From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/web/sites/web_domain_edit.php |   51 +++++++++++++++++++++++++++++----------------------
 1 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index 142c7d2..c9398b0 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -45,7 +45,7 @@
 $app->auth->check_module_permissions('sites');
 
 // Loading classes
-$app->uses('tpl,tform,tform_actions');
+$app->uses('tpl,tform,tform_actions,tools_sites');
 $app->load('tform_actions');
 
 class page_action extends tform_actions {
@@ -80,6 +80,7 @@
 			$client = $app->db->queryOneRecord("SELECT client.default_webserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 			$app->tpl->setVar("server_id_value", $client['default_webserver']);
 		}
+        $app->tform->formDef['tabs']['domain']['readonly'] = false;
 
 		parent::onShowNew();
 	}
@@ -378,11 +379,21 @@
 				if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
 				$app->tpl->setVar("nginx_directive_snippets_txt",$nginx_directive_snippets_txt);
 			}
+			
+			$proxy_directive_snippets = $app->db->queryAllRecords("SELECT * FROM directive_snippets WHERE type = 'proxy' AND active = 'y'");
+			$proxy_directive_snippets_txt = '';
+			if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
+					foreach($proxy_directive_snippets as $proxy_directive_snippet){
+						$proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.$proxy_directive_snippet['snippet'].'</pre></a> ';
+					}
+			}
+			if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
+			$app->tpl->setVar("proxy_directive_snippets_txt",$proxy_directive_snippets_txt);
 		}
 
 		$ssl_domain_select = '';
 		$tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$this->id);
-		$ssl_domains = array($tmp["domain"],'www.'.$tmp["domain"]);
+		$ssl_domains = array($tmp["domain"],'www.'.$tmp["domain"],'*.'.$tmp["domain"]);
 		if(is_array($ssl_domains)) {
 			foreach( $ssl_domains as $ssl_domain) {
 				$selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
@@ -414,16 +425,7 @@
 			/*
 			 * The domain-module is in use.
 			*/
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			/*
-			 * The admin can select ALL domains, the user only the domains assigned to him
-			 */
-			$sql = "SELECT domain_id, domain FROM domain ";
-			if ($_SESSION["s"]["user"]["typ"] != 'admin') {
-				$sql .= "WHERE sys_groupid =" . $client_group_id;
-			}
-			$sql .= " ORDER BY domain";
-			$domains = $app->db->queryAllRecords($sql);
+			$domains = $app->tools_sites->getDomainModuleDomains();
 			$domain_select = '';
 			if(is_array($domains) && sizeof($domains) > 0) {
 				/* We have domains in the list, so create the drop-down-list */
@@ -463,21 +465,20 @@
             $app->uses('ini_parser,getconf');
             $settings = $app->getconf->get_global_config('domains');
             if ($settings['use_domain_module'] == 'y') {
-                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-                
-                $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($this->dataRecord['domain']);
-                if ($_SESSION["s"]["user"]["typ"] != 'admin') {
-                    $sql .= " AND sys_groupid =" . $client_group_id;
-                }
-                $domain_check = $app->db->queryOneRecord($sql);
+                $domain_check = $app->tools_sites->checkDomainModuleDomain($this->dataRecord['domain']);
                 if(!$domain_check) {
                     // invalid domain selected
                     $app->tform->errorMessage .= $app->tform->lng("domain_error_empty")."<br />";
                 } else {
-                    $this->dataRecord['domain'] = $domain_check['domain'];
+                    $this->dataRecord['domain'] = $domain_check;
                 }
             }
         }
+		
+		// nginx: if redirect type is proxy and redirect path is no URL, display error
+		//if($this->dataRecord["redirect_type"] == 'proxy' && substr($this->dataRecord['redirect_path'],0,1) == '/'){
+		//	$app->tform->errorMessage .= $app->tform->lng("error_proxy_requires_url")."<br />";
+		//}
 
 		// Set a few fixed values
 		$this->dataRecord["parent_domain_id"] = 0;
@@ -497,7 +498,7 @@
             if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
             if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
             if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
-            if($client['force_suexec'] != 'n') $this->dataRecord['suexec'] = '-';
+            if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
             if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
             if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
             if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';
@@ -842,7 +843,13 @@
 		
 		//* Set php_open_basedir if empty or domain or client has been changed
 		if(empty($web_rec['php_open_basedir']) ||
-		(!empty($this->dataRecord["domain"]) && !empty($this->oldDataRecord["domain"]) && $this->dataRecord["domain"] != $this->oldDataRecord["domain"]) ||
+		(!empty($this->dataRecord["domain"]) && !empty($this->oldDataRecord["domain"]) && $this->dataRecord["domain"] != $this->oldDataRecord["domain"])) {
+			$php_open_basedir = $web_rec['php_open_basedir'];
+			$php_open_basedir = str_replace($this->oldDataRecord['domain'],$web_rec['domain'],$php_open_basedir);
+			$sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
+			$app->db->query($sql);
+		}
+		if(empty($web_rec['php_open_basedir']) ||
 		(isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["sys_groupid"])) {
 			$document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
 			$php_open_basedir = str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]);

--
Gitblit v1.9.1