From cc99cdff8ff86b3fbe8eb4261bfaddb86fbec3ec Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Fri, 19 Oct 2012 07:49:52 -0400
Subject: [PATCH] - Improved cron and ssh user plugins. - Added "touch" function to system.inc.php
---
server/plugins-available/apache2_plugin.inc.php | 237 ++++++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 171 insertions(+), 66 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index ce9b8df..182a738 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -115,8 +115,8 @@
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
- //* Create a SSL Certificate
- if($data['new']['ssl_action'] == 'create') {
+ //* Create a SSL Certificate, but only if this is not a mirror server.
+ if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {
$this->ssl_certificate_changed = true;
@@ -884,26 +884,30 @@
switch($data['new']['subdomain']) {
case 'www':
- $rewrite_rules[] = array( 'rewrite_domain' => '^'.$data['new']['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
- $rewrite_rules[] = array( 'rewrite_domain' => '^www.'.$data['new']['domain'],
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ $rewrite_rules[] = array( 'rewrite_domain' => '^' . $this->_rewrite_quote('www.'.$data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
break;
case '*':
- $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$data['new']['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
break;
default:
- $rewrite_rules[] = array( 'rewrite_domain' => '^'.$data['new']['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
}
}
@@ -920,7 +924,7 @@
unset($client);
unset($aa_search);
unset($aa_replace);
- $server_alias[] .= $auto_alias;
+ $server_alias[] .= $auto_alias.' ';
}
// get alias domains (co-domains and subdomains)
@@ -965,26 +969,32 @@
switch($alias['subdomain']) {
case 'www':
- $rewrite_rules[] = array( 'rewrite_domain' => '^'.$alias['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '^'.$this->_rewrite_quote($alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
- $rewrite_rules[] = array( 'rewrite_domain' => '^www.'.$alias['domain'],
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ $rewrite_rules[] = array( 'rewrite_domain' => '^' . $this->_rewrite_quote('www.'.$alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
break;
case '*':
- $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$alias['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
break;
default:
- $rewrite_rules[] = array( 'rewrite_domain' => '^'.$alias['domain'],
+ if(substr($alias['domain'], 0, 2) === '*.') $domain_rule = '(^|\.)'.$this->_rewrite_quote(substr($alias['domain'], 2));
+ else $domain_rule = '^'.$this->_rewrite_quote($alias['domain']);
+ $rewrite_rules[] = array( 'rewrite_domain' => $domain_rule,
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
- 'rewrite_target_ssl' => $rewrite_target_ssl);
+ 'rewrite_target_ssl' => $rewrite_target_ssl,
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
}
}
}
@@ -1344,7 +1354,7 @@
$app->system->web_folder_protection($data['new']['document_root'],false);
$app->system->file_put_contents($data['new']['document_root'].'/.htpasswd_stats',$htp_file);
$app->system->web_folder_protection($data['new']['document_root'],true);
- $app->system->chmod($data['new']['document_root'].'/.htpasswd_stats',0755);
+ $app->system->chmod($data['new']['document_root'].'/.htpasswd_stats',0750);
unset($htp_file);
}
}
@@ -1463,15 +1473,16 @@
//* Remove the mounts
$log_folder = 'log';
+ $web_folder = '';
if($data['old']['type'] == 'vhostsubdomain') {
- $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
+ $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));
$subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);
if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];
$web_folder = $data['old']['web_folder'];
$log_folder .= '/' . $subdomain_host;
unset($tmp);
- }
-
+ }
+
exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
//* remove mountpoint from fstab
@@ -1512,9 +1523,12 @@
$app->system->unlink($vhost_file);
$app->log('Removing vhost file: '.$vhost_file,LOGLEVEL_DEBUG);
- if($data['old']['type'] == 'vhost') {
+ if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain') {
$docroot = escapeshellcmd($data['old']['document_root']);
- if($docroot != '' && !stristr($docroot,'..')) exec('rm -rf '.$docroot);
+ if($docroot != '' && !stristr($docroot,'..')) {
+ if($data['old']['type'] == 'vhost') exec('rm -rf '.$docroot);
+ elseif(!stristr($data['old']['web_folder'], '..')) exec('rm -rf '.$docroot.'/'.$web_folder);
+ }
//remove the php fastgi starter script if available
if ($data['old']['php'] == 'fast-cgi') {
@@ -1575,8 +1589,6 @@
}
}
// end removing symlinks
- } else {
- // vhost subdomain
}
// Delete the log file directory
@@ -1598,6 +1610,10 @@
$this->awstats_delete($data,$web_config);
}
