From accfe5ed9238e8dba04ab2524fbc69cf3295739a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Mon, 09 Apr 2012 18:20:08 -0400
Subject: [PATCH] - Fixed FS#2099.

---
 server/plugins-available/apache2_plugin.inc.php |   51 +++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index ea215e4..1f4cc2b 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -293,10 +293,19 @@
 		$app->uses('system');
 		
 		if($web_config['connect_userid_to_webid'] == 'y') {
+			//* Calculate the uid and gid
 			$connect_userid_to_webid_start = ($web_config['connect_userid_to_webid_start'] < 1000)?1000:intval($web_config['connect_userid_to_webid_start']);
 			$fixed_uid_gid = intval($connect_userid_to_webid_start + $data['new']['domain_id']);
 			$fixed_uid_param = '--uid '.$fixed_uid_gid;
 			$fixed_gid_param = '--gid '.$fixed_uid_gid;
+			
+			//* Check if a ispconfigend user and group exists and create them
+			if(!$app->system->is_group('ispconfigend')) {
+				exec('groupadd --gid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
+			}
+			if(!$app->system->is_user('ispconfigend')) {
+				exec('useradd -g ispconfigend -d /usr/local/ispconfig --uid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
+			}
 		} else {
 			$fixed_uid_param = '';
 			$fixed_gid_param = '';
@@ -354,7 +363,13 @@
 			unset($tmp_docroot[count($tmp_docroot)-1]);
 			$old_dir = implode('/',$tmp_docroot);
 
-			exec('rm -rf '.$data['new']['document_root']);
+			//* Check if there is already some data in the new docroot and rename it as we need a clean path to move the existing site to the new path
+			if(@is_dir($data['new']['document_root'])) {
+				rename($data['new']['document_root'],$data['new']['document_root'].'_bak_'.date('Y_m_d'));
+				$app->log('Renaming existing directory in new docroot location. mv '.$data['new']['document_root'].' '.$data['new']['document_root'].'_bak_'.date('Y_m_d'),LOGLEVEL_DEBUG);
+			}
+			
+			//* Create new base directory, if it does not exist yet
 			if(!is_dir($new_dir)) exec('mkdir -p '.$new_dir);
 			exec('mv '.$data['old']['document_root'].' '.$new_dir);
 			$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);
@@ -694,6 +709,11 @@
 		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
 		$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
 		$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
+		
+		// Custom Apache directives
+		// Make sure we only have Unix linebreaks
+		$vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
+		$vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
 
 		// Check if a SSL cert exists
 		$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -1561,6 +1581,7 @@
 			$domain = $sitedata['domain'];
 			$user = $sitedata['system_user'];
 			$group = $sitedata['system_group'];
+			$webdav_user_dir = $documentRoot . '/webdav/' . $data['new']['dir'];
 
 			/* Check if this is a chrooted setup */
 			if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1569,13 +1590,25 @@
 			} else {
 				$apache_chrooted = false;
 			}
+			
+			//* We dont want to have relative paths here
+			if(stristr($webdav_user_dir,'..')  || stristr($webdav_user_dir,'./')) {
+				$app->log('Folder path '.$webdav_user_dir.' contains ./ or .. '.$documentRoot,LOGLEVEL_WARN);
+				return false;
+			}
+			
+			//* Check if the resulting path exists if yes, if it is inside the docroot
+			if(is_dir($webdav_user_dir) && substr(realpath($webdav_user_dir),0,strlen($documentRoot)) != $documentRoot) {
+				$app->log('Folder path '.$webdav_user_dir.' is outside of docroot '.$documentRoot,LOGLEVEL_WARN);
+				return false;
+			}
 
 			/*
 			 * First the webdav-root - folder has to exist
 			*/
-			if(!is_dir($documentRoot . '/webdav/' . $data['new']['dir'])) {
-				$app->log('Webdav User directory '.$documentRoot.'/webdav/'.$data['new']['dir'].' does not exist. Creating it now.',LOGLEVEL_DEBUG);
-				exec('mkdir -p '.escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir']));
+			if(!is_dir($webdav_user_dir)) {
+				$app->log('Webdav User directory '.$webdav_user_dir.' does not exist. Creating it now.',LOGLEVEL_DEBUG);
+				exec('mkdir -p '.escapeshellcmd($webdav_user_dir));
 			}
 
 			/*
@@ -1588,19 +1621,19 @@
 			 * The webdav folder (not the webdav-root!) needs the same (not in ONE step, because the
 			 * pwd-files are owned by root)
 			*/
-			$this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'. $data['new']['dir'] . ' -R'));
-			$this->_exec('chmod 770 ' . escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir'] . ' -R'));
+			$this->_exec('chown ' . $user . ':' . $group . ' ' . escapeshellcmd($webdav_user_dir.' -R'));
+			$this->_exec('chmod 770 ' . escapeshellcmd($webdav_user_dir.' -R'));
 
 			/*
 			 * if the user is active, we have to write/update the password - file
 			 * if the user is inactive, we have to inactivate the user by removing the user from the file
 			*/
 			if ($data['new']['active'] == 'y') {
-				$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+				$this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
 			}
 			else {
 				/* empty pwd removes the user! */
-				$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
+				$this->_writeHtDigestFile( $webdav_user_dir . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
 			}
 
 			/*
@@ -1752,6 +1785,7 @@
 						$output .= "      Alias /webdav/" . $fn . ' ' . $webdavRoot . '/' . $fn . "\n";
 						$output .= "      <Location /webdav/" . $fn . ">\n";
 						$output .= "        DAV On\n";
+						$output .= '        BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On'."\n";
 						$output .= "        AuthType Digest\n";
 						$output .= "        AuthName \"" . $fn . "\"\n";
 						$output .= "        AuthUserFile " . $webdavRoot . '/' . $file . "\n";
@@ -1796,6 +1830,7 @@
 		
 		$awstats_conf_dir = $web_config['awstats_conf_dir'];
 		
+		if(!is_dir($data['new']['document_root']."/web/stats/")) mkdir($data['new']['document_root']."/web/stats");
 		if(!@is_file($awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
 			if ( @is_file($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf') ) {
 				unlink($awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf');

--
Gitblit v1.9.1