From 9c513ce80ee4ddb6bb08cd16b21a81e379b60cdb Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 05 Jun 2012 10:54:55 -0400
Subject: [PATCH] Fixed: FS#2121 - ftpquota wont be delete
---
server/plugins-available/apache2_plugin.inc.php | 84 +++++++++++++++++++++++++++++++++--------
1 files changed, 67 insertions(+), 17 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 66940a5..74578c4 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -85,6 +85,8 @@
$app->plugins->registerEvent('web_folder_update',$this->plugin_name,'web_folder_update');
$app->plugins->registerEvent('web_folder_delete',$this->plugin_name,'web_folder_delete');
+ $app->plugins->registerEvent('ftp_user_delete',$this->plugin_name,'ftp_user_delete');
+
}
// Handle the creation of SSL certificates
@@ -110,6 +112,13 @@
//* Create a SSL Certificate
if($data['new']['ssl_action'] == 'create') {
+
+ //* Rename files if they exist
+ if(file_exists($key_file)) rename($key_file,$key_file.'.bak');
+ if(file_exists($key_file2)) rename($key_file2,$key_file2.'.bak');
+ if(file_exists($csr_file)) rename($csr_file,$csr_file.'.bak');
+ if(file_exists($crt_file)) rename($crt_file,$crt_file.'.bak');
+
$rand_file = $ssl_dir.'/random_file';
$rand_data = md5(uniqid(microtime(),1));
for($i=0; $i<1000; $i++) {
@@ -133,11 +142,11 @@
output_password = $ssl_password
[ req_distinguished_name ]
- C = ".$data['new']['ssl_country']."
- ST = ".$data['new']['ssl_state']."
- L = ".$data['new']['ssl_locality']."
- O = ".$data['new']['ssl_organisation']."
- OU = ".$data['new']['ssl_organisation_unit']."
+ C = ".trim($data['new']['ssl_country'])."
+ ST = ".trim($data['new']['ssl_state'])."
+ L = ".trim($data['new']['ssl_locality'])."
+ O = ".trim($data['new']['ssl_organisation'])."
+ OU = ".trim($data['new']['ssl_organisation_unit'])."
CN = $domain
emailAddress = webmaster@".$data['new']['domain']."
@@ -286,6 +295,10 @@
}
if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
$app->log('Websites cannot be owned by the root user or group.',LOGLEVEL_WARN);
+ return 0;
+ }
+ if(trim($data['new']['domain']) == '') {
+ $app->log('domain is empty',LOGLEVEL_WARN);
return 0;
}
@@ -631,9 +644,10 @@
* website root has to be owned by the root user and we have to chmod it to 755 then
*/
- //* Check if there is a jailkit user for this site
+ //* Check if there is a jailkit user or cronjob for this site
$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
- if($tmp['number'] > 0) {
+ $tmp2 = $app->db->queryOneRecord('SELECT count(id) as number FROM cron WHERE parent_domain_id = '.$data['new']['domain_id']." AND `type` = 'chrooted'");
+ if($tmp['number'] > 0 || $tmp2['number'] > 0) {
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
}
@@ -665,9 +679,15 @@
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
- //* Write the custom php.ini file, if custom_php_ini filed is not empty
+ //* Write the custom php.ini file, if custom_php_ini fieled is not empty
$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
+
+ //* add open_basedir restriction to custom php.ini content, required for suphp only
+ if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
+ $data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
+ }
+ //* Create custom php.ini
if(trim($data['new']['custom_php_ini']) != '') {
$has_custom_php_ini = true;
if(!is_dir($custom_php_ini_dir)) mkdir($custom_php_ini_dir);
@@ -709,6 +729,11 @@
$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
+
+ // Custom Apache directives
+ // Make sure we only have Unix linebreaks
+ $vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
+ $vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -750,7 +775,7 @@
// Rewrite rules
$rewrite_rules = array();
- if($data['new']['redirect_type'] != '') {
+ if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
if(substr($data['new']['redirect_path'],0,8) == '[scheme]'){
$rewrite_target = 'http'.substr($data['new']['redirect_path'],8);
@@ -816,7 +841,7 @@
}
$app->log('Add server alias: '.$alias['domain'],LOGLEVEL_DEBUG);
// Rewriting
- if($alias['redirect_type'] != '') {
+ if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
if(substr($alias['redirect_path'],0,8) == '[scheme]'){
$rewrite_target = 'http'.substr($alias['redirect_path'],8);
@@ -1549,6 +1574,16 @@
}
+
+ public function ftp_user_delete($event_name,$data) {
+ global $app, $conf;
+
+ $ftpquota_file = $data['old']['dir'].'/.ftpquota';
+ if(file_exists($ftpquota_file)) unlink($ftpquota_file);
+
+ }
+
+
/**
* This function is called when a Webdav-User is inserted, updated or deleted.
