From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/lib/plugins/vm_openvz_plugin.inc.php |   27 ++++++++++++++++++++-------
 1 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php
index 1112e08..0e8696e 100644
--- a/interface/lib/plugins/vm_openvz_plugin.inc.php
+++ b/interface/lib/plugins/vm_openvz_plugin.inc.php
@@ -23,6 +23,7 @@
 		//* Register for events        
         $app->plugin->registerEvent('vm:openvz_vm:on_after_insert','vm_openvz_plugin','openvz_vm_insert');
 		$app->plugin->registerEvent('vm:openvz_vm:on_after_update','vm_openvz_plugin','openvz_vm_update');
+		$app->plugin->registerEvent('vm:openvz_vm:on_after_delete','vm_openvz_plugin','openvz_vm_delete');
     }
 
     /*
@@ -38,11 +39,11 @@
 		// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
 		// also make sure that the user can not delete domain created by a admin
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
 		}
 		
@@ -79,11 +80,11 @@
 		// make sure that the record belongs to the clinet group and not the admin group when a admin inserts it
 		// also make sure that the user can not delete domain created by a admin
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);
 		}
 		
@@ -103,6 +104,16 @@
 			$this->createDNS();
 		}
         
+	}
+	
+	function openvz_vm_delete($event_name, $page_form) {
+        global $app, $conf;
+		
+		//* Free the IP address
+		$tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$page_form->id);
+		$app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']);
+		unset($tmp);
+		
 	}
 	
 	private function applyTemplate() {
@@ -129,13 +140,14 @@
 	private function makeOpenVZConfig() {
 		global $app, $conf;
 		
-		$vm = $app->tform->getDataRecord($this->id);
+		$vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$this->id);
 		$vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$vm['template_id']);
 		$burst_ram = $vm['ram_burst']*256;
 		$guar_ram = $vm['ram']*256;
 		
+		$app->load('tpl');
 		$tpl = new tpl();
-		$tpl->newTemplate('templates/openvz.conf.tpl');
+		$tpl->newTemplate('../vm/templates/openvz.conf.tpl');
 		
 		$onboot = ($vm['start_boot'] == 'y')?'yes':'no';
 		$tpl->setVar('onboot',$onboot);
@@ -161,6 +173,7 @@
 		$tpl->setVar('numfile',$vm_template['numfile']);
 		$tpl->setVar('avnumproc',$vm_template['avnumproc']);
 		$tpl->setVar('numiptent',$vm_template['numiptent']);
+		$tpl->setVar('swappages',$vm_template['swappages']);
 		
 		$diskspace = $vm['diskspace']*1048576;
 		$diskinodes = $vm['diskspace']*524288;
@@ -194,7 +207,7 @@
 	private function createDNS() {
 		global $app, $conf;
 		
-		$vm = $app->tform->getDataRecord($this->id);
+		$vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$this->id);
 		
 		if($vm['create_dns'] != 'y') return;
 		

--
Gitblit v1.9.1