From e6b30b68f1ec0f294088949ae8db5231eb03a9f9 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 27 Feb 2013 06:42:56 -0500
Subject: [PATCH] Stricter regex for validation of A-Records.

---
 server/plugins-available/apache2_plugin.inc.php |   85 +++++++++++++++++++++++-------------------
 1 files changed, 46 insertions(+), 39 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 1b424d3..87236b4 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -465,7 +465,7 @@
                 $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' && usermod';
                 $command .= ' --home '.escapeshellcmd($data['new']['document_root']);
                 $command .= ' --gid '.escapeshellcmd($data['new']['system_group']);
-                $command .= ' '.escapeshellcmd($data['new']['system_user']);
+                $command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
                 exec($command);
             }
             
@@ -701,7 +701,7 @@
 				if($web_config['add_web_users_to_sshusers_group'] == 'y') {
 					$command = 'usermod';
 					$command .= ' --groups sshusers';
-					$command .= ' '.escapeshellcmd($data['new']['system_user']);
+					$command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
 					$this->_exec($command);
 				}
 
@@ -822,6 +822,13 @@
 		if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
 			$data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
 		}
+		
+		if(trim($data['new']['fastcgi_php_version']) != ''){
+			list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
+			if(is_file($custom_fastcgi_php_ini_dir)) $custom_fastcgi_php_ini_dir = dirname($custom_fastcgi_php_ini_dir);
+			if(substr($custom_fastcgi_php_ini_dir,-1) == '/') $custom_fastcgi_php_ini_dir = substr($custom_fastcgi_php_ini_dir,0,-1);
+		}
+
 		//* Create custom php.ini
 		if(trim($data['new']['custom_php_ini']) != '') {
 			$has_custom_php_ini = true;
@@ -830,8 +837,14 @@
 			if($data['new']['php'] == 'mod') {
 				$master_php_ini_path = $web_config['php_ini_path_apache'];
 			} else {
-				if($data["new"]['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {
-					$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
+				if($data["new"]['php'] == 'fast-cgi') {
+					if(trim($data['new']['fastcgi_php_version']) != '' && file_exists($custom_fastcgi_php_ini_dir)){
+						$master_php_ini_path = $custom_fastcgi_php_ini_dir;
+					} elseif(file_exists($fastcgi_config["fastcgi_phpini_path"])){
+						$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
+					} else {
+						$master_php_ini_path = $web_config['php_ini_path_cgi'];
+					}
 				} else {
 					$master_php_ini_path = $web_config['php_ini_path_cgi'];
 				}
@@ -1090,10 +1103,6 @@
 		} else {
 			$tpl->setVar('rewrite_enabled',0);
 		}
-		
-		if(count($alias_seo_redirects) > 0) {
-			$tpl->setLoop('alias_seo_redirects',$alias_seo_redirects);
-		}
 
 		//$tpl->setLoop('redirects',$rewrite_rules);
 
@@ -1128,8 +1137,6 @@
 			// Support for multiple PHP versions (FastCGI)
 			if(trim($data['new']['fastcgi_php_version']) != ''){
 				$default_fastcgi_php = false;
-				list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
-				if(is_file($custom_fastcgi_php_ini_dir)) $custom_fastcgi_php_ini_dir = dirname($custom_fastcgi_php_ini_dir);
 				if(substr($custom_fastcgi_php_ini_dir,-1) != '/') $custom_fastcgi_php_ini_dir .= '/';
 			} else {
 				$default_fastcgi_php = true;
@@ -1306,12 +1313,12 @@
 		//* create empty vhost array
 		$vhosts = array();
 		
-		//* Add vhost for ipv4 IP	
-		if(count($rewrite_rules) > 0){
-			$vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
-		} else {
-			$vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80);
-		}
+		//* Add vhost for ipv4 IP
+		$tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80);
+		if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
+		if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
+		$vhosts[] = $tmp_vhost_arr;
+		unset($tmp_vhost_arr);
 		
 		//* Add vhost for ipv4 IP with SSL
 		$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -1320,11 +1327,11 @@
 		$crt_file = $ssl_dir.'/'.$domain.'.crt';
 		
 		if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
-			if(count($rewrite_rules) > 0){
-				$vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443', 'redirects' => $rewrite_rules);
-			} else {
-				$vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
-			}
+			$tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
+			if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
+			if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
+			$vhosts[] = $tmp_vhost_arr;
+			unset($tmp_vhost_arr);
 			$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
 		}
 		
@@ -1341,20 +1348,20 @@
 				$data['new']['ipv6_address'] = implode(':',$explode_v6);
 			}
 		}
-			if(count($rewrite_rules) > 0){
-				$vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
-			} else {
-				$vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
-			}
+			
+			$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
+			if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
+			if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
+			$vhosts[] = $tmp_vhost_arr;
+			unset($tmp_vhost_arr);
 		
 			//* Add vhost for ipv6 IP with SSL
 			if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
-				
-				if(count($rewrite_rules) > 0){
-					$vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443', 'redirects' => $rewrite_rules);
-				} else {
-					$vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443');
-				}
+				$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443');
+				if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
+				if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
+				$vhosts[] = $tmp_vhost_arr;
+				unset($tmp_vhost_arr);
 				$app->log('Enable SSL for IPv6: '.$domain,LOGLEVEL_DEBUG);
 			}
 		}
@@ -1425,13 +1432,13 @@
 		}
 
 		//* Create .htaccess and .htpasswd file for website statistics
-		if(!is_file($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess') or $data['old']['document_root'] != $data['new']['document_root']) {
-			if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats');
-			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user";
-			$app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',$ht_file);
-			$app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',0755);
-			unset($ht_file);
-		}
+		//if(!is_file($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess') or $data['old']['document_root'] != $data['new']['document_root']) {
+		if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats');
+		$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user";
+		$app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',$ht_file);
+		$app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess',0755);
+		unset($ht_file);
+		//}
 
 		if(!is_file($data['new']['document_root'].'/web/stats/.htpasswd_stats') || $data['new']['stats_password'] != $data['old']['stats_password']) {
 			if(trim($data['new']['stats_password']) != '') {

--
Gitblit v1.9.1