From 2e8df115016d0d1c34fd526776930e949df1b5e6 Mon Sep 17 00:00:00 2001
From: cfoe <cfoe@ispconfig3>
Date: Tue, 07 Aug 2012 01:53:11 -0400
Subject: [PATCH] error correction

---
 server/lib/classes/system.inc.php |  167 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 files changed, 155 insertions(+), 12 deletions(-)

diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 5de2f81..410a895 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -610,18 +610,102 @@
 	 * Edit the owner of a file
 	 *
 	 */
-	function chown($file, $owner, $group = ''){
-	  $owner_change = @chown($file, $owner);
-	  if($group != ''){
-	    $group_change = @chgrp($file, $group);
-	  } else {
-	    $group_change = 1;
+	function chown($file, $owner, $allow_symlink = false){
+	  global $app;
+	  if($allow_symlink == false && $this->checkpath($file) == false) {
+		$app->log("Action aborted, file is a symlink: $file",LOGLEVEL_WARN);
+		return false;
 	  }
-	  if($owner_change && $group_change){
-	    return true;
-	  } else {
-	    return false;
+	  if(file_exists($file)) {
+		return chown($file, $owner);
 	  }
+	}
+	
+	function chgrp($file, $group = '', $allow_symlink = false){
+	  global $app;
+	  if($allow_symlink == false && $this->checkpath($file) == false) {
+		$app->log("Action aborted, file is a symlink: $file",LOGLEVEL_WARN);
+		return false;
+	  }
+	  if(file_exists($file)) {
+		return chgrp($file, $group);
+	  }
+	}
+	
+	//* Change the mode of a file
+	function chmod($file, $mode, $allow_symlink = false) {
+		global $app;
+		if($allow_symlink == false && $this->checkpath($file) == false) {
+			$app->log("Action aborted, file is a symlink: $file",LOGLEVEL_WARN);
+			return false;
+		}
+		return chmod($file, $mode);
+	}
+	
+	function file_put_contents($filename, $data, $allow_symlink = false) {
+		global $app;
+		if($allow_symlink == false && $this->checkpath($filename) == false) {
+			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
+			return false;
+		}
+		if(file_exists($filename)) unlink($filename);
+		return file_put_contents($filename, $data);
+	}
+	
+	function file_get_contents($filename, $allow_symlink = false) {
+		global $app;
+		if($allow_symlink == false && $this->checkpath($filename) == false) {
+			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
+			return false;
+		}
+		return file_put_contents($filename, $data);
+	}
+	
+	function rename($filename, $new_filename, $allow_symlink = false) {
+		global $app;
+		if($allow_symlink == false && $this->checkpath($filename) == false) {
+			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
+			return false;
+		}
+		return rename($filename, $new_filename);
+	}
+	
+	function mkdir($dirname, $allow_symlink = false) {
+		global $app;
+		if($allow_symlink == false && $this->checkpath($dirname) == false) {
+			$app->log("Action aborted, file is a symlink: $dirname",LOGLEVEL_WARN);
+			return false;
+		}
+		return mkdir($dirname);
+	}
+	
+	function unlink($file) {
+		if(file_exists($filename)) {
+			return unlink($filename);
+		}
+	}
+	
+	function copy($file1,$file2) {
+		return copy($file1,$file2);
+	}
+	
+	function checkpath($path) {
+		$path = trim($path);
+		//* We allow only absolute paths
+		if(substr($path,0,1) != '/') return false;
+		
+		//* We allow only some characters in the path
+		if(!preg_match('/[a-zA-Z0-9_\.\-]{1,}/',$path)) return false;
+		
+		//* Check path for symlinks
+		$path_parts = explode('/',$path);
+		$testpath = '';
+		foreach($path_parts as $p) {
+			$testpath .= '/'.$p;
+			if(is_link($testpath)) return false;
+		}
+		
+		return true;
 	}
 	
 	/**
@@ -1132,6 +1216,11 @@
 	}
 	
 	function replaceLine($filename,$search_pattern,$new_line,$strict = 0,$append = 1) {
+		global $app;
+		if($this->checkpath($filename) == false) {
+			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
+			return false;
+		}
 		$lines = @file($filename);
 		$out = '';
 		$found = 0;
@@ -1167,6 +1256,11 @@
 	}
 	
 	function removeLine($filename,$search_pattern,$strict = 0) {
+	global $app;
+	if($this->checkpath($filename) == false) {
+		$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
+		return false;
+	}
 	if($lines = @file($filename)) {
 		$out = '';
 		foreach($lines as $line) {
@@ -1200,8 +1294,8 @@
 			$user = escapeshellcmd($user);
 			// I assume that the name of the (vmail group) is the same as the name of the mail user in ISPConfig 3
 			$group = $user;
-			if(is_dir($dir)) chown($dir,$user);
-			if(is_dir($dir)) chgrp($dir,$group);
+			if(is_dir($dir)) $this->chown($dir,$user);
+			if(is_dir($dir)) $this->chgrp($dir,$group);
 
 			$chown_mdsub = true;
 		}
@@ -1253,6 +1347,55 @@
 		$app->log('Created Maildir '.$maildir_path.' with subfolder: '.$subfolder,LOGLEVEL_DEBUG);
 		
 	}
+	
+	//* Function to create directory paths and chown them to a user and group
+	function mkdirpath($path, $mode = 0755, $user = '', $group = '') {
+		$path_parts = explode('/',$path);
+		$new_path = '';
+		if(is_array($path_parts)) {
+			foreach($path_parts as $part) {
+				$new_path .= '/'.$part;
+				if(!@is_dir($new_path)) {
+					$this->mkdir($new_path);
+					$this->chmod($new_path,$mode);
+					if($user != '') $this->chown($new_path,$user);
+					if($group != '') $this->chgrp($new_path,$group);
+				}
+			}
+		}
+		
+	}
+	
+	//* Check if a application is installed
+	function is_installed($appname) {
+		exec('which '.escapeshellcmd($appname).' 2> /dev/null',$out,$returncode);
+		if(isset($out[0]) && stristr($out[0],$appname) && $returncode == 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+	
+	function web_folder_protection($document_root,$protect) {
+		global $app,$conf;
+		
+		if($this->checkpath($document_root) == false) {
+			$app->log("Action aborted, target is a symlink: $document_root",LOGLEVEL_DEBUG);
+			return false;
+		}
+		
+		//* load the server configuration options
+		$app->uses('getconf');
+		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+		
+		if($protect == true && $web_config['web_folder_protection'] == 'y') {
+			//* Add protection
+			if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root,'..')) exec('chattr +i '.escapeshellcmd($document_root));
+		} else {
+			//* Remove protection
+			if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root,'..')) exec('chattr -i '.escapeshellcmd($document_root));
+		}
+	}
 
 }
 ?>

--
Gitblit v1.9.1