From e0dc711c2b2dc4e2ec397d7f53910f11e1ca4ade Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 02 Sep 2013 04:14:56 -0400
Subject: [PATCH] - Changed previous commit to check for read permissions only on download action
---
interface/lib/classes/aps_guicontroller.inc.php | 34 ++++++++++++++++++++++------------
1 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/interface/lib/classes/aps_guicontroller.inc.php b/interface/lib/classes/aps_guicontroller.inc.php
index 6868bb9..5d1c79f 100644
--- a/interface/lib/classes/aps_guicontroller.inc.php
+++ b/interface/lib/classes/aps_guicontroller.inc.php
@@ -220,12 +220,18 @@
$app->uses("getconf");
$web_config = $app->getconf->get_server_config($app->functions->intval($websrv["server_id"]),'web');
- //* Set mysql mode to php-fcgi and enable suexec in website on apache servers
+ //* Set PHP mode to php-fcgi and enable suexec in website on apache servers / set PHP mode to PHP-FPM on nginx servers
if($web_config['server_type'] == 'apache') {
- if($websrv['php'] != 'fast-cgi' || $websrv['suexec'] != 'y') {
+ if(($websrv['php'] != 'fast-cgi' || $websrv['suexec'] != 'y') && $websrv['php'] != 'php-fpm') {
$app->db->datalogUpdate('web_domain', "php = 'fast-cgi', suexec = 'y'", 'domain_id', $websrv['domain_id']);
}
+ } else {
+ // nginx
+ if($websrv['php'] != 'php-fpm' && $websrv['php'] != 'fast-cgi') {
+ $app->db->datalogUpdate('web_domain', "php = 'php-fpm'", 'domain_id', $websrv['domain_id']);
+ }
}
+
//* Create the MySQL database for the application
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';');
@@ -277,15 +283,15 @@
}
}
- //* Find a free db name for the app
+ //* Find a free db name for the app
for($n = 1; $n <= 1000; $n++) {
- $mysql_db_name = $dbname_prefix.'aps'.$n;
+ $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
if($tmp['number'] == 0) break;
}
//* Find a free db username for the app
for($n = 1; $n <= 1000; $n++) {
- $mysql_db_user = $dbuser_prefix.'aps'.$n;
+ $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
if($tmp['number'] == 0) break;
}
@@ -293,13 +299,13 @@
$mysql_db_password = $settings['main_database_password'];
//* Create the mysql database user
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_password`)
- VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', PASSWORD('$mysql_db_password'))";
+ $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
+ VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');
//* Create the mysql database
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
- VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
+ $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
+ VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
$app->db->datalogInsert('web_database', $insert_data, 'database_id');
//* Add db details to package settings
@@ -345,7 +351,7 @@
$app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);
*/
- $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
+ $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
$tmp = $app->db->queryOneRecord($sql);
if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
@@ -542,7 +548,7 @@
// is not empty for further validation
if(!empty($doc_root))
{
- $used_path = $docroot['document_root'];
+ $used_path = $doc_root['document_root'];
if(substr($used_path, -1) != '/') $used_path .= '/';
$location_for_domain = $app->db->queryOneRecord("SELECT value
@@ -550,7 +556,7 @@
AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';");
// The location might be empty but the DB return must not be false!
- if($location_for_domain) $used_path .= $location_for_domain['value'];
+ if($location_for_domain) $used_path .= $location_for_domain['value'];
if($new_path == $used_path)
{
@@ -722,6 +728,8 @@
// Using parse_url() to filter malformed URLs
$path = dirname(parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH)).'/'.
basename($this->interface_pkg_dir).'/'.$pkg['path'].'/'.basename((string)$icon);
+ // nginx: if $_SERVER['PHP_SELF'] is doubled, remove /sites/aps_packagedetails_show.php from beginning of path
+ $path = preg_replace('@^/sites/aps_packagedetails_show.php(.*)@', '$1', $path);
$pkg['Icon'] = $path;
}
else $pkg['Icon'] = '';
@@ -735,6 +743,8 @@
// Using parse_url() to filter malformed URLs
$path = dirname(parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH)).'/'.
basename($this->interface_pkg_dir).'/'.$pkg['path'].'/'.basename((string)$screen['path']);
+ // nginx: if $_SERVER['PHP_SELF'] is doubled, remove /sites/aps_packagedetails_show.php from beginning of path
+ $path = preg_replace('@^/sites/aps_packagedetails_show.php(.*)@', '$1', $path);
$pkg['Screenshots'][] = array('ScreenPath' => $path,
'ScreenDescription' => htmlspecialchars(trim((string)$screen->description)));
--
Gitblit v1.9.1