From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
interface/web/sites/web_domain_edit.php | 32 +++++++++++---------------------
1 files changed, 11 insertions(+), 21 deletions(-)
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index 5cc7f5e..c9398b0 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -45,7 +45,7 @@
$app->auth->check_module_permissions('sites');
// Loading classes
-$app->uses('tpl,tform,tform_actions');
+$app->uses('tpl,tform,tform_actions,tools_sites');
$app->load('tform_actions');
class page_action extends tform_actions {
@@ -393,7 +393,7 @@
$ssl_domain_select = '';
$tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$this->id);
- $ssl_domains = array($tmp["domain"],'www.'.$tmp["domain"]);
+ $ssl_domains = array($tmp["domain"],'www.'.$tmp["domain"],'*.'.$tmp["domain"]);
if(is_array($ssl_domains)) {
foreach( $ssl_domains as $ssl_domain) {
$selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
@@ -425,16 +425,7 @@
/*
* The domain-module is in use.
*/
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- /*
- * The admin can select ALL domains, the user only the domains assigned to him
- */
- $sql = "SELECT domain_id, domain FROM domain ";
- if ($_SESSION["s"]["user"]["typ"] != 'admin') {
- $sql .= "WHERE sys_groupid =" . $client_group_id;
- }
- $sql .= " ORDER BY domain";
- $domains = $app->db->queryAllRecords($sql);
+ $domains = $app->tools_sites->getDomainModuleDomains();
$domain_select = '';
if(is_array($domains) && sizeof($domains) > 0) {
/* We have domains in the list, so create the drop-down-list */
@@ -474,21 +465,20 @@
$app->uses('ini_parser,getconf');
$settings = $app->getconf->get_global_config('domains');
if ($settings['use_domain_module'] == 'y') {
- $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-
- $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($this->dataRecord['domain']);
- if ($_SESSION["s"]["user"]["typ"] != 'admin') {
- $sql .= " AND sys_groupid =" . $client_group_id;
- }
- $domain_check = $app->db->queryOneRecord($sql);
+ $domain_check = $app->tools_sites->checkDomainModuleDomain($this->dataRecord['domain']);
if(!$domain_check) {
// invalid domain selected
$app->tform->errorMessage .= $app->tform->lng("domain_error_empty")."<br />";
} else {
- $this->dataRecord['domain'] = $domain_check['domain'];
+ $this->dataRecord['domain'] = $domain_check;
}
}
}
+
+ // nginx: if redirect type is proxy and redirect path is no URL, display error
+ //if($this->dataRecord["redirect_type"] == 'proxy' && substr($this->dataRecord['redirect_path'],0,1) == '/'){
+ // $app->tform->errorMessage .= $app->tform->lng("error_proxy_requires_url")."<br />";
+ //}
// Set a few fixed values
$this->dataRecord["parent_domain_id"] = 0;
@@ -508,7 +498,7 @@
if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
- if($client['force_suexec'] != 'n') $this->dataRecord['suexec'] = '-';
+ if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';
--
Gitblit v1.9.1