From 359a6b03d0a266d59c31a20f84798c49654df271 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 18 Jun 2013 09:00:58 -0400
Subject: [PATCH] Fixed: FS#3008 - Insecure permissions on SSL Key Files when key is created outside of ispconfig

---
 server/plugins-available/apache2_plugin.inc.php |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 96b14c5..4202f04 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -247,6 +247,7 @@
 			//* Write the key file, if field is empty then import the key into the db
 			if(trim($data["new"]["ssl_key"]) != '') {
 				$app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);
+				$app->system->chmod($key_file2,0400);
 			} else {
 				$ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
 				/* Update the DB of the (local) Server */

--
Gitblit v1.9.1