From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.
---
install/lib/update.lib.php | 110 +++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 87 insertions(+), 23 deletions(-)
diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index cf4809f..9feffa3 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -33,20 +33,20 @@
//** load the pre update sql script do perform modifications on the database before the database is dumped
if(is_file(ISPC_INSTALL_ROOT."/install/sql/pre_update.sql")) {
if($conf['mysql']['admin_password'] == '') {
- caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['mysql']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/pre_update.sql' &> /dev/null", __FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
+ caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/pre_update.sql' &> /dev/null", __FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
} else {
- caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' '".$conf['mysql']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/pre_update.sql' &> /dev/null", __FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
+ caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/pre_update.sql' &> /dev/null", __FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
}
}
//** export the current database data
if( !empty($conf["mysql"]["admin_password"]) ) {
- system("mysqldump -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
+ system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
}
else {
- system("mysqldump -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
+ system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
}
/*
@@ -56,7 +56,11 @@
//if(filesize('existing_db.sql') < 30000) die('Possible problem with dumping the database. We will stop here. Please check the file existing_db.sql');
// create a backup copy of the ispconfig database in the root folder
- $backup_db_name = '/root/ispconfig_db_backup_'.@date('Y-m-d_h-i').'.sql';
+ if(isset($conf['backup_path'])) {
+ $backup_db_name = $conf['backup_path'].'/ispconfig_db_backup.sql';
+ } else {
+ $backup_db_name = '/root/ispconfig_db_backup_'.@date('Y-m-d_H-i').'.sql';
+ }
copy('existing_db.sql',$backup_db_name);
chmod($backup_db_name, 0700);
chown($backup_db_name, 'root');
@@ -65,9 +69,9 @@
if ($conf['powerdns']['installed']) {
//** export the current PowerDNS database data
if( !empty($conf["mysql"]["admin_password"]) ) {
- system("mysqldump -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' -c -t --add-drop-table --create-options --quick --result-file=existing_powerdns_db.sql ".$conf['powerdns']['database']);
+ system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." -c -t --add-drop-table --create-options --quick --result-file=existing_powerdns_db.sql ".$conf['powerdns']['database']);
} else {
- system("mysqldump -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -c -t --add-drop-table --create-options --quick --result-file=existing_powerdns_db.sql ".$conf['powerdns']['database']);
+ system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -c -t --add-drop-table --create-options --quick --result-file=existing_powerdns_db.sql ".$conf['powerdns']['database']);
}
// create a backup copy of the PowerDNS database in the root folder
@@ -79,6 +83,32 @@
}
}
+function checkDbHealth() {
+ global $conf;
+
+ //* Array containing non OK tables (can be repaired, crashed, corrupt)
+ $notok = array();
+
+ echo "Checking ISPConfig database .. ";
+ exec("mysqlcheck -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." -r ".escapeshellarg($conf["mysql"]["database"]), $result);
+ for( $i=0; $i<sizeof($result);$i++) {
+ if ( substr($result[$i], -2) != "OK" ) {
+ $notok[] = $result[$i];
+ }
+ }
+
+ if ( sizeof($notok) > 0 ) {
+ echo "\nSome tables where not 'OK'. Please check the list below.\n\n";
+ foreach ($notok as $key => $value) {
+ echo "$value\n";
+ }
+ echo "\nPress enter to continue or CTRL-C to cancel the installation ..";
+ sread();
+ }
+ else
+ echo "OK\n";
+}
+
function updateDbAndIni() {
global $inst, $conf;
@@ -87,7 +117,7 @@
$ini_array = ini_to_array(stripslashes($tmp['config']));
$current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0;
- if(count($ini_array) == 0) die('Unable to read server configuration from database.');
+ if(!is_array($ini_array) or count($ini_array) == 0) die('Unable to read server configuration from database.');
$conf['services']['mail'] = ($tmp['mail_server'] == 1)?true:false;
$conf['services']['web'] = ($tmp['web_server'] == 1)?true:false;
@@ -99,6 +129,18 @@
$conf['services']['firewall'] = (isset($tmp['firewall_server']) && $tmp['firewall_server'] == 1)?true:false;
$conf['postfix']['vmail_mailbox_base'] = $ini_array['mail']['homedir_path'];
+
+ if(isset($ini_array['web']['server_type']) && $ini_array['web']['server_type'] != ''){
+ $conf['webserver']['server_type'] = $ini_array['web']['server_type'];
+ if($conf['webserver']['server_type'] == 'nginx'){
+ $conf['apache']['installed'] = false;
+ } else {
+ $conf['nginx']['installed'] = false;
+ }
+ } else {
+ $conf['webserver']['server_type'] = 'apache';
+ $conf['nginx']['installed'] = false;
+ }
//* Do incremental DB updates only on installed ISPConfig versions > 3.0.3
if(compare_ispconfig_version('3.0.3',ISPC_APP_VERSION) >= 0) {
@@ -113,9 +155,9 @@
if(is_file($patch_filename)) {
//* Load patch file into database
if( !empty($conf["mysql"]["admin_password"]) ) {
- system("mysql --default-character-set=".$conf['mysql']['charset']." --force -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' ".$conf['mysql']['database']." < ".$patch_filename);
+ system("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." --force -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['mysql']['database'])." < ".$patch_filename);
} else {
- system("mysql --default-character-set=".$conf['mysql']['charset']." --force -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' ".$conf['mysql']['database']." < ".$patch_filename);
