From e1b4cacb8d66891ce11dd4203bd92aa265fffcde Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 29 Mar 2016 04:34:43 -0400
Subject: [PATCH] Fixed issue: #3812 Insufficient validation of PHP version selector.

---
 interface/web/sites/web_domain_edit.php |   29 ++++++++++++++++++++++++++++-
 1 files changed, 28 insertions(+), 1 deletions(-)

diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index b15222c..f2fbf72 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -409,7 +409,7 @@
 		$ssl_domains = array();
 		$tmpd = $app->db->queryAllRecords("SELECT domain, type FROM web_domain WHERE domain_id = ".$this->id." OR parent_domain_id = ".$this->id);
 		foreach($tmpd as $tmp) {
-			if($tmp['type'] == 'subdomain' || $tmp['type'] == 'vhostsubdomain']) {
+			if($tmp['type'] == 'subdomain' || $tmp['type'] == 'vhostsubdomain') {
 				$ssl_domains[] = $tmp["domain"];
 			} else {
 				$ssl_domains = array_merge($ssl_domains, array($tmp["domain"],'www.'.$tmp["domain"],'*.'.$tmp["domain"]));
@@ -767,6 +767,33 @@
 				$app->tform->errorMessage .= $app->tform->lng("invalid_custom_php_ini_settings_txt").'<br>';
 			}
 		}
+		
+		// Check custom PHP version
+		if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
+			// Check php-fpm mode
+			if($this->dataRecord['php'] == 'php-fpm'){
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			// Check fast-cgi mode
+			} elseif($this->dataRecord['php'] == 'fast-cgi') {
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			} else {
+				// Other PHP modes do not have custom versions, so we force the value to be empty
+				$this->dataRecord['fastcgi_php_version'] = '';
+			}
+		}
+		
 
 		parent::onSubmit();
 	}

--
Gitblit v1.9.1