From 2023a79096ff4651d601e2ea70a7f050b8555b08 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 21 Sep 2011 06:01:34 -0400
Subject: [PATCH] Improved folder protection.

---
 server/plugins-available/nginx_plugin.inc.php |   88 +++++++++++++++++++++++++++-----------------
 1 files changed, 54 insertions(+), 34 deletions(-)

diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index cd154f3..4d6edef 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -638,19 +638,28 @@
 		$vhost_data['web_document_root'] = $data['new']['document_root'].'/web';
 		$vhost_data['web_document_root_www'] = $web_config['website_basedir'].'/'.$data['new']['domain'].'/web';
 		$vhost_data['web_basedir'] = $web_config['website_basedir'];
-		$vhost_data['security_level'] = $web_config['security_level'];
-		$vhost_data['allow_override'] = ($data['new']['allow_override'] == '')?'All':$data['new']['allow_override'];
 		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
-		//$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
-		//$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
-		$vhost_data['fpm_port'] = $web_config['php_fpm_start_port'] + $data['new']['domain_id'];
+		$vhost_data['fpm_port'] = $web_config['php_fpm_start_port'] + $data['new']['domain_id'] + 1;
+		
+		// Custom nginx directives
+		$final_nginx_directives = array();
+		$nginx_directives = $data['new']['nginx_directives'];
+		// Make sure we only have Unix linebreaks
+		$nginx_directives = str_replace("\r\n", "\n", $nginx_directives);
+		$nginx_directives = str_replace("\r", "\n", $nginx_directives);
+		$nginx_directive_lines = explode("\n", $nginx_directives);
+		if(is_array($nginx_directive_lines) && !empty($nginx_directive_lines)){
+			foreach($nginx_directive_lines as $nginx_directive_line){
+				$final_nginx_directives[] = array('nginx_directive' => $nginx_directive_line);
+			}
+		}
+		$tpl->setLoop('nginx_directives', $final_nginx_directives);
 
 		// Check if a SSL cert exists
 		$ssl_dir = $data['new']['document_root'].'/ssl';
 		$domain = $data['new']['ssl_domain'];
 		$key_file = $ssl_dir.'/'.$domain.'.key';
 		$crt_file = $ssl_dir.'/'.$domain.'.crt';
-		//$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
 
 		if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
 			$vhost_data['ssl_enabled'] = 1;
@@ -660,15 +669,28 @@
 			$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
 		}
 
-		//if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
-
-		//$vhost_data['document_root'] = $data['new']['document_root'].'/web';
+		// Set SEO Redirect
+		if($data['new']['seo_redirect'] != '' && ($data['new']['subdomain'] == 'www' || $data['new']['subdomain'] == '*')){
+			$vhost_data['seo_redirect_enabled'] = 1;
+			if($data['new']['seo_redirect'] == 'non_www_to_www'){
+				$vhost_data['seo_redirect_origin_domain'] = $data['new']['domain'];
+				$vhost_data['seo_redirect_target_domain'] = 'www.'.$data['new']['domain'];
+			}
+			if($data['new']['seo_redirect'] == 'www_to_non_www'){
+				$vhost_data['seo_redirect_origin_domain'] = 'www.'.$data['new']['domain'];
+				$vhost_data['seo_redirect_target_domain'] = $data['new']['domain'];
+			}
+		} else {
+			$vhost_data['seo_redirect_enabled'] = 0;
+		}
+		
 		$tpl->setVar($vhost_data);
 
 		// Rewrite rules
 		$rewrite_rules = array();
 		if($data['new']['redirect_type'] != '') {
 			if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
+			if(substr($data['new']['redirect_path'],0,8) == '[scheme]') $data['new']['redirect_path'] = '$scheme'.substr($data['new']['redirect_path'],8);
 			/* Disabled path extension
 			if($data['new']['redirect_type'] == 'no' && substr($data['new']['redirect_path'],0,4) != 'http') {
 				$data['new']['redirect_path'] = $data['new']['document_root'].'/web'.realpath($data['new']['redirect_path']).'/';
@@ -723,7 +745,9 @@
 				$app->log('Add server alias: '.$alias['domain'],LOGLEVEL_DEBUG);
 				// Rewriting
 				if($alias['redirect_type'] != '') {
-					if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
+					if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
+					if(substr($alias['redirect_path'],0,8) == '[scheme]') $alias['redirect_path'] = '$scheme'.substr($alias['redirect_path'],8);
+					
 					/* Disabled the path extension
 					if($data['new']['redirect_type'] == 'no' && substr($data['new']['redirect_path'],0,4) != 'http') {
 						$data['new']['redirect_path'] = $data['new']['document_root'].'/web'.realpath($data['new']['redirect_path']).'/';
@@ -769,11 +793,8 @@
 		}
 
 		if(count($rewrite_rules) > 0) {
-			$tpl->setVar('rewrite_enabled',1);
-		} else {
-			$tpl->setVar('rewrite_enabled',0);
+			$tpl->setLoop('redirects',$rewrite_rules);
 		}
-		$tpl->setLoop('redirects',$rewrite_rules);
 		
