Fixed issue: #3812 Insufficient validation of PHP version selector.

Till Brehm

2016-03-29 e1b4cacb8d66891ce11dd4203bd92aa265fffcde

 interface/web/sites/web_vhost_subdomain_edit.php

@@ -203,7 +203,7 @@
         $php_directive_snippets_txt = '';
         if(is_array($php_directive_snippets) && !empty($php_directive_snippets)){
            foreach($php_directive_snippets as $php_directive_snippet){
               $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$php_directive_snippet['snippet'].'</pre></a> ';
               $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';
            }
         }
         if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------';
@@ -214,7 +214,7 @@
            $apache_directive_snippets_txt = '';
            if(is_array($apache_directive_snippets) && !empty($apache_directive_snippets)){
               foreach($apache_directive_snippets as $apache_directive_snippet){
                  $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$apache_directive_snippet['snippet'].'</pre></a> ';
                  $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';
               }
            }
            if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------';
@@ -226,7 +226,7 @@
            $nginx_directive_snippets_txt = '';
            if(is_array($nginx_directive_snippets) && !empty($nginx_directive_snippets)){
               foreach($nginx_directive_snippets as $nginx_directive_snippet){
                  $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$nginx_directive_snippet['snippet'].'</pre></a> ';
                  $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';
               }
            }
            if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
@@ -237,7 +237,7 @@
         $proxy_directive_snippets_txt = '';
         if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
            foreach($proxy_directive_snippets as $proxy_directive_snippet){
               $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$proxy_directive_snippet['snippet'].'</pre></a> ';
               $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';
            }
         }
         if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -246,13 +246,17 @@

      $ssl_domain_select = '';
      $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$this->id);
      $ssl_domains = array($tmp["domain"], 'www.'.$tmp["domain"]);
      $ssl_domains = array($tmp["domain"], 'www.'.$tmp["domain"], '*.'.$tmp["domain"]);
      if(is_array($ssl_domains)) {
         foreach( $ssl_domains as $ssl_domain) {
            $selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
            $ssl_domain_select .= "<option value='$ssl_domain' $selected>$ssl_domain</option>\r\n";
         }
      }
      $app->tpl->setVar("ssl_domain", $ssl_domain_select);
      unset($ssl_domain_select);
      unset($ssl_domains);
      unset($ssl_domain);

      if($this->id > 0) {
         $app->tpl->setVar('fixed_folder', 'y');
@@ -261,11 +265,6 @@
         $app->tpl->setVar('fixed_folder', 'n');
         $app->tpl->setVar('server_id_value', $parent_domain['server_id']);
      }

      $app->tpl->setVar("ssl_domain", $ssl_domain_select);
      unset($ssl_domain_select);
      unset($ssl_domains);
      unset($ssl_domain);

      $tmp_txt = ($this->dataRecord['traffic_quota_lock'] == 'y')?'<b>('.$app->tform->lng('traffic_quota_exceeded_txt').')</b>':'';
      $app->tpl->setVar("traffic_quota_exceeded_txt", $tmp_txt);
@@ -308,6 +307,17 @@
      }
      $app->tpl->setVar("domain", $this->dataRecord["domain"]);

      // check for configuration errors in sys_datalog
      if($this->id > 0) {
         $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$app->functions->intval($this->id)."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
         if(is_array($datalog) && !empty($datalog)){
            if(trim($datalog['error']) != ''){
               $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
               $app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
            }
         }
      }

      parent::onShowEnd();
   }

@@ -331,6 +341,8 @@
      $this->dataRecord["ipv6_address"] = $parent_domain["ipv6_address"];
      $this->dataRecord["client_group_id"] = $parent_domain["client_group_id"];
      $this->dataRecord["vhost_type"] = 'name';
      $this->dataRecord["system_user"] = $parent_domain["system_user"];
      $this->dataRecord["system_group"] = $parent_domain["system_group"];

      $this->parent_domain_record = $parent_domain;

@@ -338,6 +350,11 @@

      if($app->tform->getCurrentTab() == 'domain') {

         // Check that domain (the subdomain part) is not empty
         if(!preg_match('/^[a-zA-Z0-9].*/',$this->dataRecord['domain'])) {
            $app->tform->errorMessage .= $app->tform->lng("subdomain_error_empty")."<br />";
         }
			
         /* check if the domain module is used - and check if the selected domain can be used! */
         $app->uses('ini_parser,getconf');
         $settings = $app->getconf->get_global_config('domains');
@@ -384,21 +401,21 @@
         $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
         $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

         if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
         if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = '-';
         if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
         if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
         if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
         if($client['force_suexec'] != 'n') $this->dataRecord['suexec'] = 'y';
         if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
         if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
         if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';
         if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = 'n';
         if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = 'n';
         if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = 'n';
         if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = 'n';
         if($client['limit_python'] != 'y') $this->dataRecord['python'] = 'n';
         if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
         if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = 'n';
         if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = 'n';
         if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = 'n';

         // only generate quota and traffic warnings if value has changed
         if($this->id > 0) {
            $old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
         } else {
            $old_web_values = $_POST;
            $old_web_values = array();
         }

         //* Check the traffic quota of the client
@@ -445,15 +462,15 @@
            $this->dataRecord['web_folder'] = $tmp['web_folder']; // cannot be changed!

