From 5a70c4ce66714554d08f0c87a6f4a33139f21049 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 13 Nov 2012 12:40:49 -0500
Subject: [PATCH] Implemented: - allowed /web as a base path for vhost subdomains - added security checks when deleting vhost subdomains, so no paths still used by other subdomains or the main web get deleted accidently
---
interface/web/sites/web_vhost_subdomain_edit.php | 2
server/plugins-available/apache2_plugin.inc.php | 59 ++++++++++++++++++++++++++++-
2 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index dff10c0..9089bef 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -369,7 +369,7 @@
$this->dataRecord['web_folder'] = strtolower($this->dataRecord['web_folder']);
- $forbidden_folders = array('', 'cgi-bin', 'web', 'log', 'private', 'ssl', 'tmp', 'webdav');
+ $forbidden_folders = array('', 'cgi-bin', 'log', 'private', 'ssl', 'tmp', 'webdav');
$check_folder = strtolower($this->dataRecord['web_folder']);
if(substr($check_folder, 0, 1) === '/') $check_folder = substr($check_folder, 1); // strip / at beginning to check against forbidden entries
if(strpos($check_folder, '/') !== false) $check_folder = substr($check_folder, 0, strpos($check_folder, '/')); // get the first part of the path to check it
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 14caf6e..aa33628 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1545,8 +1545,63 @@
if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain') {
$docroot = escapeshellcmd($data['old']['document_root']);
if($docroot != '' && !stristr($docroot,'..')) {
- if($data['old']['type'] == 'vhost') exec('rm -rf '.$docroot);
- elseif(!stristr($data['old']['web_folder'], '..')) exec('rm -rf '.$docroot.'/'.$web_folder);
+ if($data['old']['type'] == 'vhost') {
+ // this is a vhost - we delete everything in here.
+ exec('rm -rf '.$docroot);
+ } elseif(!stristr($data['old']['web_folder'], '..')) {
+ // this is a vhost subdomain
+ // IMPORTANT: do some folder checks before we delete this!
+ $do_delete = true;
+ $delete_folder = preg_replace('/[\/]{2,}/', '/', $web_folder); // replace / occuring multiple times
+ if(substr($delete_folder, 0, 1) === '/') $delete_folder = substr($delete_folder, 1);
+ if(substr($delete_folder, -1) === '/') $delete_folder = substr($delete_folder, 0, -1);
+
+ $path_elements = explode('/', $delete_folder);
+
+ if($path_elements[0] == 'web' || $path_elements[0] === '') {
+ // paths beginning with /web should NEVER EVER be deleted, empty paths should NEVER occur - but for safety reasons we check it here!
+ // we use strict check as otherwise directories named '0' may not be deleted
+ $do_delete = false;
+ } else {
+ // read all vhost subdomains with same parent domain
+ $used_paths = array();
+ $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE type = 'vhostsubdomain' AND parent_domain_id = ".intval($data['old']['parent_domain_id'])." AND domain_id != ".intval($data['old']['domain_id']));
+ foreach($tmp as $tmprec) {
+ // we normalize the folder entries because we need to compare them
+ $tmp_folder = preg_replace('/[\/]{2,}/', '/', $tmprec['web_folder']); // replace / occuring multiple times
+ if(substr($tmp_folder, 0, 1) === '/') $tmp_folder = substr($tmp_folder, 1);
+ if(substr($tmp_folder, -1) === '/') $tmp_folder = substr($tmp_folder, 0, -1);
+
+ // add this path and it's parent paths to used_paths array
+ while(strpos($tmp_folder, '/') !== false) {
+ if(in_array($tmp_folder, $used_paths) == false) $used_paths[] = $tmp_folder;
+ $tmp_folder = substr($tmp_folder, 0, strrpos($tmp_folder, '/'));
+ }
+ if(in_array($tmp_folder, $used_paths) == false) $used_paths[] = $tmp_folder;
+ }
+ unset($tmp);
+
+ // loop and check if the path is still used and stop at first used one
+ // set do_delete to false so nothing gets deleted if the web_folder itself is still used
+ $do_delete = false;
+ while(count($path_elements) > 0) {
+ $tmp_folder = implode('/', $path_elements);
+ if(in_array($tmp_folder, $used_paths) == true) break;
+
+ // this path is not used - set it as path to delete, strip the last element from the array and set do_delete to true
+ $delete_folder = $tmp_folder;
+ $do_delete = true;
+ array_pop($path_elements);
+ }
+ unset($tmp_folder);
+ unset($used_paths);
+ }
+
+ if($do_delete === true && $delete_folder !== '') exec('rm -rf '.$docroot.'/'.$delete_folder);
+
+ unset($delete_folder);
+ unset($path_elements);
+ }
}
//remove the php fastgi starter script if available
--
Gitblit v1.9.1