maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge branch 'master' of git://github.com/Froxlor/Froxlor

Browse Source
This commit is contained in:
BNoiZe
2013-10-19 20:13:43 +02:00
parent 0e6aec2533 cb556093c1
commit 036bd61ded
13 changed files with 154 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/admin/settings/130.webserver.php
View File

@@ -81,7 +81,7 @@ return array(
'settinggroup' => 'system', 'settinggroup' => 'system',
'varname' => 'apacheconf_htpasswddir', 'varname' => 'apacheconf_htpasswddir',
'type' => 'string', 'type' => 'string',
'string_type' => 'dir', 'string_type' => 'confdir',
'default' => '/etc/apache2/htpasswd/', 'default' => '/etc/apache2/htpasswd/',
'save_method' => 'storeSettingField', 'save_method' => 'storeSettingField',
), ),
@@ -99,7 +99,7 @@ return array(
'settinggroup' => 'system', 'settinggroup' => 'system',
'varname' => 'customer_ssl_path', 'varname' => 'customer_ssl_path',
'type' => 'string', 'type' => 'string',
'string_type' => 'dir', 'string_type' => 'confdir',
'default' => '/etc/ssl/froxlor-custom/', 'default' => '/etc/ssl/froxlor-custom/',
'save_method' => 'storeSettingField', 'save_method' => 'storeSettingField',
), ),

2
actions/admin/settings/135.fcgid.php
View File

@@ -36,7 +36,7 @@ return array(
'settinggroup' => 'system', 'settinggroup' => 'system',
'varname' => 'mod_fcgid_configdir', 'varname' => 'mod_fcgid_configdir',
'type' => 'string', 'type' => 'string',
'string_type' => 'dir', 'string_type' => 'confdir',
'default' => '/var/www/php-fcgi-scripts/', 'default' => '/var/www/php-fcgi-scripts/',
'plausibility_check_method' => 'checkPathConflicts', 'plausibility_check_method' => 'checkPathConflicts',
'save_method' => 'storeSettingField', 'save_method' => 'storeSettingField',

4
actions/admin/settings/136.phpfpm.php
View File

@@ -79,7 +79,7 @@ return array(
'settinggroup' => 'phpfpm', 'settinggroup' => 'phpfpm',
'varname' => 'configdir', 'varname' => 'configdir',
'type' => 'string', 'type' => 'string',
'string_type' => 'dir', 'string_type' => 'confdir',
'default' => '/etc/php-fpm.d/', 'default' => '/etc/php-fpm.d/',
'save_method' => 'storeSettingField', 'save_method' => 'storeSettingField',
), ),
@@ -88,7 +88,7 @@ return array(
'settinggroup' => 'phpfpm', 'settinggroup' => 'phpfpm',
'varname' => 'aliasconfigdir', 'varname' => 'aliasconfigdir',
'type' => 'string', 'type' => 'string',
'string_type' => 'dir', 'string_type' => 'confdir',
'default' => '/var/www/php-fpm/', 'default' => '/var/www/php-fpm/',
'save_method' => 'storeSettingField', 'save_method' => 'storeSettingField',
), ),

2
admin_domains.php
View File

@@ -1065,6 +1065,8 @@ if($page == 'domains'
if (isset($_POST['ssl_ipandport']) && is_array($_POST['ssl_ipandport'])) { if (isset($_POST['ssl_ipandport']) && is_array($_POST['ssl_ipandport'])) {
foreach ($_POST['ssl_ipandport'] as $ssl_ipandport) { foreach ($_POST['ssl_ipandport'] as $ssl_ipandport) {
if (trim($ssl_ipandport) == "") continue; if (trim($ssl_ipandport) == "") continue;
// fix if ip/port got de-checked and it was the last one
if (trim($ssl_ipandport) < 1) continue;
$ssl_ipandport = intval($ssl_ipandport); $ssl_ipandport = intval($ssl_ipandport);
$ssl_ipandport_check = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = '" . $db->escape($ssl_ipandport) . "' "); $ssl_ipandport_check = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = '" . $db->escape($ssl_ipandport) . "' ");
if (!isset($ssl_ipandport_check['id']) if (!isset($ssl_ipandport_check['id'])

12
admin_index.php
View File

@@ -148,18 +148,6 @@ if($page == 'overview')
$cron_last_runs = getCronjobsLastRun(); $cron_last_runs = getCronjobsLastRun();
$outstanding_tasks = getOutstandingTasks(); $outstanding_tasks = getOutstandingTasks();
$opentickets = 0;
$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `answerto` = "0" AND (`status` = "0" OR `status` = "1")
AND `lastreplier`="0" AND `adminid` = "' . $userinfo['adminid'] . '"');
$awaitingtickets = $opentickets['count'];
$awaitingtickets_text = '';
if($opentickets > 0)
{
$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="admin_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
}
if(function_exists('sys_getloadavg')) if(function_exists('sys_getloadavg'))
{ {
$loadArray = sys_getloadavg(); $loadArray = sys_getloadavg();

