outsource a few directory-functions in a class; make apache-2.4 not create 'require all granted' if there is an active directory-protection or option set for the customerroot-dir, possibly fixes #1455

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

lib/classes/io/class.frxDirectory.php

@@ -0,0 +1,109 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ * @since      0.9.33
+ *
+ */
+
+/**
+ * Class frxDirectory handles directory actions and gives information
+ * about a given directory in connections with its usage in froxlor
+ *
+ * @author Michael Kaufmann (d00p) <d00p@froxlor.org>
+ *
+ */
+class frxDirectory {
+
+	/**
+	 * directory string
+	 *
+	 * @var string
+	 */
+	private $_dir = null;
+
+	/**
+	 * class constructor, optionally set directory
+	 *
+	 * @param string $dir
+	 */
+	public function __construct($dir = null) {
+		$this->_dir = makeCorrectDir($dir);
+	}
+
+	/**
+	 * check whether the directory has options set in panel_htaccess
+	 */
+	public function hasUserOptions() {
+		$uo_stmt = Database::prepare("
+			SELECT COUNT(`id`) as `usropts` FROM `".TABLE_PANEL_HTACCESS."` WHERE `path` = :dir
+		");
+		$uo_res = Database::pexecute_first($uo_stmt, array('dir' => $this->_dir));
+		if ($uo_res != false && isset($uo_res['usropts'])) {
+			return ($uo_res['usropts'] > 0 ? true : false);
+		}
+		return false;
+	}
+
+	/**
+	 * check whether the directory is protected using panel_htpasswd
+	 */
+	public function isUserProtected() {
+		$up_stmt = Database::prepare("
+			SELECT COUNT(`id`) as `usrprot` FROM `".TABLE_PANEL_HTPASSWDS."` WHERE `path` = :dir
+		");
+		$up_res = Database::pexecute_first($up_stmt, array('dir' => $this->_dir));
+		if ($up_res != false && isset($up_res['usrprot'])) {
+			return ($up_res['usrprot'] > 0 ? true : false);
+		}
+		return false;
+	}
+
+	/**
+	 * Checks if a given directory is valid for multiple configurations
+	 * or should rather be used as a single file
+	 *
+	 * @param bool $ifexists also check whether file/dir exists
+	 *
+	 * @return bool true if usable as dir, false otherwise
+	 */
+	public function isConfigDir($ifexists = false) {
+		
+		if (is_null($this->_dir)) {
+			trigger_error(__CLASS__.'::'.__FUNCTION__.' has been called with a null value', E_USER_WARNING);
+			return false;
+		}
+
+		if (file_exists($this->_dir)) {
+			if (is_dir($this->_dir)) {
+				$returnval = true;
+			} else {
+				$returnval = false;
+			}
+		} else {
+			if (!$ifexists) {
+				if (substr($this->_dir, -1) == '/') {
+					$returnval = true;
+				} else {
+					$returnval = false;
+				}
+			} else {
+				$returnval = false;
+			}
+		}
+		return $returnval;
+	}
+
+}

lib/configfiles_index.inc.php

@@ -19,7 +19,10 @@
 
 $configcommand = array();
 
-if (isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
+$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
+$optsDir = new frxDirectory(Settings::Get('system.apacheconf_diroptions'));
+
+if ($vhostDir->isConfigDir()) {
 	$configcommand['vhost'] = 'mkdir -p ' . Settings::Get('system.apacheconf_vhost');
 	$configcommand['include'] = 'echo -e "\\nInclude ' . makeCorrectDir(Settings::Get('system.apacheconf_vhost')) . '*.conf" >> ' . makeCorrectFile(makeCorrectDir('/etc/apache2/httpd.conf'));
 	$configcommand['v_inclighty'] = 'echo -e \'\\ninclude_shell "cat ' . makeCorrectDir(Settings::Get('system.apacheconf_vhost')) . '*.conf"\' >> /etc/lighttpd/lighttpd.conf';
@@ -29,7 +32,7 @@ if (isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
 	$configcommand['v_inclighty'] = 'echo -e \'\\ninclude "' . Settings::Get('system.apacheconf_vhost') . '"\' >> /etc/lighttpd/lighttpd.conf';
 }
 
-if (isConfigDir(Settings::Get('system.apacheconf_diroptions'))) {
+if ($optsDir->isConfigDir()) {
 	$configcommand['diroptions'] = 'mkdir -p ' . Settings::Get('system.apacheconf_diroptions');
 	$configcommand['d_inclighty'] = 'echo -e \'\\ninclude_shell "cat ' . makeCorrectDir(Settings::Get('system.apacheconf_diroptions')) . '*.conf"\' >> /etc/lighttpd/lighttpd.conf';
 } else {

lib/functions/filedir/function.isConfigDir.php

@@ -1,48 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Functions
- *
- */
-
-/**
- * Checks if a given directory is valid for multiple configurations
- * or should rather be used as a single file
- *
- * @param  string The dir
- * @return bool   true if usable as dir, false otherwise
- *
- * @author Florian Lippert <flo@syscp.org>
- */
-function isConfigDir($dir, $ifexists = false) {
-	if (file_exists($dir)) {
-		if (is_dir($dir)) {
-			$returnval = true;
-		} else {
-			$returnval = false;
-		}
-	} else {
-		if (!$ifexists) {
-			if (substr($dir, -1) == '/') {
-				$returnval = true;
-			} else {
-				$returnval = false;
-			}
-		} else {
-			$returnval = false;
-		}
-	}
-	return $returnval;
-}

