From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 server/plugins-available/apache2_plugin.inc.php |   31 +++++++++++++++++++++++++------
 1 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index c86aa72..41040c0 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -121,8 +121,14 @@
 			$this->ssl_certificate_changed = true;
 			
 			//* Rename files if they exist
-			if(file_exists($key_file)) $app->system->rename($key_file,$key_file.'.bak');
-			if(file_exists($key_file2)) $app->system->rename($key_file2,$key_file2.'.bak');
+			if(file_exists($key_file)){
+				$app->system->rename($key_file,$key_file.'.bak');
+				$app->system->chmod($key_file.'.bak',0400);
+			}
+			if(file_exists($key_file2)){
+				$app->system->rename($key_file2,$key_file2.'.bak');
+				$app->system->chmod($key_file2.'.bak',0400);
+			}
 			if(file_exists($csr_file)) $app->system->rename($csr_file,$csr_file.'.bak');
 			if(file_exists($crt_file)) $app->system->rename($crt_file,$crt_file.'.bak');
 			
@@ -194,6 +200,7 @@
 			
 			}
 
+			$app->system->chmod($key_file,0400);
 			$app->system->chmod($key_file2,0400);
 			@$app->system->unlink($config_file);
 			@$app->system->unlink($rand_file);
@@ -220,8 +227,14 @@
 			$bundle_file = $ssl_dir.'/'.$domain.".bundle";
 			
 			//* Backup files
-			if(file_exists($key_file)) $app->system->copy($key_file,$key_file.'~');
-			if(file_exists($key_file2)) $app->system->copy($key_file2,$key_file2.'~');
+			if(file_exists($key_file)){
+				$app->system->copy($key_file,$key_file.'~');
+				$app->system->chmod($key_file.'~',0400);
+			}
+			if(file_exists($key_file2)){
+				$app->system->copy($key_file2,$key_file2.'~');
+				$app->system->chmod($key_file2.'~',0400);
+			}
 			if(file_exists($csr_file)) $app->system->copy($csr_file,$csr_file.'~');
 			if(file_exists($crt_file)) $app->system->copy($crt_file,$crt_file.'~');
 			if(file_exists($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'~');
@@ -1454,8 +1467,14 @@
 					$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
 					
 					//* Backup the files that might have caused the error
-					if(is_file($key_file)) $app->system->copy($key_file,$key_file.'.err');
-					if(is_file($key_file2)) $app->system->copy($key_file2,$key_file2.'.err');
+					if(is_file($key_file)){
+						$app->system->copy($key_file,$key_file.'.err');
+						$app->system->chmod($key_file.'.err',0400);
+					}
+					if(is_file($key_file2)){
+						$app->system->copy($key_file2,$key_file2.'.err');
+						$app->system->chmod($key_file2.'.err',0400);
+					}
 					if(is_file($csr_file)) $app->system->copy($csr_file,$csr_file.'.err');
 					if(is_file($crt_file)) $app->system->copy($crt_file,$crt_file.'.err');
 					if(is_file($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'.err');

--
Gitblit v1.9.1