12
customer_index.php
View File

@@ -60,18 +60,6 @@ if ($page == 'overview') {
$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); $userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']);
$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']); $userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']);
$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps tickets subdomains aps_packages'); $userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps tickets subdomains aps_packages');
$opentickets = 0;
$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `customerid` = "' . $userinfo['customerid'] . '"
AND `answerto` = "0"
AND (`status` = "0" OR `status` = "2")
AND `lastreplier`="1"');
$awaitingtickets = $opentickets['count'];
$awaitingtickets_text = '';
if ($opentickets > 0) {
$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="customer_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
}
eval("echo \"" . getTemplate('index/index') . "\";"); eval("echo \"" . getTemplate('index/index') . "\";");
} elseif ($page == 'change_password') { } elseif ($page == 'change_password') {

20
lib/functions/formfields/string/function.validateFormFieldString.php
View File

@@ -68,6 +68,26 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
$returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue)); $returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue));
} }
} }
elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'confdir') {
// check for empty value (it might be allowed)
if (trim($newfieldvalue) == '') {
$newfieldvalue = '';
$returnvalue = 'stringmustntbeempty';
} else {
// add trailing slash to validate path if needed
// refs #331
if (substr($newfieldvalue, -1) != '/') {
$newfieldvalue.= '/';
}
// if this is a configuration directory, check for stupidity of admins :p
if (checkDisallowedPaths($newfieldvalue) !== true) {
$newfieldvalue = '';
$returnvalue = 'givendirnotallowed';
} else {
$returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue));
}
}
}
elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') { elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') {
// check for empty value (it might be allowed) // check for empty value (it might be allowed)
if (trim($newfieldvalue) == '') { if (trim($newfieldvalue) == '') {

64
lib/functions/settings/function.storeSettingField.php
View File

@@ -17,62 +17,58 @@
* *
*/ */
function storeSettingField($fieldname, $fielddata, $newfieldvalue) function storeSettingField($fieldname, $fielddata, $newfieldvalue) {
{
if(is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] != '' && isset($fielddata['varname']) && $fielddata['varname'] != '')
{
if(saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false) if (is_array($fielddata)
{ && isset($fielddata['settinggroup'])
&& $fielddata['settinggroup'] != ''
&& isset($fielddata['varname'])
&& $fielddata['varname'] != ''
) {
if (saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false) {
/* /*
* when fielddata[cronmodule] is set, this means enable/disable a cronjob * when fielddata[cronmodule] is set, this means enable/disable a cronjob
*/ */
if(isset($fielddata['cronmodule']) && $fielddata['cronmodule'] != '') if (isset($fielddata['cronmodule'])
{ && $fielddata['cronmodule'] != ''
) {
toggleCronStatus($fielddata['cronmodule'], $newfieldvalue); toggleCronStatus($fielddata['cronmodule'], $newfieldvalue);
} }
/* /*
* satisfy dependencies * satisfy dependencies
*/ */
if(isset($fielddata['dependency']) && is_array($fielddata['dependency'])) if (isset($fielddata['dependency'])
{ && is_array($fielddata['dependency'])
if((int)$fielddata['dependency']['onlyif'] == (int)$newfieldvalue) ) {
{ if ((int)$fielddata['dependency']['onlyif'] == (int)$newfieldvalue) {
storeSettingField($fielddata['dependency']['fieldname'], $fielddata['dependency']['fielddata'], $newfieldvalue); storeSettingField($fielddata['dependency']['fieldname'], $fielddata['dependency']['fielddata'], $newfieldvalue);
} }
} }
return array($fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue); return array($fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue);
} } else {
else
{
return false; return false;
} }
} } else {
else
{
return false; return false;
} }
} }
function storeSettingFieldInsertBindTask($fieldname, $fielddata, $newfieldvalue) function storeSettingFieldInsertBindTask($fieldname, $fielddata, $newfieldvalue) {
{
if(is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] != '' && isset($fielddata['varname']) && $fielddata['varname'] != '') if (is_array($fielddata)
{ && isset($fielddata['settinggroup'])
if(saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false) && $fielddata['settinggroup'] != ''
{ && isset($fielddata['varname'])
&& $fielddata['varname'] != ''
) {
if (saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false) {
return array($fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue); return array($fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue);
} } else {
else
{
return false; return false;
} }
} } else {
else
{
return false; return false;
} }
} }
?>

48
lib/functions/validate/function.checkDisallowedPaths.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2013 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
* @since 0.9.30
*
*/
/**
* checks a directory against disallowed paths which could
* lead to a damaged system if you use them
*
* @param string $fieldname
* @param array $fielddata
* @param mixed $newfieldvalue
*
* @return boolean|array
*/
function checkDisallowedPaths($path = null) {
/*
* disallow base-directories and /
*/
$disallowed_values = array(
"/", "/bin/", "/boot/", "/dev/", "/etc/", "/home/", "/lib/", "/lib32/", "/lib64/",
"/opt/", "/proc/", "/root/", "/run/", "/sbin/", "/sys/", "/tmp/", "/usr/", "/var/"
);
$path = makeCorrectDir($path);
// check if it's a disallowed path
if (in_array($path, $disallowed_values)) {
return false;
}
return true;
}