+ if($data['old']['type'] == 'vhostsubdomain') {
+ $app->system->web_folder_protection($parent_web_document_root,true);
+ }
+
if($apache_chrooted) {
$app->services->restartServiceDelayed('httpd','restart');
} else {
@@ -1606,6 +1622,7 @@
}
}
+ if($data['old']['type'] != 'vhost') $app->system->web_folder_protection($data['old']['document_root'],true);
}
//* This function is called when a IP on the server is inserted, updated or deleted
@@ -1698,8 +1715,8 @@
//* Create empty .htpasswd file, if it does not exist
if(!is_file($folder_path.'.htpasswd')) {
- touch($folder_path.'.htpasswd');
- $app->system->chmod($folder_path.'.htpasswd',0755);
+ $app->system->touch($folder_path.'.htpasswd');
+ $app->system->chmod($folder_path.'.htpasswd',0750);
$app->system->chown($folder_path.'.htpasswd',$website['system_user']);
$app->system->chgrp($folder_path.'.htpasswd',$website['system_group']);
$app->log('Created file '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
@@ -1737,12 +1754,26 @@
//* Create the .htaccess file
//if(!is_file($folder_path.'.htaccess')) {
- $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user";
- $app->system->file_put_contents($folder_path.'.htaccess',$ht_file);
- $app->system->chmod($folder_path.'.htaccess',0755);
+ $begin_marker = '### ISPConfig folder protection begin ###';
+ $end_marker = "### ISPConfig folder protection end ###\n\n";
+ $ht_file = $begin_marker."\nAuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user\n".$end_marker;
+
+ if(file_exists($folder_path.'.htaccess')) {
+ $old_content = $app->system->file_get_contents($folder_path.'.htaccess');
+
+ if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $old_content, $matches)) {
+ $ht_file = str_replace($matches[0], $ht_file, $old_content);
+ } else {
+ $ht_file .= $old_content;
+ }
+ }
+ unset($old_content);
+
+ $app->system->file_put_contents($folder_path.'.htaccess',$ht_file);
+ $app->system->chmod($folder_path.'.htaccess',0750);
$app->system->chown($folder_path.'.htaccess',$website['system_user']);
$app->system->chgrp($folder_path.'.htaccess',$website['system_group']);
- $app->log('Created file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ $app->log('Created/modified file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
//}
}
@@ -1784,8 +1815,24 @@
//* Remove .htaccess file
if(is_file($folder_path.'.htaccess')) {
- $app->system->unlink($folder_path.'.htaccess');
- $app->log('Removed file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ $begin_marker = '### ISPConfig folder protection begin ###';
+ $end_marker = "### ISPConfig folder protection end ###\n\n";
+
+ $ht_file = $app->system->file_get_contents($folder_path.'.htaccess');
+
+ if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $ht_file, $matches)) {
+ $ht_file = str_replace($matches[0], '', $ht_file);
+ } else {
+ $ht_file = str_replace("AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user", '', $ht_file);
+ }
+
+ if(trim($ht_file) == '') {
+ $app->system->unlink($folder_path.'.htaccess');
+ $app->log('Removed file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ } else {
+ $app->system->file_put_contents($folder_path.'.htaccess', $ht_file);
+ $app->log('Removed protection content from file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ }
}
}
@@ -1837,6 +1884,9 @@
//* Create the folder path, if it does not exist
if(!is_dir($new_folder_path)) $app->system->mkdirpath($new_folder_path);
+ $begin_marker = '### ISPConfig folder protection begin ###';
+ $end_marker = "### ISPConfig folder protection end ###\n\n";
+
if($data['old']['path'] != $data['new']['path']) {
@@ -1848,26 +1898,63 @@
//* delete old .htaccess file
if(is_file($old_folder_path.'.htaccess')) {
- $app->system->unlink($old_folder_path.'.htaccess');
- $app->log('Deleted file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ $ht_file = $app->system->file_get_contents($old_folder_path.'.htaccess');
+
+ if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $ht_file, $matches)) {
+ $ht_file = str_replace($matches[0], '', $ht_file);
+ } else {
+ $ht_file = str_replace("AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$old_folder_path.".htpasswd\nrequire valid-user", '', $ht_file);
+ }
+
+ if(trim($ht_file) == '') {
+ $app->system->unlink($old_folder_path.'.htaccess');
+ $app->log('Removed file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ } else {
+ $app->system->file_put_contents($old_folder_path.'.htaccess', $ht_file);
+ $app->log('Removed protection content from file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ }
}
}
//* Create the .htaccess file
if($data['new']['active'] == 'y') {
- $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user";
- $app->system->file_put_contents($new_folder_path.'.htaccess',$ht_file);
- $app->system->chmod($new_folder_path.'.htpasswd',0755);
