From 23fa83930b415c772d6acd11d8908f7dba98494f Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 24 Oct 2012 08:18:03 -0400
Subject: [PATCH] Removed mod_php support from ispconfig apache vhost file.

---
 install/lib/installer_base.lib.php        |   11 ++++-
 install/dist/lib/fedora.lib.php           |   11 ++++-
 install/tpl/apache_ispconfig.vhost.master |   28 ++++++++------
 install/dist/lib/gentoo.lib.php           |   11 ++++-
 install/dist/lib/opensuse.lib.php         |   11 ++++-
 5 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 67c156f..964d17b 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -875,8 +875,15 @@
 		exec("chmod -R 770 $install_dir/server/aps_packages");
 		
 		//* make sure that the server config file (not the interface one) is only readable by the root user
-		exec("chmod 600 $install_dir/server/lib/$configfile");
-		exec("chown root:root $install_dir/server/lib/$configfile");
+		chmod($install_dir.'/server/lib/config.inc.php', 0600);
+		chown($install_dir.'/server/lib/config.inc.php', 'root');
+		chgrp($install_dir.'/server/lib/config.inc.php', 'root');
+		
+		//* Make sure thet the interface config file is readable by user ispconfig only
+		chmod($install_dir.'/interface/lib/config.inc.php', 0600);
+		chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		
 		if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
 			exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
 			exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index 4d4ada8..db2cf6e 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -864,9 +864,14 @@
 		exec("chmod -R 770 $install_dir/server/aps_packages");
 		
 	    //* make sure that the server config file (not the interface one) is only readable by the root user
-    	chmod($install_dir.'/server/lib/'.$configfile, 0600);
-		chown($install_dir.'/server/lib/'.$configfile, 'root');
-		chgrp($install_dir.'/server/lib/'.$configfile, 'root');
+		chmod($install_dir.'/server/lib/config.inc.php', 0600);
+		chown($install_dir.'/server/lib/config.inc.php', 'root');
+		chgrp($install_dir.'/server/lib/config.inc.php', 'root');
+		
+		//* Make sure thet the interface config file is readable by user ispconfig only
+		chmod($install_dir.'/interface/lib/config.inc.php', 0600);
+		chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
 
 		chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
 		chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 1a8e3c8..97a2a6f 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -914,8 +914,15 @@
 		exec("chmod -R 770 $install_dir/server/aps_packages");
 		
 		//* make sure that the server config file (not the interface one) is only readable by the root user
-		exec("chmod 600 $install_dir/server/lib/$configfile");
-		exec("chown root:root $install_dir/server/lib/$configfile");
+		chmod($install_dir.'/server/lib/config.inc.php', 0600);
+		chown($install_dir.'/server/lib/config.inc.php', 'root');
+		chgrp($install_dir.'/server/lib/config.inc.php', 'root');
+		
+		//* Make sure thet the interface config file is readable by user ispconfig only
+		chmod($install_dir.'/interface/lib/config.inc.php', 0600);
+		chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		
 		if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
 			exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
 			exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 399e7dd..719354f 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1816,9 +1816,14 @@
 		exec("chmod -R 770 $install_dir/server/aps_packages");
 
 		//* make sure that the server config file (not the interface one) is only readable by the root user
-		chmod($install_dir.'/server/lib/'.$configfile, 0600);
-		chown($install_dir.'/server/lib/'.$configfile, 'root');
-		chgrp($install_dir.'/server/lib/'.$configfile, 'root');
+		chmod($install_dir.'/server/lib/config.inc.php', 0600);
+		chown($install_dir.'/server/lib/config.inc.php', 'root');
+		chgrp($install_dir.'/server/lib/config.inc.php', 'root');
+		
+		//* Make sure thet the interface config file is readable by user ispconfig only
+		chmod($install_dir.'/interface/lib/config.inc.php', 0600);
+		chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
 
 		chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
 		chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index bca61b2..4d59dfe 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -10,6 +10,10 @@
 <VirtualHost _default_:{vhost_port}>
   ServerAdmin webmaster@localhost
   
+  <FilesMatch "\.ph(p3?|tml)$">
+    SetHandler None
+  </FilesMatch>
+  
   <IfModule mod_fcgid.c>
     DocumentRoot /var/www/ispconfig/
     SuexecUserGroup ispconfig ispconfig
@@ -23,18 +27,18 @@
     </Directory>
   </IfModule>
   
-  <IfModule mod_php5.c>
-    DocumentRoot /usr/local/ispconfig/interface/web/
-    AddType application/x-httpd-php .php
-    <Directory /usr/local/ispconfig/interface/web>
-      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
-      Options FollowSymLinks
-      AllowOverride None
-      Order allow,deny
-      Allow from all
-	  php_value magic_quotes_gpc        0
-    </Directory>
-  </IfModule>
+#  <IfModule mod_php5.c>
+#    DocumentRoot /usr/local/ispconfig/interface/web/
+#    AddType application/x-httpd-php .php
+#    <Directory /usr/local/ispconfig/interface/web>
+#      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
+#      Options FollowSymLinks
+#      AllowOverride None
+#      Order allow,deny
+#      Allow from all
+#	  php_value magic_quotes_gpc        0
+#    </Directory>
+#  </IfModule>
   
   # ErrorLog /var/log/apache2/error.log
   # CustomLog /var/log/apache2/access.log combined

--
Gitblit v1.9.1