From c4f93a0dc58e8a79d5c195760158b0fa48243a55 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 12 Dec 2012 05:52:47 -0500
Subject: [PATCH] Fixed: FS#2573 - APS Reseller cannot see users pakages
---
server/plugins-available/apache2_plugin.inc.php | 140 +++++++++++++++++++++++++++++++++++++---------
1 files changed, 113 insertions(+), 27 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 14caf6e..c40afbf 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -421,8 +421,8 @@
//* Create new base directory, if it does not exist yet
if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
- //exec('mv '.$data['old']['document_root'].' '.$new_dir);
- $app->system->rename($data['old']['document_root'],$new_dir);
+ exec('mv '.escapeshellarg($data['old']['document_root']).' '.escapeshellarg($new_dir));
+ //$app->system->rename($data['old']['document_root'],$new_dir);
$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);
// Handle the change in php_open_basedir
@@ -439,7 +439,12 @@
exec($command);
if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
-
+
+ //* Change the log mount
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
+ $app->system->removeLine('/etc/fstab',$fstab_line);
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0';
+ $app->system->replaceLine('/etc/fstab',$fstab_line,$fstab_line,1,1);
}
@@ -469,19 +474,26 @@
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/httpd/'.$data['old']['domain']);
if(is_link($data['old']['document_root'].'/'.$log_folder)) $app->system->unlink($data['old']['document_root'].'/'.$log_folder);
+
+ //* remove old log mount
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
+ $app->system->removeLine('/etc/fstab',$fstab_line);
+
+ //* Unmount log directory
+ exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
}
//* Create the log dir if nescessary and mount it
- if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data['new']['domain']);
- if(!is_dir($data['new']['document_root'].'/'.$log_folder) || is_link($data['new']['document_root'].'/'.$log_folder)) {
+ if(!is_dir($data['new']['document_root'].'/'.$log_folder) || !is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain']) || is_link($data['new']['document_root'].'/'.$log_folder)) {
if(is_link($data['new']['document_root'].'/'.$log_folder)) unlink($data['new']['document_root'].'/'.$log_folder);
+ if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data['new']['domain']);
$app->system->mkdirpath($data['new']['document_root'].'/'.$log_folder);
$app->system->chown($data['new']['document_root'].'/'.$log_folder,'root');
$app->system->chgrp($data['new']['document_root'].'/'.$log_folder,'root');
$app->system->chmod($data['new']['document_root'].'/'.$log_folder,0755);
exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));
//* add mountpoint to fstab
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0';
$app->system->replaceLine('/etc/fstab',$fstab_line,$fstab_line,1,1);
}
@@ -868,7 +880,7 @@
// Rewrite rules
$rewrite_rules = array();
if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
- if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
+ if(substr($data['new']['redirect_path'],-1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $data['new']['redirect_path'])) $data['new']['redirect_path'] .= '/';
if(substr($data['new']['redirect_path'],0,8) == '[scheme]'){
$rewrite_target = 'http'.substr($data['new']['redirect_path'],8);
$rewrite_target_ssl = 'https'.substr($data['new']['redirect_path'],8);
@@ -888,26 +900,30 @@
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
$rewrite_rules[] = array( 'rewrite_domain' => '^' . $this->_rewrite_quote('www.'.$data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
case '*':
$rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
default:
$rewrite_rules[] = array( 'rewrite_domain' => '^'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
}
}
@@ -963,7 +979,7 @@
// Rewriting
if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
- if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
+ if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $data['new']['redirect_path'])) $alias['redirect_path'] .= '/';
if(substr($alias['redirect_path'],0,8) == '[scheme]'){
$rewrite_target = 'http'.substr($alias['redirect_path'],8);
$rewrite_target_ssl = 'https'.substr($alias['redirect_path'],8);
@@ -983,19 +999,22 @@
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
$rewrite_rules[] = array( 'rewrite_domain' => '^' . $this->_rewrite_quote('www.'.$alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
case '*':
$rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
default:
if(substr($alias['domain'], 0, 2) === '*.') $domain_rule = '(^|\.)'.$this->_rewrite_quote(substr($alias['domain'], 2));
@@ -1004,7 +1023,8 @@
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
}
}
}
@@ -1266,14 +1286,25 @@
} else {
$vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
}
- $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
- }
-
- //* Add vhost for IPv6 IP
- if($data['new']['ipv6_address'] != '') {
- if(count($rewrite_rules) > 0){
- $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
- } else {
+ $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ }
+
+ //* Add vhost for IPv6 IP
+ if($data['new']['ipv6_address'] != '') {
+ if ($conf['serverconfig']['web']['vhost_rewrite_v6'] == 'y') {
+ if (isset($conf['serverconfig']['server']['v6_prefix']) && $conf['serverconfig']['server']['v6_prefix'] <> '') {
+ $explode_v6prefix=explode(':',$conf['serverconfig']['server']['v6_prefix']);
+ $explode_v6=explode(':',$data['new']['ipv6_address']);
+
+ for ( $i = 0; $i <= count($explode_v6prefix)-3; $i++ ) {
+ $explode_v6[$i] = $explode_v6prefix[$i];
+ }
+ $data['new']['ipv6_address'] = implode(':',$explode_v6);
+ }
+ }
+ if(count($rewrite_rules) > 0){
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
+ } else {
$vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
}
@@ -1505,7 +1536,7 @@
exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
//* remove mountpoint from fstab
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
$app->system->removeLine('/etc/fstab',$fstab_line);
if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['parent_domain_id'] > 0) {
@@ -1545,8 +1576,63 @@
if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain') {
$docroot = escapeshellcmd($data['old']['document_root']);
if($docroot != '' && !stristr($docroot,'..')) {
- if($data['old']['type'] == 'vhost') exec('rm -rf '.$docroot);
- elseif(!stristr($data['old']['web_folder'], '..')) exec('rm -rf '.$docroot.'/'.$web_folder);
+ if($data['old']['type'] == 'vhost') {
+ // this is a vhost - we delete everything in here.
+ exec('rm -rf '.$docroot);
+ } elseif(!stristr($data['old']['web_folder'], '..')) {
+ // this is a vhost subdomain
+ // IMPORTANT: do some folder checks before we delete this!
+ $do_delete = true;
+ $delete_folder = preg_replace('/[\/]{2,}/', '/', $web_folder); // replace / occuring multiple times
+ if(substr($delete_folder, 0, 1) === '/') $delete_folder = substr($delete_folder, 1);
+ if(substr($delete_folder, -1) === '/') $delete_folder = substr($delete_folder, 0, -1);
+
+ $path_elements = explode('/', $delete_folder);
+
+ if($path_elements[0] == 'web' || $path_elements[0] === '') {
+ // paths beginning with /web should NEVER EVER be deleted, empty paths should NEVER occur - but for safety reasons we check it here!
+ // we use strict check as otherwise directories named '0' may not be deleted
+ $do_delete = false;
+ } else {
+ // read all vhost subdomains with same parent domain
+ $used_paths = array();
+ $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE type = 'vhostsubdomain' AND parent_domain_id = ".intval($data['old']['parent_domain_id'])." AND domain_id != ".intval($data['old']['domain_id']));
+ foreach($tmp as $tmprec) {
+ // we normalize the folder entries because we need to compare them
+ $tmp_folder = preg_replace('/[\/]{2,}/', '/', $tmprec['web_folder']); // replace / occuring multiple times
+ if(substr($tmp_folder, 0, 1) === '/') $tmp_folder = substr($tmp_folder, 1);
+ if(substr($tmp_folder, -1) === '/') $tmp_folder = substr($tmp_folder, 0, -1);
+
+ // add this path and it's parent paths to used_paths array
+ while(strpos($tmp_folder, '/') !== false) {
+ if(in_array($tmp_folder, $used_paths) == false) $used_paths[] = $tmp_folder;
+ $tmp_folder = substr($tmp_folder, 0, strrpos($tmp_folder, '/'));
+ }
+ if(in_array($tmp_folder, $used_paths) == false) $used_paths[] = $tmp_folder;
+ }
+ unset($tmp);
+
+ // loop and check if the path is still used and stop at first used one
+ // set do_delete to false so nothing gets deleted if the web_folder itself is still used
+ $do_delete = false;
+ while(count($path_elements) > 0) {
+ $tmp_folder = implode('/', $path_elements);
+ if(in_array($tmp_folder, $used_paths) == true) break;
+
+ // this path is not used - set it as path to delete, strip the last element from the array and set do_delete to true
+ $delete_folder = $tmp_folder;
+ $do_delete = true;
+ array_pop($path_elements);
+ }
+ unset($tmp_folder);
+ unset($used_paths);
+ }
+
+ if($do_delete === true && $delete_folder !== '') exec('rm -rf '.$docroot.'/'.$delete_folder);
+
+ unset($delete_folder);
+ unset($path_elements);
+ }
}
//remove the php fastgi starter script if available
--
Gitblit v1.9.1