From d65eaaf5960c525976ddcb8af32e3aa347f1a5b0 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Sat, 16 Jun 2012 13:44:25 -0400
Subject: [PATCH] Bugfix: remoting lib field validation "ISINT" differed from tform validation and leads to 0 values treated as invalid Bugfix: remoting lib did include_once instead of include at form definition files, that leads to malfunction when using multiple definition files at importing and actions like that

---
 server/plugins-available/apache2_plugin.inc.php |   48 +++++++++++++++++++++++++++++++++++++++---------
 1 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 30eecfe..c441a6a 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -85,6 +85,8 @@
 		$app->plugins->registerEvent('web_folder_update',$this->plugin_name,'web_folder_update');
 		$app->plugins->registerEvent('web_folder_delete',$this->plugin_name,'web_folder_delete');
 		
+		$app->plugins->registerEvent('ftp_user_delete',$this->plugin_name,'ftp_user_delete');
+		
 	}
 
 	// Handle the creation of SSL certificates
@@ -364,6 +366,9 @@
 					}
 				}
 			}
+			
+			//* Remove protection of old folders
+			$app->system->web_folder_protection($data['old']['document_root'],false);
 
 			//* Move the site data
 			$tmp_docroot = explode('/',$data['new']['document_root']);
@@ -412,7 +417,7 @@
 		if(!is_dir($data['new']['document_root'].'/ssl')) exec('mkdir -p '.$data['new']['document_root'].'/ssl');
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) exec('mkdir -p '.$data['new']['document_root'].'/cgi-bin');
 		if(!is_dir($data['new']['document_root'].'/tmp')) exec('mkdir -p '.$data['new']['document_root'].'/tmp');
-
+		
 		// Remove the symlink for the site, if site is renamed
 		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
 			if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/httpd/'.$data['old']['domain']);
@@ -591,10 +596,11 @@
 			}
 		}
 
-
-
 		//* If the security level is set to high
 		if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
+			
+			$app->system->web_folder_protection($data['new']['document_root'],false);
+			
 			if($web_config['security_level'] == 20) {
 
 				$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
@@ -642,9 +648,10 @@
 				* website root has to be owned by the root user and we have to chmod it to 755 then
 				*/
 
-				//* Check if there is a jailkit user for this site
+				//* Check if there is a jailkit user or cronjob for this site
 				$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
-				if($tmp['number'] > 0) {
+				$tmp2 = $app->db->queryOneRecord('SELECT count(id) as number FROM cron WHERE parent_domain_id = '.$data['new']['domain_id']." AND `type` = 'chrooted'");
+				if($tmp['number'] > 0 || $tmp2['number'] > 0) {
 					$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
 					$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
 				}
@@ -670,15 +677,24 @@
 				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
 			}
 		}
+		
+		//* Protect web folders
+		$app->system->web_folder_protection($data['new']['document_root'],true);
 
 		// Change the ownership of the error log to the owner of the website
 		if(!@is_file($data['new']['document_root'].'/log/error.log')) exec('touch '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
 		$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
 
 
-		//* Write the custom php.ini file, if custom_php_ini filed is not empty
+		//* Write the custom php.ini file, if custom_php_ini fieled is not empty
 		$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
 		if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
+		
+		//* add open_basedir restriction to custom php.ini content, required for suphp only
+		if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
+			$data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
+		}
+		//* Create custom php.ini
 		if(trim($data['new']['custom_php_ini']) != '') {
 			$has_custom_php_ini = true;
 			if(!is_dir($custom_php_ini_dir)) mkdir($custom_php_ini_dir);
@@ -1208,7 +1224,9 @@
 		if(!is_file($data['new']['document_root'].'/.htpasswd_stats') || $data['new']['stats_password'] != $data['old']['stats_password']) {
 			if(trim($data['new']['stats_password']) != '') {
 				$htp_file = 'admin:'.trim($data['new']['stats_password']);
+				$app->system->web_folder_protection($data['new']['document_root'],false);
 				file_put_contents($data['new']['document_root'].'/.htpasswd_stats',$htp_file);
+				$app->system->web_folder_protection($data['new']['document_root'],true);
 				chmod($data['new']['document_root'].'/.htpasswd_stats',0755);
 				unset($htp_file);
 			}
@@ -1271,6 +1289,8 @@
 		// load the server configuration options
 		$app->uses('getconf');
 		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+		
+		$app->system->web_folder_protection($data['new']['document_root'],false);
 
 		//* Check if this is a chrooted setup
 		if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1644,6 +1664,16 @@
 		
 		
 	}
+	
+	public function ftp_user_delete($event_name,$data) {
+		global $app, $conf;
+		
+		$ftpquota_file = $data['old']['dir'].'/.ftpquota';
+		if(file_exists($ftpquota_file)) unlink($ftpquota_file);
+		
+	}
+	
+	
 
 	/**
 	 * This function is called when a Webdav-User is inserted, updated or deleted.
@@ -2048,12 +2078,12 @@
 							$value = escapeshellcmd(trim($value));
 							$key = escapeshellcmd(trim($key));
 							switch (strtolower($value)) {
-								case 'on':
-								case 'off':
-								case '1':
 								case '0':
 									// PHP-FPM might complain about invalid boolean value if you use 0
 									$value = 'off';
+								case '1':
+								case 'on':
+								case 'off':
 								case 'true':
 								case 'false':
 								case 'yes':

--
Gitblit v1.9.1