From 752ab3dc79da6fa2dbfd7bfba3c48a6b60c82fa5 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Mon, 22 Sep 2014 09:14:03 -0400
Subject: [PATCH] check always $_POST
---
server/lib/classes/system.inc.php | 190 +++++++++++++++++++++++++++++++++++++++++------
1 files changed, 166 insertions(+), 24 deletions(-)
diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index a393384..76388a6 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -606,6 +606,30 @@
/**
+ * Get the user from an user id
+ *
+ */
+ function getuser($uid){
+ global $app;
+ $user_datei = $this->server_conf['passwd_datei'];
+ $users = $app->file->no_comments($user_datei);
+ $lines = explode("\n", $users);
+ if(is_array($lines)){
+ foreach($lines as $line){
+ if(trim($line) != ''){
+ list($f1, $f2, $f3,) = explode(':', $line);
+ if($f3 == $uid) return $f1;
+ }
+ }
+ }
+ return false;
+ }
+
+
+
+
+
+ /**
* Get the user id from an user
*
*/
@@ -626,6 +650,30 @@
} else {
return false;
}
+ }
+
+
+
+
+
+ /**
+ * Get the group from a group id
+ *
+ */
+ function getgroup($gid){
+ global $app;
+ $group_datei = $this->server_conf['group_datei'];
+ $groups = $app->file->no_comments($group_datei);
+ $lines = explode("\n", $groups);
+ if(is_array($lines)){
+ foreach($lines as $line){
+ if(trim($line) != ""){
+ list($f1, $f2, $f3, $f4) = explode(':', $line);
+ if($f3 == $gid) return $f1;
+ }
+ }
+ }
+ return false;
}
@@ -851,7 +899,7 @@
//* We allow only some characters in the path
// * is allowed, for example it is part of wildcard certificates/keys: *.example.com.crt
- if(!preg_match('@^/[-a-zA-Z0-9_/.*~]{1,}$@', $path)) return false;
+ if(!preg_match('@^/[-a-zA-Z0-9_/.*]{1,}[~]?$@', $path)) return false;
//* Check path for symlinks
$path_parts = explode('/', $path);
@@ -865,6 +913,38 @@
}
+ /**
+ * This function checks the free space for a given directory
+ * @param path check path
+ * @param limit min. free space in bytes
+ * @return bool - true when the the free space is above limit ohterwise false, opt. available disk-space
+ */
+
+ function check_free_space($path, $limit = 0, &$free_space = 0) {
+ $path = rtrim($path, '/');
+
+ /**
+ * Make sure that we have only existing directories in the path.
+
+ * Given a file name instead of a directory, the behaviour of the disk_free_space
+ function is unspecified and may differ between operating systems and PHP versions.
+ */
+ while(!is_dir($path) && $path != '/') $path = realpath(dirname($path));
+
+ $free_space = disk_free_space($out);
+
+ if (!$free_space) {
+ $free_space = 0;
+ return false;
+ }
+
+ if ($free_space >= $limit) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
@@ -1476,9 +1556,13 @@
}
}
- function maildirmake($maildir_path, $user = '', $subfolder = '') {
+ function maildirmake($maildir_path, $user = '', $subfolder = '', $group = '') {
- global $app;
+ global $app, $conf;
+
+ // load the server configuration options
+ $app->uses("getconf");
+ $mail_config = $app->getconf->get_server_config($conf["server_id"], 'mail');
if($subfolder != '') {
$dir = escapeshellcmd($maildir_path.'/.'.$subfolder);
@@ -1490,22 +1574,24 @@
if($user != '' && $user != 'root' && $this->is_user($user)) {
$user = escapeshellcmd($user);
- // I assume that the name of the (vmail group) is the same as the name of the mail user in ISPConfig 3
- $group = $user;
if(is_dir($dir)) $this->chown($dir, $user);
- if(is_dir($dir)) $this->chgrp($dir, $group);
$chown_mdsub = true;
+ }
+
+ if($group != '' && $group != 'root' && $this->is_group($group)) {
+ $group = escapeshellcmd($group);
+ if(is_dir($dir)) $this->chgrp($dir, $group);
+
+ $chgrp_mdsub = true;
}
$maildirsubs = array('cur', 'new', 'tmp');
foreach ($maildirsubs as $mdsub) {
