From c5c7a913f16f5ddbf4ff44d6db7bdfcd650cecaa Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 20 Apr 2016 10:43:31 -0400
Subject: [PATCH] Merge branch 'stable-3.1' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.1

---
 server/plugins-available/apache2_plugin.inc.php |  134 +++++++++++++++++++++++++++-----------------
 1 files changed, 82 insertions(+), 52 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index b076ca9..9068509 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -91,8 +91,52 @@
 		$app->plugins->registerAction('php_ini_changed', $this->plugin_name, 'php_ini_changed');
 	}
 
-	// check for php.ini changes
-
+	private function get_master_php_ini_content($web_data) {
+		global $app, $conf;
+		
+		$app->uses('getconf');
+		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+		$fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');
+		
+		$php_ini_content = '';
+		$master_php_ini_path = '';
+		
+		if($web_data['php'] == 'mod') {
+			$master_php_ini_path = $web_config['php_ini_path_apache'];
+		} else {
+			// check for custom php
+			if($web_data['fastcgi_php_version'] != '') {
+				$tmp = explode(':', $web_data['fastcgi_php_version']);
+				if(isset($tmp[2])) {
+					$tmppath = $tmp[2];
+					if(substr($tmppath, -7) != 'php.ini') {
+						if(substr($tmppath, -1) != '/') $tmppath .= '/';
+						$tmppath .= 'php.ini';
+					}
+					if(file_exists($tmppath)) {
+						$master_php_ini_path = $tmppath;
+					}
+					unset($tmppath);
+				}
+				unset($tmp);
+			}
+			
+			if(!$master_php_ini_path) {
+				if($web_data['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {
+					$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
+				} elseif($web_data['php'] == 'php-fpm' && file_exists($web_config['php_fpm_ini_path'])) {
+					$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
+				} else {
+					$master_php_ini_path = $web_config['php_ini_path_cgi'];
+				}
+			}
+		}
+		if($master_php_ini_path != '' && substr($master_php_ini_path, -7) == 'php.ini' && is_file($master_php_ini_path)) {
+			$php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
+		}
+		
+		return $php_ini_content;
+	}
 
 	// Handle php.ini changes
 	function php_ini_changed($event_name, $data) {
@@ -145,22 +189,10 @@
 				$custom_php_ini_dir .= '_' . $web_folder;
 			}
 			if(!is_dir($web_config['website_basedir'].'/conf')) $app->system->mkdir($web_config['website_basedir'].'/conf');
-
-
+			
 			if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
-			$php_ini_content = '';
-			if($web_data['php'] == 'mod') {
-				$master_php_ini_path = $web_config['php_ini_path_apache'];
-			} else {
-				if($web_data['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {
-					$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
-				} else {
-					$master_php_ini_path = $web_config['php_ini_path_cgi'];
-				}
-			}
-			if($master_php_ini_path != '' && substr($master_php_ini_path, -7) == 'php.ini' && is_file($master_php_ini_path)) {
-				$php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
-			}
+			
+			$php_ini_content = $this->get_master_php_ini_content($web_data);
 			
 			if(intval($web_data['directive_snippets_id']) > 0){
 				$snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($web_data['directive_snippets_id']));
@@ -336,6 +368,22 @@
 			/* Update also the master-DB of the Server-Farm */
 			$app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
 			$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+		}
+		
+		//* Check that the SSL key is not password protected
+		if($data["new"]["ssl_action"] == 'save') {
+			if(stristr($data["new"]["ssl_key"],'Proc-Type: 4,ENCRYPTED')) {
+				$data["new"]["ssl_action"] = '';
+			
+				$app->log('SSL Certificate not saved. The SSL key is encrypted.', LOGLEVEL_WARN);
+				$app->dbmaster->datalogError('SSL Certificate not saved. The SSL key is encrypted.');
+			
+				/* Update the DB of the (local) Server */
+				$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+
+				/* Update also the master-DB of the Server-Farm */
+				$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+			}
 		}
 
 		//* Save a SSL certificate to disk
@@ -1009,32 +1057,8 @@
 		if(trim($data['new']['custom_php_ini']) != '') {
 			$has_custom_php_ini = true;
 			if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);
-			$php_ini_content = '';
-			if($data['new']['php'] == 'mod') {
-				$master_php_ini_path = $web_config['php_ini_path_apache'];
-			} else {
-				if($data["new"]['php'] == 'fast-cgi') {
-					if(trim($data['new']['fastcgi_php_version']) != '' && file_exists($custom_fastcgi_php_ini_dir)){
-						$master_php_ini_path = $custom_fastcgi_php_ini_dir;
-					} elseif(file_exists($fastcgi_config["fastcgi_phpini_path"])){
-						$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
-					} else {
-						$master_php_ini_path = $web_config['php_ini_path_cgi'];
-					}
-				} else {
-					$master_php_ini_path = $web_config['php_ini_path_cgi'];
-				}
-			}
-
-			//* Add php.ini to the path in case that the master_php_ini_path is a directory
-			if($master_php_ini_path != '' && is_dir($master_php_ini_path) && is_file($master_php_ini_path.'/php.ini')) {
-				if(substr($master_php_ini_path, -1) == '/') $master_php_ini_path = substr($master_php_ini_path, 0, -1);
-				$master_php_ini_path .= '/php.ini';
-			}
-
-			if($master_php_ini_path != '' && substr($master_php_ini_path, -7) == 'php.ini' && is_file($master_php_ini_path)) {
-				$php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
-			}
+			
+			$php_ini_content = $this->get_master_php_ini_content($data['new']);
 			$php_ini_content .= str_replace("\r", '', trim($data['new']['custom_php_ini']));
 			
 			if(intval($data['new']['directive_snippets_id']) > 0){
@@ -1119,14 +1143,7 @@
 		}
 		*/
 
-		//* Generate Let's Encrypt SSL certificat
-		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
-			($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
-			|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
-			|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
-			|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
-			|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
-		)) {
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
 			if(substr($domain, 0, 2) === '*.') {
 				// wildcard domain not yet supported by letsencrypt!
 				$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
@@ -1135,7 +1152,16 @@
 			
 			$data['new']['ssl_domain'] = $domain;
 			$vhost_data['ssl_domain'] = $domain;
+		}
 
+		//* Generate Let's Encrypt SSL certificat
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+			($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+			|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+			|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+			|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+			|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
+		)) {
 			// default values
 			$temp_domains = array();
 			$lddomain = $domain;
@@ -3136,6 +3162,7 @@
 			}
 		}
 		
+		$custom_session_save_path = false;
 		if($custom_php_ini_settings != ''){
 			// Make sure we only have Unix linebreaks
 			$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
@@ -3151,6 +3178,7 @@
 					$value = trim($value);
 					if($value != ''){
 						$key = trim($key);
+						if($key == 'session.save_path') $custom_session_save_path = true;
 						switch (strtolower($value)) {
 						case '0':
 							// PHP-FPM might complain about invalid boolean value if you use 0
@@ -3171,7 +3199,9 @@
 				}
 			}
 		}
-
+		
+		$tpl->setVar('custom_session_save_path', ($custom_session_save_path ? 'y' : 'n'));
+		
 		$tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
 
 		$app->system->file_put_contents($pool_dir.$pool_name.'.conf', $tpl->grab());

--
Gitblit v1.9.1