+ system("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." --force -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['mysql']['database'])." < ".$patch_filename);
}
swriteln($inst->lng('Loading SQL patch file').': '.$patch_filename);
$current_db_version = $next_db_version;
@@ -126,6 +168,7 @@
//* update the database version in server table
$inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
//* If ISPConfig Version < 3.0.3, we will do a full db update
@@ -150,9 +193,9 @@
//** load old data back into database
if( !empty($conf["mysql"]["admin_password"]) ) {
- system("mysql --default-character-set=".$conf['mysql']['charset']." --force -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' ".$conf['mysql']['database']." < existing_db.sql");
+ system("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." --force -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['mysql']['database'])." < existing_db.sql");
} else {
- system("mysql --default-character-set=".$conf['mysql']['charset']." --force -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' ".$conf['mysql']['database']." < existing_db.sql");
+ system("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." --force -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['mysql']['database'])." < existing_db.sql");
}
//** Get the database version number based on the patchfile
@@ -169,6 +212,7 @@
//* update the database version in server table
$inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);
if ($conf['powerdns']['installed']) {
@@ -184,24 +228,22 @@
//** load old data back into the PowerDNS database
if( !empty($conf["mysql"]["admin_password"]) ) {
- system("mysql --default-character-set=".$conf['mysql']['charset']." --force -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' ".$conf['powerdns']['database']." < existing_powerdns_db.sql");
+ system("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." --force -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['powerdns']['database'])." < existing_powerdns_db.sql");
} else {
- system("mysql --default-character-set=".$conf['mysql']['charset']." --force -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' ".$conf['powerdns']['database']." < existing_powerdns_db.sql");
+ system("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." --force -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['powerdns']['database'])." < existing_powerdns_db.sql");
}
}
}
//** Update server ini
- $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
//* Update further distribution specific parameters for server config here
//* HINT: Every line added here has to be added in installer_base.lib.php too!!
- $tpl_ini_array['web']['vhost_conf_dir'] = $conf['apache']['vhost_conf_dir'];
- $tpl_ini_array['web']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_enabled_dir'];
$tpl_ini_array['jailkit']['jailkit_chroot_app_programs'] = $conf['jailkit']['jailkit_chroot_app_programs'];
$tpl_ini_array['fastcgi']['fastcgi_phpini_path'] = $conf['fastcgi']['fastcgi_phpini_path'];
$tpl_ini_array['fastcgi']['fastcgi_starter_path'] = $conf['fastcgi']['fastcgi_starter_path'];
@@ -223,8 +265,24 @@
$tpl_ini_array['dns']['bind_zonefiles_dir'] = $conf['bind']['bind_zonefiles_dir'];
$tpl_ini_array['dns']['named_conf_path'] = $conf['bind']['named_conf_path'];
$tpl_ini_array['dns']['named_conf_local_path'] = $conf['bind']['named_conf_local_path'];
+
+ $tpl_ini_array['web']['nginx_vhost_conf_dir'] = $conf['nginx']['vhost_conf_dir'];
+ $tpl_ini_array['web']['nginx_vhost_conf_enabled_dir'] = $conf['nginx']['vhost_conf_enabled_dir'];
+ $tpl_ini_array['web']['nginx_user'] = $conf['nginx']['user'];
+ $tpl_ini_array['web']['nginx_group'] = $conf['nginx']['group'];
+ $tpl_ini_array['web']['nginx_cgi_socket'] = $conf['nginx']['cgi_socket'];
+ $tpl_ini_array['web']['php_fpm_init_script'] = $conf['nginx']['php_fpm_init_script'];
+ $tpl_ini_array['web']['php_fpm_ini_path'] = $conf['nginx']['php_fpm_ini_path'];
+ $tpl_ini_array['web']['php_fpm_pool_dir'] = $conf['nginx']['php_fpm_pool_dir'];
+ $tpl_ini_array['web']['php_fpm_start_port'] = $conf['nginx']['php_fpm_start_port'];
+ $tpl_ini_array['web']['php_fpm_socket_dir'] = $conf['nginx']['php_fpm_socket_dir'];
+
+ if ($conf['nginx']['installed'] == true) {
+ $tpl_ini_array['web']['server_type'] = 'nginx';
+ $tpl_ini_array['global']['webserver'] = 'nginx';
+ }
- // update the new template with the old values
+ //* update the new template with the old values
if(is_array($old_ini_array)) {
foreach($old_ini_array as $tmp_section_name => $tmp_section_content) {
foreach($tmp_section_content as $tmp_var_name => $tmp_var_content) {
@@ -234,14 +292,20 @@
}
$new_ini = array_to_ini($tpl_ini_array);
- $inst->db->query("UPDATE server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']);
+ $sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
+ $inst->db->query($sql);
+
+ if($inst->db->dbHost != $inst->dbmaster->dbHost) {
+ $sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];
+ $inst->dbmaster->query($sql);
+ }
unset($old_ini_array);
unset($tpl_ini_array);
unset($new_ini);
//** Update system ini
- $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM sys_ini WHERE sysini_id = 1");
+ $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1");
$old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));
unset($tmp_server_rec);
$tpl_ini_array = ini_to_array(rf('tpl/system.ini.master'));
@@ -256,11 +320,11 @@
}
$new_ini = array_to_ini($tpl_ini_array);
- $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM sys_ini WHERE 1');
+ $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1');
if($tmp['number'] == 0) {
- $inst->db->query("INSERT INTO sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')");
+ $inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')");
} else {
- $inst->db->query("UPDATE sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1");
+ $inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1");
}
unset($old_ini_array);
unset($tpl_ini_array);
--
Gitblit v1.9.1