From fa2806bddf4ce838d30d7fab1b5300e8632c586d Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 05 Jun 2012 10:31:34 -0400
Subject: [PATCH] Fixed: FS#2218 - Check if web root has wrong permissions for jailed cronjobs

---
 server/plugins-available/apache2_plugin.inc.php |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index fb686bd..9f03c55 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -642,9 +642,10 @@
 				* website root has to be owned by the root user and we have to chmod it to 755 then
 				*/
 
-				//* Check if there is a jailkit user for this site
+				//* Check if there is a jailkit user or cronjob for this site
 				$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
-				if($tmp['number'] > 0) {
+				$tmp2 = $app->db->queryOneRecord('SELECT count(id) as number FROM cron WHERE parent_domain_id = '.$data['new']['domain_id']." AND `type` = 'chrooted'");
+				if($tmp['number'] > 0 || $tmp2['number'] > 0) {
 					$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
 					$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
 				}
@@ -676,9 +677,15 @@
 		$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
 
 
-		//* Write the custom php.ini file, if custom_php_ini filed is not empty
+		//* Write the custom php.ini file, if custom_php_ini fieled is not empty
 		$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
 		if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
+		
+		//* add open_basedir restriction to custom php.ini content, required for suphp only
+		if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
+			$data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
+		}
+		//* Create custom php.ini
 		if(trim($data['new']['custom_php_ini']) != '') {
 			$has_custom_php_ini = true;
 			if(!is_dir($custom_php_ini_dir)) mkdir($custom_php_ini_dir);

--
Gitblit v1.9.1