From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
server/plugins-available/cron_plugin.inc.php | 54 +++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 37 insertions(+), 17 deletions(-)
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index 923d8b5..4ccbcb2 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -97,7 +97,7 @@
$app->log("Parent domain not found",LOGLEVEL_WARN);
return 0;
} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
- $app->log("Websites (and Crons) can not be owned by the root user or group.",LOGLEVEL_WARN);
+ $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN);
return 0;
}
@@ -133,14 +133,23 @@
exec("setquota -T -u $username 604800 604800 -a &> /dev/null");
}
- // make temp direcory writable for the apache user and the website user
- exec("chmod 777 ".escapeshellcmd($parent_domain["document_root"]."/tmp"));
+ //TODO : change this when distribution information has been integrated into server record
+ //* Gentoo requires a user to be part of the crontab group.
+ if (file_exists('/etc/gentoo-release')) {
+ if (strpos($app->system->get_user_groups($username), 'crontab') === false) {
+ $app->system->add_user_to_group('crontab', $username);
+ }
+ }
+
+ // make temp directory writable for the apache and website users
+ $app->system->chmod(escapeshellcmd($parent_domain["document_root"].'/tmp'), 0777);
/** TODO READ CRON MASTER **/
$this->parent_domain = $parent_domain;
$this->_write_crontab();
+ $this->action = '';
}
@@ -174,21 +183,26 @@
//* try to find customer's mail address
/** TODO: add possibility for client to choose mail notification! **/
- $cron_content = "MAILTO=''\n\n";
- $chr_cron_content = "MAILTO=''\n\n";
+ $cron_content = "MAILTO=''\n";
+ $cron_content .= "SHELL='/bin/sh'\n\n";
+ $chr_cron_content = "MAILTO=''\n";
$chr_cron_content .= "SHELL='/usr/sbin/jk_chrootsh'\n\n";
$cmd_count = 0;
$chr_cmd_count = 0;
//* read all active cron jobs from database and write them to file
- $cron_jobs = $app->db->queryAllRecords("SELECT `run_min`, `run_hour`, `run_mday`, `run_month`, `run_wday`, `command`, `type` FROM `cron` WHERE `parent_domain_id` = ".intval($this->parent_domain["domain_id"]) . " AND `active` = 'y'");
+ $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ".intval($this->parent_domain["domain_id"]) . " AND c.`active` = 'y'");
if($cron_jobs && count($cron_jobs) > 0) {
foreach($cron_jobs as $job) {
- $command = "{$job['run_min']}\t{$job['run_hour']}\t{$job['run_mday']}\t{$job['run_month']}\t{$job['run_wday']}";
- $command .= "\t{$this->parent_domain['system_user']}"; //* running as user
+ if($job['run_month'] == '@reboot') {
+ $command = "@reboot";
+ } else {
+ $command = str_replace(" ", "", $job['run_min']) . "\t" . str_replace(" ", "", $job['run_hour']) . "\t" . str_replace(" ", "", $job['run_mday']) . "\t" . str_replace(" ", "", $job['run_month']) . "\t" . str_replace(" ", "", $job['run_wday']);
+ }
+ $command .= "\t{$this->parent_domain['system_user']}"; //* running as user
if($job['type'] == 'url') {
- $command .= "\t{$cron_config['wget']} -q -O /dev/null " . escapeshellarg($job['command']) . " >/dev/null 2>&1";
+ $command .= "\t{$cron_config['wget']} -q -t 1 -T 7200 -O /dev/null " . escapeshellarg($job['command']) . " >/dev/null 2>&1";
} else {
if($job['type'] == 'chrooted') {
if(substr($job['command'], 0, strlen($this->parent_domain['document_root'])) == $this->parent_domain['document_root']) {
@@ -198,35 +212,41 @@
}
$command .= "\t";
- if(substr($job['command'], 0, 1) != "/") $command .= $this->parent_domain['document_root'];
+ if(substr($job['command'], 0, 1) != "/") $command .= $this->parent_domain['document_root'].'/';
$command .= $job['command'];
}
if($job['type'] == 'chrooted') {
- $chr_cron_content .= $command . "\n";
+ $chr_cron_content .= $command . " #{$job['domain']}\n";
$chr_cmd_count++;
} else {
- $cron_content .= $command . "\n";
+ $cron_content .= $command . " #{$job['domain']}\n";
$cmd_count++;
}
}
}
$cron_file = escapeshellcmd($cron_config["crontab_dir"].'/ispc_'.$this->parent_domain["system_user"]);
+ //TODO : change this when distribution information has been integrated into server record
+ //* Gentoo vixie-cron requires files to end with .cron in the cron.d directory
+ if (file_exists('/etc/gentoo-release')) {
+ $cron_file .= '.cron';
+ }
+
if($cmd_count > 0) {
- file_put_contents($cron_file, $cron_content);
+ $app->system->file_put_contents($cron_file, $cron_content);
$app->log("Wrote Cron file $cron_file with content:\n$cron_content",LOGLEVEL_DEBUG);
} else {
- @unlink($cron_file);
+ $app->system->unlink($cron_file);
$app->log("Deleted Cron file $cron_file",LOGLEVEL_DEBUG);
}
$cron_file = escapeshellcmd($cron_config["crontab_dir"].'/ispc_chrooted_'.$this->parent_domain["system_user"]);
if($chr_cmd_count > 0) {
- file_put_contents($cron_file, $chr_cron_content);
+ $app->system->file_put_contents($cron_file, $chr_cron_content);
$app->log("Wrote Cron file $cron_file with content:\n$chr_cron_content",LOGLEVEL_DEBUG);
} else {
- @unlink($cron_file);
+ $app->system->unlink($cron_file);
$app->log("Deleted Cron file $cron_file",LOGLEVEL_DEBUG);
}
@@ -235,4 +255,4 @@
} // end class
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1