            // set the settings to current if not provided (or cleared due to limits)
            if($this->dataRecord['cgi'] == '-') $this->dataRecord['cgi'] = $tmp['cgi'];
            if($this->dataRecord['ssi'] == '-') $this->dataRecord['ssi'] = $tmp['ssi'];
            if($this->dataRecord['perl'] == '-') $this->dataRecord['perl'] = $tmp['perl'];
            if($this->dataRecord['ruby'] == '-') $this->dataRecord['ruby'] = $tmp['ruby'];
            if($this->dataRecord['python'] == '-') $this->dataRecord['python'] = $tmp['python'];
            if($this->dataRecord['suexec'] == '-') $this->dataRecord['suexec'] = $tmp['suexec'];
            if($this->dataRecord['errordocs'] == '-') $this->dataRecord['errordocs'] = $tmp['errordocs'];
            if($this->dataRecord['subdomain'] == '-') $this->dataRecord['subdomain'] = $tmp['subdomain'];
            if($this->dataRecord['ssl'] == '-') $this->dataRecord['ssl'] = $tmp['ssl'];
            if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
            if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];
            if($this->dataRecord['perl'] == 'n') $this->dataRecord['perl'] = $tmp['perl'];
            if($this->dataRecord['ruby'] == 'n') $this->dataRecord['ruby'] = $tmp['ruby'];
            if($this->dataRecord['python'] == 'n') $this->dataRecord['python'] = $tmp['python'];
            if($this->dataRecord['suexec'] == 'n') $this->dataRecord['suexec'] = $tmp['suexec'];
            if($this->dataRecord['errordocs'] == 'n') $this->dataRecord['errordocs'] = $tmp['errordocs'];
            if($this->dataRecord['subdomain'] == 'n') $this->dataRecord['subdomain'] = $tmp['subdomain'];
            if($this->dataRecord['ssl'] == 'n') $this->dataRecord['ssl'] = $tmp['ssl'];

            unset($tmp);
            // When the record is inserted
@@ -545,6 +562,32 @@
            $app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
         }
      }
		
      // Check custom PHP version
      if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
         // Check php-fpm mode
         if($this->dataRecord['php'] == 'php-fpm'){
            $tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
            if(is_array($tmp)) {
               $this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
            } else {
               $this->dataRecord['fastcgi_php_version'] = '';
            }
            unset($tmp);
         // Check fast-cgi mode
         } elseif($this->dataRecord['php'] == 'fast-cgi') {
            $tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
            if(is_array($tmp)) {
               $this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
            } else {
               $this->dataRecord['fastcgi_php_version'] = '';
            }
            unset($tmp);
         } else {
            // Other PHP modes do not have custom versions, so we force the value to be empty
            $this->dataRecord['fastcgi_php_version'] = '';
         }
      }

      parent::onSubmit();
   }
@@ -591,24 +634,27 @@

   function onAfterUpdate() {
      global $app, $conf;
		
      //* Update settings when parent domain gets changed
      if(isset($this->dataRecord["parent_domain_id"]) && $this->dataRecord["parent_domain_id"] != $this->oldDataRecord["parent_domain_id"]) {
         // Get configuration for the web system
         $app->uses("getconf");
         $web_rec = $app->tform->getDataRecord($this->id);
         $web_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'web');

      // Get configuration for the web system
      $app->uses("getconf");
      $web_rec = $app->tform->getDataRecord($this->id);
      $web_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'web');
         // Set the values for document_root, system_user and system_group
         $system_user = $app->db->quote($this->parent_domain_record['system_user']);
         $system_group = $app->db->quote($this->parent_domain_record['system_group']);
         $document_root = $app->db->quote($this->parent_domain_record['document_root']);
         $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);
         $php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);
         $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
         $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
         $htaccess_allow_override = $app->db->quote($this->parent_domain_record['allow_override']);

      // Set the values for document_root, system_user and system_group
      $system_user = $app->db->quote($this->parent_domain_record['system_user']);
      $system_group = $app->db->quote($this->parent_domain_record['system_group']);
      $document_root = $app->db->quote($this->parent_domain_record['document_root']);
      $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);
      $php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);
      $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
      $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
      $htaccess_allow_override = $app->db->quote($this->parent_domain_record['allow_override']);

      $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($this->parent_domain_record['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$this->id;
      $app->db->query($sql);
         $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($this->parent_domain_record['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$this->id;
         $app->db->query($sql);
      }
   }

}