From 02bf997271f4d09e91c8fcb9cecd08f06f2400c4 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 12 Apr 2012 12:04:52 -0400
Subject: [PATCH] Merged revisions 3028-3045 from stable branch.
---
server/plugins-available/apache2_plugin.inc.php | 40 ++++++++++++++++++++++++++++++----------
1 files changed, 30 insertions(+), 10 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index e9a66c4..f620b57 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -709,6 +709,11 @@
$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
+
+ // Custom Apache directives
+ // Make sure we only have Unix linebreaks
+ $vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
+ $vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -750,7 +755,7 @@
// Rewrite rules
$rewrite_rules = array();
- if($data['new']['redirect_type'] != '') {
+ if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
if(substr($data['new']['redirect_path'],0,8) == '[scheme]'){
$rewrite_target = 'http'.substr($data['new']['redirect_path'],8);
@@ -816,7 +821,7 @@
}
$app->log('Add server alias: '.$alias['domain'],LOGLEVEL_DEBUG);
// Rewriting
- if($alias['redirect_type'] != '') {
+ if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
if(substr($alias['redirect_path'],0,8) == '[scheme]'){
$rewrite_target = 'http'.substr($alias['redirect_path'],8);
@@ -912,7 +917,7 @@
// Support for multiple PHP versions (FastCGI)
if(trim($data['new']['fastcgi_php_version']) != ''){
$default_fastcgi_php = false;
- list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(';', trim($data['new']['fastcgi_php_version']));
+ list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
if(substr($custom_fastcgi_php_ini_dir,-1) != '/') $custom_fastcgi_php_ini_dir .= '/';
} else {
$default_fastcgi_php = true;
@@ -1593,6 +1598,7 @@
$domain = $sitedata['domain'];
$user = $sitedata['system_user'];
$group = $sitedata['system_group'];
+ $webdav_user_dir = $documentRoot . '/webdav/' . $data['new']['dir'];
/* Check if this is a chrooted setup */
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1601,13 +1607,25 @@
} else {
$apache_chrooted = false;
}
+
+ //* We dont want to have relative paths here
+ if(stristr($webdav_user_dir,'..') || stristr($webdav_user_dir,'./')) {
+ $app->log('Folder path '.$webdav_user_dir.' contains ./ or .. '.$documentRoot,LOGLEVEL_WARN);
+ return false;
+ }
+
+ //* Check if the resulting path exists if yes, if it is inside the docroot
+ if(is_dir($webdav_user_dir) && substr(realpath($webdav_user_dir),0,strlen($documentRoot)) != $documentRoot) {
+ $app->log('Folder path '.$webdav_user_dir.' is outside of docroot '.$documentRoot,LOGLEVEL_WARN);
+ return false;
+ }
/*
* First the webdav-root - folder has to exist
*/
- if(!is_dir($documentRoot . '/webdav/' . $data['new']['dir'])) {
- $app->log('Webdav User directory '.$documentRoot.'/webdav/'.$data['new']['dir'].' does not exist. Creating it now.',LOGLEVEL_DEBUG);
- exec('mkdir -p '.escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir']));
+ if(!is_dir($webdav_user_dir)) {
+ $app->log('Webdav User directory '.$webdav_user_dir.' does not exist. Creating it now.',LOGLEVEL_DEBUG);
+ exec('mkdir -p '.escapeshellcmd($webdav_user_dir));
}
/*
@@ -1620,19 +1638,19 @@
* The webdav folder (not the webdav-root!) needs the same (not in ONE step, because the
* pwd-files are owned by root)
*/
- $this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'. $data['new']['dir'] . ' -R'));
- $this->_exec('chmod 770 ' . escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir'] . ' -R'));
+ $this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($webdav_user_dir.' -R'));
+ $this->_exec('chmod 770 ' . escapeshellcmd($webdav_user_dir.' -R'));
/*
* if the user is active, we have to write/update the password - file
* if the user is inactive, we have to inactivate the user by removing the user from the file
*/
if ($data['new']['active'] == 'y') {
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+ $this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
}
else {
/* empty pwd removes the user! */
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
+ $this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
}
/*
@@ -1784,6 +1802,7 @@
$output .= " Alias /webdav/" . $fn . ' ' . $webdavRoot . '/' . $fn . "\n";
$output .= " <Location /webdav/" . $fn . ">\n";
$output .= " DAV On\n";
+ $output .= ' BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On'."\n";
$output .= " AuthType Digest\n";
$output .= " AuthName \"" . $fn . "\"\n";
$output .= " AuthUserFile " . $webdavRoot . '/' . $file . "\n";
@@ -1828,6 +1847,7 @@
$awstats_conf_dir = $web_config['awstats_conf_dir'];
+ if(!is_dir($data['new']['document_root']."/web/stats/")) mkdir($data['new']['document_root']."/web/stats");
if(!@is_file($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
--
Gitblit v1.9.1