scripts/jobs/cron_tasks.inc.http.10.apache.php

@@ -230,7 +230,12 @@ class apache {
 						$this->virtualhosts_data[$vhosts_filename].= '    </FilesMatch>' . "\n";
 						// >=apache-2.4 enabled?
 						if (Settings::Get('system.apache24') == '1') {
-							$this->virtualhosts_data[$vhosts_filename].= '    Require all granted' . "\n";
+							$mypath_dir = new frxDirectory($mypath);
+							// only create the require all granted if there is not active directory-protection
+							// for this path, as this would be the first require and therefore grant all access
+							if ($mypath_dir->isUserProtected() == false) {
+								$this->virtualhosts_data[$vhosts_filename].= '    Require all granted' . "\n";
+							}
 						} else {
 							$this->virtualhosts_data[$vhosts_filename].= '    Order allow,deny' . "\n";
 							$this->virtualhosts_data[$vhosts_filename].= '    allow from all' . "\n";
@@ -279,7 +284,12 @@ class apache {
 						$this->virtualhosts_data[$vhosts_filename].= '    </FilesMatch>' . "\n";
 						// >=apache-2.4 enabled?
 						if (Settings::Get('system.apache24') == '1') {
-							$this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
+							$mypath_dir = new frxDirectory($mypath);
+							// only create the require all granted if there is not active directory-protection
+							// for this path, as this would be the first require and therefore grant all access
+							if ($mypath_dir->isUserProtected() == false) {
+								$this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
+							}
 						} else {
 							$this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
@@ -941,7 +951,12 @@ class apache {
 					$this->diroptions_data[$diroptions_filename] .= '  AddHandler cgi-script .cgi .pl' . "\n";
 					// >=apache-2.4 enabled?
 					if (Settings::Get('system.apache24') == '1') {
-						$this->diroptions_data[$diroptions_filename] .= '  Require all granted' . "\n";
+						$mypath_dir = new frxDirectory($row_diroptions['path']);
+						// only create the require all granted if there is not active directory-protection
+						// for this path, as this would be the first require and therefore grant all access
+						if ($mypath_dir->isUserProtected() == false) {
+							$this->diroptions_data[$diroptions_filename] .= '  Require all granted' . "\n";
+						}
 					} else {
 						$this->diroptions_data[$diroptions_filename] .= '  Order allow,deny' . "\n";
 						$this->diroptions_data[$diroptions_filename] .= '  Allow from all' . "\n";
@@ -1018,7 +1033,8 @@ class apache {
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "rebuilding " . Settings::Get('system.apacheconf_diroptions'));
 
 		if (count($this->diroptions_data) > 0) {
-			if (!isConfigDir(Settings::Get('system.apacheconf_diroptions'))) {
+			$optsDir = new frxDirectory(Settings::Get('system.apacheconf_diroptions'));
+			if (!$optsDir->isConfigDir()) {
 				// Save one big file
 				$diroptions_file = '';
 
@@ -1065,7 +1081,8 @@ class apache {
 				umask($umask);
 			}
 
-			if (isConfigDir(Settings::Get('system.apacheconf_htpasswddir'), true)) {
+			$htpasswdDir = new frxDirectory(Settings::Get('system.apacheconf_htpasswddir'));
+			if ($htpasswdDir->isConfigDir(true)) {
 				foreach ($this->htpasswds_data as $htpasswd_filename => $htpasswd_file) {
 					$this->known_htpasswdsfilenames[] = basename($htpasswd_filename);
 					$htpasswd_file_handler = fopen($htpasswd_filename, 'w');
@@ -1084,7 +1101,8 @@ class apache {
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "rebuilding " . Settings::Get('system.apacheconf_vhost'));
 
 		if (count($this->virtualhosts_data) > 0) {
-			if (!isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
+			$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
+			if (!$vhostDir->isConfigDir()) {
 				// Save one big file
 				$vhosts_file = '';
 

scripts/jobs/cron_tasks.inc.http.20.lighttpd.php

@@ -826,7 +826,8 @@ class lighttpd {
 		fwrite($this->debugHandler, '  lighttpd::writeConfigs: rebuilding ' . Settings::Get('system.apacheconf_vhost') . "\n");
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "rebuilding " . Settings::Get('system.apacheconf_vhost'));
 
-		if (!isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
+		$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
+		if (!$vhostDir->isConfigDir()) {
 			// Save one big file
 			$vhosts_file = '';
 
@@ -871,7 +872,8 @@ class lighttpd {
 		}
 
 		// Write the diroptions
-		if (isConfigDir(Settings::Get('system.apacheconf_htpasswddir'))) {
+		$htpasswdDir = new frxDirectory(Settings::Get('system.apacheconf_htpasswddir'));
+		if ($htpasswdDir->isConfigDir()) {
 			foreach ($this->needed_htpasswds as $key => $data) {
 				if (!is_dir(Settings::Get('system.apacheconf_htpasswddir'))) {
 					mkdir(makeCorrectDir(Settings::Get('system.apacheconf_htpasswddir')));

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -950,7 +950,8 @@ class nginx {
 		fwrite($this->debugHandler, '  nginx::writeConfigs: rebuilding ' . Settings::Get('system.apacheconf_vhost') . "\n");
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "rebuilding " . Settings::Get('system.apacheconf_vhost'));
 
-		if (!isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
+		$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
+		if (!$vhostDir->isConfigDir()) {
 			// Save one big file
 			$vhosts_file = '';