client["limit_traffic_quota"] > 0) {
			if(isset($_POST["traffic_quota"]) && $client["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {
			$tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));
			$trafficquota = $tmp["trafficquota"];
			$new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);
			@@ -436,24 +421,8 @@
			// Get the limits of the reseller
			$reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$client['parent_client_id']);

			//* Check the website quota of the client
			if(isset($_POST["hd_quota"]) && $reseller["limit_web_quota"] >= 0) {
			$tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));
			$webquota = $tmp["webquota"];
			$new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);
			if(($webquota + $new_web_quota > $reseller["limit_web_quota"]) \|\| ($new_web_quota < 0 && $reseller["limit_web_quota"] >= 0)) {
			$max_free_quota = floor($reseller["limit_web_quota"] - $webquota);
			if($max_free_quota < 0) $max_free_quota = 0;
			$app->tform->errorMessage .= $app->tform->lng("limit_web_quota_free_txt").": ".$max_free_quota." MB<br>";
			// Set the quota field to the max free space
			$this->dataRecord["hd_quota"] = $max_free_quota;
			}
			unset($tmp);
			unset($tmp_quota);
			}

			//* Check the traffic quota of the client
			if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0) {
			if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {
			$tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));
			$trafficquota = $tmp["trafficquota"];
			$new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);
			@@ -520,6 +489,62 @@
			$app->tform->errorMessage .= $app->tform->lng("error_php_fpm_pm_settings_txt").'<br>';
			}
			}

			// Check rewrite rules
			$server_type = $web_config['server_type'];

			if($server_type == 'nginx' && isset($this->dataRecord['rewrite_rules']) && trim($this->dataRecord['rewrite_rules']) != '') {
			$rewrite_rules = trim($this->dataRecord['rewrite_rules']);
			$rewrites_are_valid = true;
			// use this counter to make sure all curly brackets are properly closed
			$if_level = 0;
			// Make sure we only have Unix linebreaks
			$rewrite_rules = str_replace("\r\n", "\n", $rewrite_rules);
			$rewrite_rules = str_replace("\r", "\n", $rewrite_rules);
			$rewrite_rule_lines = explode("\n", $rewrite_rules);
			if(is_array($rewrite_rule_lines) && !empty($rewrite_rule_lines)){
			foreach($rewrite_rule_lines as $rewrite_rule_line){
			// ignore comments
			if(substr(ltrim($rewrite_rule_line),0,1) == '#') continue;
			// empty lines
			if(trim($rewrite_rule_line) == '') continue;
			// rewrite
			if(preg_match('@^\srewrite\s+(^/)?\S+(\$)?\s+\S+(\s+(last\|break\|redirect\|permanent\|))?\s;\s*$@', $rewrite_rule_line)) continue;
			// if
			if(preg_match('@^\sif\s+$\s\$\S+(\s+(\!?(=\|~\|~\))\s+(\S+\|\".+\"))?\s$\s\{\s$@', $rewrite_rule_line)){
			$if_level += 1;
			continue;
			}
			// if - check for files, directories, etc.
			if(preg_match('@^\sif\s+$\s\!?-(f\|d\|e\|x)\s+\S+\s$\s\{\s*$@', $rewrite_rule_line)){
			$if_level += 1;
			continue;
			}
			// break
			if(preg_match('@^\sbreak\s;\s*$@', $rewrite_rule_line)){
			continue;
			}
			// return code [ text ]
			if(preg_match('@^\sreturn\s+\d\d\d.;\s*$@', $rewrite_rule_line)) continue;
			// return code URL
			// return URL
			if(preg_match('@^\sreturn(\s+\d\d\d)?\s+(http\|https\|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)\@)((25[0-5]\|2[0-4][0-9]\|[0-1]{1}[0-9]{2}\|[1-9]{1}[0-9]{1}\|[1-9])\.(25[0-5]\|2[0-4][0-9]\|[0-1]{1}[0-9]{2}\|[1-9]{1}[0-9]{1}\|[1-9]\|0)\.(25[0-5]\|2[0-4][0-9]\|[0-1]{1}[0-9]{2}\|[1-9]{1}[0-9]{1}\|[1-9]\|0)\.(25[0-5]\|2[0-4][0-9]\|[0-1]{1}[0-9]{2}\|[1-9]{1}[0-9]{1}\|[0-9])\|localhost\|([a-zA-Z0-9\-]+\.)[a-zA-Z0-9\-]+\.(com\|edu\|gov\|int\|mil\|net\|org\|biz\|arpa\|info\|name\|pro\|aero\|coop\|museum\|[a-zA-Z]{2}))(\:[0-9]+)(/($\|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+))\s;\s$@', $rewrite_rule_line)) continue;
			// set
			if(preg_match('@^\sset\s+\$\S+\s+\S+\s;\s*$@', $rewrite_rule_line)) continue;
			// closing curly bracket
			if(trim($rewrite_rule_line) == '}'){
			$if_level -= 1;
			continue;
			}
			$rewrites_are_valid = false;
			break;
			}
			}

			if(!$rewrites_are_valid \|\| $if_level != 0){
			$app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
			}
			}

			parent::onSubmit();
			}