- $app->system->chown($folder_path.'.htpasswd',$website['system_user']);
- $app->system->chgrp($folder_path.'.htpasswd',$website['system_group']);
- $app->log('Created file '.$new_folder_path.'.htpasswd',LOGLEVEL_DEBUG);
+ $ht_file = $begin_marker."\nAuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user\n".$end_marker;
+
+ if(file_exists($new_folder_path.'.htaccess')) {
+ $old_content = $app->system->file_get_contents($new_folder_path.'.htaccess');
+
+ if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $old_content, $matches)) {
+ $ht_file = str_replace($matches[0], $ht_file, $old_content);
+ } else {
+ $ht_file .= $old_content;
+ }
+ }
+
+ $app->system->file_put_contents($new_folder_path.'.htaccess',$ht_file);
+ $app->system->chmod($new_folder_path.'.htaccess',0750);
+ $app->system->chown($new_folder_path.'.htaccess',$website['system_user']);
+ $app->system->chgrp($new_folder_path.'.htaccess',$website['system_group']);
+ $app->log('Created/modified file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
}
//* Remove .htaccess file
if($data['new']['active'] == 'n' && is_file($new_folder_path.'.htaccess')) {
- $app->system->unlink($new_folder_path.'.htaccess');
- $app->log('Removed file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ $ht_file = $app->system->file_get_contents($new_folder_path.'.htaccess');
+
+ if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $ht_file, $matches)) {
+ $ht_file = str_replace($matches[0], '', $ht_file);
+ } else {
+ $ht_file = str_replace("AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user", '', $ht_file);
+ }
+
+ if(trim($ht_file) == '') {
+ $app->system->unlink($new_folder_path.'.htaccess');
+ $app->log('Removed file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ } else {
+ $app->system->file_put_contents($new_folder_path.'.htaccess', $ht_file);
+ $app->log('Removed protection content from file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ }
}
@@ -2031,6 +2118,8 @@
* @param string $pwd The password-hash of the user
*/
private function _writeHtDigestFile($filename, $username, $authname, $pwdhash ) {
+ global $app;
+
$changed = false;
if(is_file($filename) && !is_link($filename)) {
$in = fopen($filename, 'r');
@@ -2184,7 +2273,11 @@
}
if(is_file($data['new']['document_root']."/" . $web_folder . "/stats/index.html")) $app->system->unlink($data['new']['document_root']."/" . $web_folder . "/stats/index.html");
- $app->system->copy("/usr/local/ispconfig/server/conf/awstats_index.php.master",$data['new']['document_root']."/" . $web_folder . "/stats/index.php");
+ if(file_exists("/usr/local/ispconfig/server/conf-custom/awstats_index.php.master")) {
+ $app->system->copy("/usr/local/ispconfig/server/conf-custom/awstats_index.php.master",$data['new']['document_root']."/" . $web_folder . "/stats/index.php");
+ } else {
+ $app->system->copy("/usr/local/ispconfig/server/conf/awstats_index.php.master",$data['new']['document_root']."/" . $web_folder . "/stats/index.php");
+ }
}
//* Delete the awstats configuration file
@@ -2290,27 +2383,31 @@
$ini_settings = explode("\n", $custom_php_ini_settings);
if(is_array($ini_settings) && !empty($ini_settings)){
foreach($ini_settings as $ini_setting){
- list($key, $value) = explode('=', $ini_setting);
- if($value){
- $value = escapeshellcmd(trim($value));
- $key = escapeshellcmd(trim($key));
- switch (strtolower($value)) {
- case '0':
- // PHP-FPM might complain about invalid boolean value if you use 0
- $value = 'off';
- case '1':
- case 'on':
- case 'off':
- case 'true':
- case 'false':
- case 'yes':
- case 'no':
- $final_php_ini_settings[] = array('ini_setting' => 'php_admin_flag['.$key.'] = '.$value);
- break;
- default:
- $final_php_ini_settings[] = array('ini_setting' => 'php_admin_value['.$key.'] = '.$value);
- }
+ $ini_setting = trim($ini_setting);
+ if(substr($ini_setting,0,1) == ';') continue;
+ if(substr($ini_setting,0,1) == '#') continue;
+ if(substr($ini_setting,0,2) == '//') continue;
+ list($key, $value) = explode('=', $ini_setting);
+ if($value){
+ $value = trim($value);
+ $key = trim($key);
+ switch (strtolower($value)) {
+ case '0':
+ // PHP-FPM might complain about invalid boolean value if you use 0
+ $value = 'off';
+ case '1':
+ case 'on':
+ case 'off':
+ case 'true':
+ case 'false':
+ case 'yes':
+ case 'no':
+ $final_php_ini_settings[] = array('ini_setting' => 'php_admin_flag['.$key.'] = '.$value);
+ break;
+ default:
+ $final_php_ini_settings[] = array('ini_setting' => 'php_admin_value['.$key.'] = '.$value);
}
+ }
}
}
}
@@ -2484,6 +2581,14 @@
return symlink($cfrom, $to);
}
+ private function _rewrite_quote($string) {
+ return str_replace(array('.', '*', '?', '+'), array('\\.', '\\*', '\\?', '\\+'), $string);
+ }
+
+ private function _is_url($string) {
+ return preg_match('/^(f|ht)tp(s)?:\/\//i', $string);
+ }
+
} // end class
?>
--
Gitblit v1.9.1