From 7bc0f15d860f669c5e84a04a643cb11f0fb5c7dd Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 26 Jan 2010 10:25:39 -0500
Subject: [PATCH] Fixed: FS#879 - Reseller cannot create database for himself, only for "c0" or subclients.

---
 server/plugins-available/apache2_plugin.inc.php |   25 ++++++++++++++++---------
 1 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index c346179..6c72923 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -106,7 +106,7 @@
 			$ssl_cnf = "        RANDFILE               = $rand_file
 
         [ req ]
-        default_bits           = 1024
+        default_bits           = 2048
         default_keyfile        = keyfile.pem
         distinguished_name     = req_distinguished_name
         attributes             = req_attributes
@@ -137,7 +137,7 @@
 			$crt_file = escapeshellcmd($crt_file);
 
         	if(is_file($ssl_cnf_file)){
-          		exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
+          		exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
 				$app->log("Creating SSL Cert for: $domain",LOGLEVEL_DEBUG);
         	}
 
@@ -555,6 +555,7 @@
 		$vhost_data["web_basedir"] = $web_config["website_basedir"];
 		$vhost_data["security_level"] = $web_config["security_level"];
 		$vhost_data["allow_override"] = ($data["new"]["allow_override"] == '')?'All':$data["new"]["allow_override"];
+		$vhost_data["php_open_basedir"] = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
 		
 		// Check if a SSL cert exists
 		$ssl_dir = $data["new"]["document_root"]."/ssl";
@@ -706,12 +707,15 @@
 			$fcgi_tpl = new tpl();
 			$fcgi_tpl->newTemplate("php-fcgi-starter.master");
 				
-			$fcgi_tpl->setVar('php_ini_path',$fastcgi_config["fastcgi_phpini_path"]);
-			$fcgi_tpl->setVar('document_root',$data["new"]["document_root"]);
-			$fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]);
-			$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
-			$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
-			$fcgi_tpl->setVar('security_level',$web_config["security_level"]);
+			$fcgi_tpl->setVar('php_ini_path',escapeshellcmd($fastcgi_config["fastcgi_phpini_path"]));
+			$fcgi_tpl->setVar('document_root',escapeshellcmd($data["new"]["document_root"]));
+			$fcgi_tpl->setVar('php_fcgi_children',escapeshellcmd($fastcgi_config["fastcgi_children"]));
+			$fcgi_tpl->setVar('php_fcgi_max_requests',escapeshellcmd($fastcgi_config["fastcgi_max_requests"]));
+			$fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($fastcgi_config["fastcgi_bin"]));
+			$fcgi_tpl->setVar('security_level',intval($web_config["security_level"]));
+			
+			$php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
+			$fcgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));
 				
 			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
 			file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
@@ -759,7 +763,10 @@
 			$cgi_tpl->newTemplate("php-cgi-starter.master");
 
 			// This works, because php "rewrites" a symlink to the physical path
-			$cgi_tpl->setVar('open_basedir', $data["new"]["document_root"]); 
+			$php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
+			$cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir)); 
+			$cgi_tpl->setVar('document_root', escapeshellcmd($data["new"]["document_root"]));
+			
 			// This will NOT work!
 			//$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]);
 			$cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]);

--
Gitblit v1.9.1