 		//* Create basic http auth for website statistics
 		$tpl->setVar('stats_auth_passwd_file', $data['new']['document_root']."/.htpasswd_stats");
@@ -1056,15 +1077,12 @@
 		global $app, $conf;
 		
 		$pool_dir = $web_config['php_fpm_pool_dir'];
+		$pool_name = 'web'.$data['new']['domain_id'];
 		//$reload = false;
 		
 		if($data['new']['php'] == 'no'){
-			if(@is_file($pool_dir.'/'.$data['old']['domain'].'.conf')){
-				unlink($pool_dir.'/'.$data['old']['domain'].'.conf');
-				//$reload = true;
-			}
-			if(@is_file($pool_dir.'/'.$data['new']['domain'].'.conf')){
-				unlink($pool_dir.'/'.$data['new']['domain'].'.conf');
+			if(@is_file($pool_dir.'/'.$pool_name.'.conf')){
+				unlink($pool_dir.'/'.$pool_name.'.conf');
 				//$reload = true;
 			}
 			//if($reload == true) $app->services->restartService('php-fpm','reload');
@@ -1072,9 +1090,9 @@
 		}
 		
 		//if(!@is_file($pool_dir.'/'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
-			if ( @is_file($pool_dir.'/'.$data['old']['domain'].'.conf') ) {
-				unlink($pool_dir.'/'.$data['old']['domain'].'.conf');
-			}
+			//if ( @is_file($pool_dir.'/'.$pool_name.'.conf') ) {
+			//	unlink($pool_dir.'/'.$pool_name.'.conf');
+			//}
 			
 			$app->uses("getconf");
 			$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
@@ -1083,11 +1101,12 @@
 			$tpl = new tpl();
 			$tpl->newTemplate('php_fpm_pool.conf.master');
 
-			$tpl->setVar('fpm_pool', $data['new']['domain']);
-			$tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id']);
+			$tpl->setVar('fpm_pool', $pool_name);
+			$tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id'] + 1);
 			$tpl->setVar('fpm_user', $data['new']['system_user']);
 			$tpl->setVar('fpm_group', $data['new']['system_group']);
-			$php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
+			$tpl->setVar('security_level',$web_config['security_level']);
+			$php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']);
 			$tpl->setVar('php_open_basedir', $php_open_basedir);
 			if($php_open_basedir != ''){
 				$tpl->setVar('enable_php_open_basedir', '');
@@ -1107,8 +1126,8 @@
 					foreach($ini_settings as $ini_setting){
 							list($key, $value) = explode('=', $ini_setting);
 							if($value){
-								$value = trim($value);
-								$key = trim($key);
+								$value = escapeshellcmd(trim($value));
+								$key = escapeshellcmd(trim($key));
 								switch (strtolower($value)) {
 									case 'on':
 									case 'off':
@@ -1132,8 +1151,8 @@
 			
 			$tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
 			
-			file_put_contents($pool_dir.'/'.$data['new']['domain'].'.conf',$tpl->grab());
-			$app->log('Writing the PHP-FPM config file: '.$pool_dir.'/'.$data['new']['domain'].'.conf',LOGLEVEL_DEBUG);
+			file_put_contents($pool_dir.'/'.$pool_name.'.conf',$tpl->grab());
+			$app->log('Writing the PHP-FPM config file: '.$pool_dir.'/'.$pool_name.'.conf',LOGLEVEL_DEBUG);
 			unset($tpl);
 			//$reload = true;
 		//}
@@ -1145,11 +1164,12 @@
 		global $app;
 		
 		$pool_dir = $web_config['php_fpm_pool_dir'];
+		$pool_name = 'web'.$data['old']['domain_id'];
 		
-		if ( @is_file($pool_dir.'/'.$data['old']['domain'].'.conf') ) {
-			unlink($pool_dir.'/'.$data['old']['domain'].'.conf');
-			$app->log('Removed PHP-FPM config file: '.$pool_dir.'/'.$data['old']['domain'].'.conf',LOGLEVEL_DEBUG);
-			$app->services->restartService('php-fpm','reload');
+		if ( @is_file($pool_dir.'/'.$pool_name.'.conf') ) {
+			unlink($pool_dir.'/'.$pool_name.'.conf');
+			$app->log('Removed PHP-FPM config file: '.$pool_dir.'/'.$pool_name.'.conf',LOGLEVEL_DEBUG);
+			//$app->services->restartService('php-fpm','reload');
 		}
 	}
 	

--
Gitblit v1.9.1