@@ -1576,6 +1611,7 @@
$domain = $sitedata['domain'];
$user = $sitedata['system_user'];
$group = $sitedata['system_group'];
+ $webdav_user_dir = $documentRoot . '/webdav/' . $data['new']['dir'];
/* Check if this is a chrooted setup */
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1584,13 +1620,25 @@
} else {
$apache_chrooted = false;
}
+
+ //* We dont want to have relative paths here
+ if(stristr($webdav_user_dir,'..') || stristr($webdav_user_dir,'./')) {
+ $app->log('Folder path '.$webdav_user_dir.' contains ./ or .. '.$documentRoot,LOGLEVEL_WARN);
+ return false;
+ }
+
+ //* Check if the resulting path exists if yes, if it is inside the docroot
+ if(is_dir($webdav_user_dir) && substr(realpath($webdav_user_dir),0,strlen($documentRoot)) != $documentRoot) {
+ $app->log('Folder path '.$webdav_user_dir.' is outside of docroot '.$documentRoot,LOGLEVEL_WARN);
+ return false;
+ }
/*
* First the webdav-root - folder has to exist
*/
- if(!is_dir($documentRoot . '/webdav/' . $data['new']['dir'])) {
- $app->log('Webdav User directory '.$documentRoot.'/webdav/'.$data['new']['dir'].' does not exist. Creating it now.',LOGLEVEL_DEBUG);
- exec('mkdir -p '.escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir']));
+ if(!is_dir($webdav_user_dir)) {
+ $app->log('Webdav User directory '.$webdav_user_dir.' does not exist. Creating it now.',LOGLEVEL_DEBUG);
+ exec('mkdir -p '.escapeshellcmd($webdav_user_dir));
}
/*
@@ -1603,19 +1651,19 @@
* The webdav folder (not the webdav-root!) needs the same (not in ONE step, because the
* pwd-files are owned by root)
*/
- $this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'. $data['new']['dir'] . ' -R'));
- $this->_exec('chmod 770 ' . escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir'] . ' -R'));
+ $this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($webdav_user_dir.' -R'));
+ $this->_exec('chmod 770 ' . escapeshellcmd($webdav_user_dir.' -R'));
/*
* if the user is active, we have to write/update the password - file
* if the user is inactive, we have to inactivate the user by removing the user from the file
*/
if ($data['new']['active'] == 'y') {
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+ $this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
}
else {
/* empty pwd removes the user! */
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
+ $this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
}
/*
@@ -1767,6 +1815,7 @@
$output .= " Alias /webdav/" . $fn . ' ' . $webdavRoot . '/' . $fn . "\n";
$output .= " <Location /webdav/" . $fn . ">\n";
$output .= " DAV On\n";
+ $output .= ' BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On'."\n";
$output .= " AuthType Digest\n";
$output .= " AuthName \"" . $fn . "\"\n";
$output .= " AuthUserFile " . $webdavRoot . '/' . $file . "\n";
@@ -1811,6 +1860,7 @@
$awstats_conf_dir = $web_config['awstats_conf_dir'];
+ if(!is_dir($data['new']['document_root']."/web/stats/")) mkdir($data['new']['document_root']."/web/stats");
if(!@is_file($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');
--
Gitblit v1.9.1