34
lib/init.php
View File

@@ -431,6 +431,40 @@ if (AREA == 'admin' || AREA == 'customer') {
unset($navigation_data); unset($navigation_data);
} }
/**
* header information about open tickets (only if used)
*/
if ($settings['ticket']['enabled'] == '1') {
$awaitingtickets = 0;
$awaitingtickets_text = '';
$opentickets = 0;
if (AREA == 'admin' && isset($userinfo['adminid'])) {
$opentickets = $db->query_first('
SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `answerto` = "0" AND (`status` = "0" OR `status` = "1")
AND `lastreplier`="0" AND `adminid` = "' . $userinfo['adminid'] . '"
');
$awaitingtickets = $opentickets['count'];
if ($opentickets > 0) {
$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="admin_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
}
}
elseif (AREA == 'customer' && isset($userinfo['customerid'])) {
$opentickets = $db->query_first('
SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `answerto` = "0" AND (`status` = "0" OR `status` = "2")
AND `lastreplier`="1" AND `customerid` = "' . $userinfo['customerid'] . '"
');
$awaitingtickets = $opentickets['count'];
if ($opentickets > 0) {
$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="customer_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
}
}
}
$webfont = str_replace('+', ' ', $settings['panel']['webfont']); $webfont = str_replace('+', ' ', $settings['panel']['webfont']);
eval("\$header = \"" . getTemplate('header', '1') . "\";"); eval("\$header = \"" . getTemplate('header', '1') . "\";");

1
lng/english.lng.php
View File

@@ -1971,3 +1971,4 @@ $lng['admin']['selectserveralias_desc'] = 'Chose whether froxlor should create a
$lng['domains']['serveraliasoption_wildcard'] = 'Wildcard (*.domain.tld)'; $lng['domains']['serveraliasoption_wildcard'] = 'Wildcard (*.domain.tld)';
$lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)'; $lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)';
$lng['domains']['serveraliasoption_none'] = 'No alias'; $lng['domains']['serveraliasoption_none'] = 'No alias';
$lng['error']['givendirnotallowed'] = 'The given directory in field %s is not allowed.';

1
lng/german.lng.php
View File

@@ -1691,3 +1691,4 @@ $lng['admin']['selectserveralias_desc'] = 'Wählen Sie hier, ob für diese Domai
$lng['domains']['serveraliasoption_wildcard'] = 'Wildcard (*.domain.tld)'; $lng['domains']['serveraliasoption_wildcard'] = 'Wildcard (*.domain.tld)';
$lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)'; $lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)';
$lng['domains']['serveraliasoption_none'] = 'Kein alias'; $lng['domains']['serveraliasoption_none'] = 'Kein alias';
$lng['error']['givendirnotallowed'] = 'Das angegebene Verzeichnis im Feld %s ist nicht erlaubt.';

22
scripts/jobs/cron_usage.inc.diskspace.php
View File

@@ -49,20 +49,24 @@ while($row = $db->fetch_array($result))
'MAX_PERCENT' => $settings['system']['report_webmax'] 'MAX_PERCENT' => $settings['system']['report_webmax']
); );
$lngfile = $db->query_first("SELECT `file` FROM `" . TABLE_PANEL_LANGUAGE . "` $lngfile = $db->query_first("
WHERE `language` ='" . $row['def_language'] . "'"); SELECT `file` FROM `" . TABLE_PANEL_LANGUAGE . "`
WHERE `language` ='" . $row['def_language'] . "'
");
if($lngfile !== NULL) if ($lngfile !== null) {
{
$langfile = $lngfile['file']; $langfile = $lngfile['file'];
} } else {
else $lngfile = $db->query_first("
{ SELECT `file` FROM `" . TABLE_PANEL_LANGUAGE . "`
$lngfile = $db->query_first("SELECT `file` FROM `" . TABLE_PANEL_LANGUAGE . "` WHERE `language` ='" . $settings['panel']['standardlanguage'] . "'
WHERE `language` ='" . $settings['panel']['standardlanguage'] . "'"); ");
$langfile = $lngfile['file']; $langfile = $lngfile['file'];
} }
// include english language file (fallback)
include_once makeCorrectFile($pathtophpfiles . '/lng/english.lng.php');
// include admin/customer language file
include_once makeCorrectFile($pathtophpfiles . '/' . $langfile); include_once makeCorrectFile($pathtophpfiles . '/' . $langfile);
// Get mail templates from database; the ones from 'admin' are fetched for fallback // Get mail templates from database; the ones from 'admin' are fetched for fallback