if(!is_dir($dir.'/'.$mdsub)) mkdir($dir.'/'.$mdsub, 0700, true);
- if ($chown_mdsub) {
- chown($dir.'/'.$mdsub, $user);
- chgrp($dir.'/'.$mdsub, $group);
- }
+ if ($chown_mdsub) chown($dir.'/'.$mdsub, $user);
+ if ($chgrp_mdsub) chgrp($dir.'/'.$mdsub, $group);
}
chmod($dir, 0700);
@@ -1521,25 +1607,30 @@
//* Add the subfolder to the subscriptions and courierimapsubscribed files
if($subfolder != '') {
+
// Courier
- if(!is_file($maildir_path.'/courierimapsubscribed')) {
- $tmp_file = escapeshellcmd($maildir_path.'/courierimapsubscribed');
- touch($tmp_file);
- chmod($tmp_file, 0744);
- chown($tmp_file, 'vmail');
- chgrp($tmp_file, 'vmail');
+ if($mail_config['pop3_imap_daemon'] == 'courier') {
+ if(!is_file($maildir_path.'/courierimapsubscribed')) {
+ $tmp_file = escapeshellcmd($maildir_path.'/courierimapsubscribed');
+ touch($tmp_file);
+ chmod($tmp_file, 0744);
+ chown($tmp_file, 'vmail');
+ chgrp($tmp_file, 'vmail');
+ }
+ $this->replaceLine($maildir_path.'/courierimapsubscribed', 'INBOX.'.$subfolder, 'INBOX.'.$subfolder, 1, 1);
}
- $this->replaceLine($maildir_path.'/courierimapsubscribed', 'INBOX.'.$subfolder, 'INBOX.'.$subfolder, 1, 1);
// Dovecot
- if(!is_file($maildir_path.'/subscriptions')) {
- $tmp_file = escapeshellcmd($maildir_path.'/subscriptions');
- touch($tmp_file);
- chmod($tmp_file, 0744);
- chown($tmp_file, 'vmail');
- chgrp($tmp_file, 'vmail');
+ if($mail_config['pop3_imap_daemon'] == 'dovecot') {
+ if(!is_file($maildir_path.'/subscriptions')) {
+ $tmp_file = escapeshellcmd($maildir_path.'/subscriptions');
+ touch($tmp_file);
+ chmod($tmp_file, 0744);
+ chown($tmp_file, 'vmail');
+ chgrp($tmp_file, 'vmail');
+ }
+ $this->replaceLine($maildir_path.'/subscriptions', $subfolder, $subfolder, 1, 1);
}
- $this->replaceLine($maildir_path.'/subscriptions', $subfolder, $subfolder, 1, 1);
}
$app->log('Created Maildir '.$maildir_path.' with subfolder: '.$subfolder, LOGLEVEL_DEBUG);
@@ -1724,7 +1815,58 @@
if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
return $init_script_directory.'/'.$servicename.' '.$action;
}
+
+ function getapacheversion($get_minor = false) {
+ global $app;
+
+ $cmd = '';
+ if($this->is_installed('apache2ctl')) $cmd = 'apache2ctl -v';
+ elseif($this->is_installed('apachectl')) $cmd = 'apachectl -v';
+ else {
+ $app->log("Could not check apache version, apachectl not found.", LOGLEVEL_WARN);
+ return '2.2';
+ }
+
+ exec($cmd, $output, $return_var);
+ if($return_var != 0 || !$output[0]) {
+ $app->log("Could not check apache version, apachectl did not return any data.", LOGLEVEL_WARN);
+ return '2.2';
+ }
+
+ if(preg_match('/version:\s*Apache\/(\d+)(\.(\d+)(\.(\d+))*)?(\D|$)/i', $output[0], $matches)) {
+ return $matches[1] . (isset($matches[3]) ? '.' . $matches[3] : '') . (isset($matches[5]) && $get_minor == true ? '.' . $matches[5] : '');
+ } else {
+ $app->log("Could not check apache version, did not find version string in apachectl output.", LOGLEVEL_WARN);
+ return '2.2';
+ }
+ }
+ function getapachemodules() {
+ global $app;
+
+ $cmd = '';
+ if(is_installed('apache2ctl')) $cmd = 'apache2ctl -t -D DUMP_MODULES';
+ elseif(is_installed('apachectl')) $cmd = 'apachectl -t -D DUMP_MODULES';
+ else {
+ $app->log("Could not check apache modules, apachectl not found.", LOGLEVEL_WARN);
+ return array();
+ }
+
+ exec($cmd . ' 2>/dev/null', $output, $return_var);
+ if($return_var != 0 || !$output[0]) {
+ $app->log("Could not check apache modules, apachectl did not return any data.", LOGLEVEL_WARN);
+ return array();
+ }
+
+ $modules = array();
+ for($i = 0; $i < count($output); $i++) {
+ if(preg_match('/^\s*(\w+)\s+\((shared|static)\)\s*$/', $output[$i], $matches)) {
+ $modules[] = $matches[1];
+ }
+ }
+
+ return $modules;
+ }
}
?>
--
Gitblit v1.9.1