From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
server/plugins-available/cron_plugin.inc.php | 23 ++++++++++++-----------
1 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index d1e31d1..4ccbcb2 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -142,7 +142,7 @@
}
// make temp directory writable for the apache and website users
- chmod(escapeshellcmd($parent_domain["document_root"].'/tmp'), 0777);
+ $app->system->chmod(escapeshellcmd($parent_domain["document_root"].'/tmp'), 0777);
/** TODO READ CRON MASTER **/
@@ -183,8 +183,9 @@
//* try to find customer's mail address
/** TODO: add possibility for client to choose mail notification! **/
- $cron_content = "MAILTO=''\n\n";
- $chr_cron_content = "MAILTO=''\n\n";
+ $cron_content = "MAILTO=''\n";
+ $cron_content .= "SHELL='/bin/sh'\n\n";
+ $chr_cron_content = "MAILTO=''\n";
$chr_cron_content .= "SHELL='/usr/sbin/jk_chrootsh'\n\n";
$cmd_count = 0;
@@ -197,11 +198,11 @@
if($job['run_month'] == '@reboot') {
$command = "@reboot";
} else {
- $command = "{$job['run_min']}\t{$job['run_hour']}\t{$job['run_mday']}\t{$job['run_month']}\t{$job['run_wday']}";
+ $command = str_replace(" ", "", $job['run_min']) . "\t" . str_replace(" ", "", $job['run_hour']) . "\t" . str_replace(" ", "", $job['run_mday']) . "\t" . str_replace(" ", "", $job['run_month']) . "\t" . str_replace(" ", "", $job['run_wday']);
}
$command .= "\t{$this->parent_domain['system_user']}"; //* running as user
if($job['type'] == 'url') {
- $command .= "\t{$cron_config['wget']} -q -O /dev/null " . escapeshellarg($job['command']) . " >/dev/null 2>&1";
+ $command .= "\t{$cron_config['wget']} -q -t 1 -T 7200 -O /dev/null " . escapeshellarg($job['command']) . " >/dev/null 2>&1";
} else {
if($job['type'] == 'chrooted') {
if(substr($job['command'], 0, strlen($this->parent_domain['document_root'])) == $this->parent_domain['document_root']) {
@@ -216,10 +217,10 @@
}
if($job['type'] == 'chrooted') {
- $chr_cron_content .= $command . "\t#{$job['domain']}\n";
+ $chr_cron_content .= $command . " #{$job['domain']}\n";
$chr_cmd_count++;
} else {
- $cron_content .= $command . "\t#{$job['domain']}\n";
+ $cron_content .= $command . " #{$job['domain']}\n";
$cmd_count++;
}
}
@@ -233,19 +234,19 @@
}
if($cmd_count > 0) {
- file_put_contents($cron_file, $cron_content);
+ $app->system->file_put_contents($cron_file, $cron_content);
$app->log("Wrote Cron file $cron_file with content:\n$cron_content",LOGLEVEL_DEBUG);
} else {
- @unlink($cron_file);
+ $app->system->unlink($cron_file);
$app->log("Deleted Cron file $cron_file",LOGLEVEL_DEBUG);
}
$cron_file = escapeshellcmd($cron_config["crontab_dir"].'/ispc_chrooted_'.$this->parent_domain["system_user"]);
if($chr_cmd_count > 0) {
- file_put_contents($cron_file, $chr_cron_content);
+ $app->system->file_put_contents($cron_file, $chr_cron_content);
$app->log("Wrote Cron file $cron_file with content:\n$chr_cron_content",LOGLEVEL_DEBUG);
} else {
- @unlink($cron_file);
+ $app->system->unlink($cron_file);
$app->log("Deleted Cron file $cron_file",LOGLEVEL_DEBUG);
}
--
Gitblit v1.9.1