diff --git a/actions/admin/settings/122.froxlorvhost.php b/actions/admin/settings/122.froxlorvhost.php
index 75e138b4..6175bb73 100644
--- a/actions/admin/settings/122.froxlorvhost.php
+++ b/actions/admin/settings/122.froxlorvhost.php
@@ -49,7 +49,36 @@ return array(
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
- 'visible' => Settings::Get('system.leenabled')
+ 'visible' => Settings::Get('system.use_ssl')
+ ),
+ 'system_hsts_maxage' => array(
+ 'label' => $lng['admin']['domain_hsts_maxage'],
+ 'settinggroup' => 'system',
+ 'varname' => 'hsts_maxage',
+ 'type' => 'int',
+ 'int_min' => 0,
+ 'int_max' => 94608000, // 3-years
+ 'default' => 0,
+ 'save_method' => 'storeSettingField',
+ 'visible' => Settings::Get('system.use_ssl')
+ ),
+ 'system_hsts_incsub' => array(
+ 'label' => $lng['admin']['domain_hsts_incsub'],
+ 'settinggroup' => 'system',
+ 'varname' => 'hsts_incsub',
+ 'type' => 'bool',
+ 'default' => false,
+ 'save_method' => 'storeSettingField',
+ 'visible' => Settings::Get('system.use_ssl')
+ ),
+ 'system_hsts_preload' => array(
+ 'label' => $lng['admin']['domain_hsts_preload'],
+ 'settinggroup' => 'system',
+ 'varname' => 'hsts_preload',
+ 'type' => 'bool',
+ 'default' => false,
+ 'save_method' => 'storeSettingField',
+ 'visible' => Settings::Get('system.use_ssl')
),
/**
* FCGID
diff --git a/actions/admin/settings/130.webserver.php b/actions/admin/settings/130.webserver.php
index 4374b148..8a117d5c 100644
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -179,6 +179,17 @@ return array(
'nginx'
)
),
+ 'system_nginx_http2_support' => array(
+ 'label' => $lng['serversettings']['nginx_http2_support'],
+ 'settinggroup' => 'system',
+ 'varname' => 'nginx_http2_support',
+ 'type' => 'bool',
+ 'default' => false,
+ 'save_method' => 'storeSettingField',
+ 'websrv_avail' => array(
+ 'nginx'
+ )
+ ),
'system_nginx_php_backend' => array(
'label' => $lng['serversettings']['nginx_php_backend'],
'settinggroup' => 'system',
diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php
index dc03f926..56c27cd5 100644
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -153,33 +153,7 @@ return array(
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
- ),
- 'system_hsts_maxage' => array(
- 'label' => $lng['admin']['domain_hsts_maxage'],
- 'settinggroup' => 'system',
- 'varname' => 'hsts_maxage',
- 'type' => 'int',
- 'int_min' => 0,
- 'int_max' => 94608000, // 3-years
- 'default' => 0,
- 'save_method' => 'storeSettingField'
- ),
- 'system_hsts_incsub' => array(
- 'label' => $lng['admin']['domain_hsts_incsub'],
- 'settinggroup' => 'system',
- 'varname' => 'hsts_incsub',
- 'type' => 'bool',
- 'default' => false,
- 'save_method' => 'storeSettingField'
- ),
- 'system_hsts_preload' => array(
- 'label' => $lng['admin']['domain_hsts_preload'],
- 'settinggroup' => 'system',
- 'varname' => 'hsts_preload',
- 'type' => 'bool',
- 'default' => false,
- 'save_method' => 'storeSettingField'
- ),
+ )
)
)
)
diff --git a/admin_domains.php b/admin_domains.php
index 93fe910c..bb4fe9a3 100644
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -210,6 +210,8 @@ if ($page == 'domains' || $page == 'overview') {
'id' => $id
));
+ $deleted_domains = $del_stmt->rowCount();
+
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`subdomains_used` = `subdomains_used` - :domaincount
diff --git a/customer_domains.php b/customer_domains.php
index 06471cb8..cc2a637e 100644
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -517,7 +517,12 @@ if ($page == 'overview') {
// check if we at least have one ssl-ip/port, #1179
$ssl_ipsandports = '';
- $ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
+ $ssl_ip_stmt = Database::prepare("
+ SELECT COUNT(*) as countSSL
+ FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+ LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+ WHERE pip.`ssl`='1'
+ ");
Database::pexecute($ssl_ip_stmt);
$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -797,8 +802,13 @@ if ($page == 'overview') {
// check if we at least have one ssl-ip/port, #1179
$ssl_ipsandports = '';
- $ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
- Database::pexecute($ssl_ip_stmt);
+ $ssl_ip_stmt = Database::prepare("
+ SELECT COUNT(*) as countSSL
+ FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+ LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+ WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
+ ");
+ Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
$ssl_ipsandports = 'notempty';
diff --git a/install/froxlor.sql b/install/froxlor.sql
index a8dc13c3..8856efbf 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -497,6 +497,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('system', 'ssl_cert_chainfile', ''),
('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
('system', 'nginx_php_backend', '127.0.0.1:8888'),
+ ('system', 'nginx_http2_support', '0'),
('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
('system', 'phpreload_command', ''),
('system', 'apache24', '0'),
@@ -544,7 +545,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('system', 'mail_smtp_user', ''),
('system', 'mail_smtp_passwd', ''),
('system', 'hsts_maxage', '0'),
- ('system', 'hsts_sub', '0'),
+ ('system', 'hsts_incsub', '0'),
('system', 'hsts_preload', '0'),
('panel', 'decimal_places', '4'),
('panel', 'adminmail', 'admin@SERVERNAME'),
@@ -577,8 +578,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('panel', 'password_special_char_required', '0'),
('panel', 'password_special_char', '!?<>§$%+#=@'),
('panel', 'customer_hide_options', ''),
- ('panel', 'version', '0.9.38-rc2'),
- ('panel', 'db_version', '201611130');
+ ('panel', 'version', '0.9.38.4'),
+ ('panel', 'db_version', '201612110');
DROP TABLE IF EXISTS `panel_tasks`;
diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index 7f2387ae..a4aab48b 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3514,11 +3514,50 @@ if (isFroxlorVersion('0.9.38-rc1')) {
updateToVersion('0.9.38-rc2');
}
+if (isFroxlorVersion('0.9.38-rc2')) {
+
+ showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
+ updateToVersion('0.9.38');
+}
+
if (isDatabaseVersion('201610070')) {
+ showUpdateStep("Add Nginx http2 setting");
+ Settings::AddNew("system.nginx_http2_support", 0);
+ lastStepStatus(0);
+
+ updateToDbVersion('201611180');
+}
+
+if (isFroxlorVersion('0.9.38')) {
+
+ showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
+ updateToVersion('0.9.38.1');
+}
+
+if (isFroxlorVersion('0.9.38.1')) {
+
+ showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
+ updateToVersion('0.9.38.2');
+}
+
+if (isFroxlorVersion('0.9.38.2')) {
+
+ showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
+ updateToVersion('0.9.38.3');
+}
+
+if (isFroxlorVersion('0.9.38.3')) {
+
+ showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
+ updateToVersion('0.9.38.4');
+}
+
+if (isDatabaseVersion('201611180')) {
+
showUpdateStep("Updating database table definition for panel_domains");
Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `phpenabled` tinyint(1) NOT NULL default '1' AFTER `parentdomainid`;");
lastStepStatus(0);
- updateToDbVersion('201611130');
+ updateToDbVersion('201612110');
}
diff --git a/lib/classes/ssl/class.lescript.php b/lib/classes/ssl/class.lescript.php
index dc8ec83b..82f3056f 100644
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -188,7 +188,7 @@ class lescript
$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
// simple self check
- $selfcheckContextOptions = array('http' => array('header' => "User Agent: Froxlor/".$this->version));
+ $selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
$selfcheckContext = stream_context_create($selfcheckContextOptions);
if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
$errmsg = json_encode(error_get_last());
diff --git a/lib/formfields/admin/domains/formfield.domains_add.php b/lib/formfields/admin/domains/formfield.domains_add.php
index bce5b886..97f79ee7 100644
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -175,7 +175,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => 0
),
- 'hsts_incsub' => array(
+ 'hsts_sub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
diff --git a/lib/formfields/admin/domains/formfield.domains_edit.php b/lib/formfields/admin/domains/formfield.domains_edit.php
index d458b5d3..f3a8ab01 100644
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -198,7 +198,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => $result['hsts']
),
- 'hsts_incsub' => array(
+ 'hsts_sub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
diff --git a/lib/formfields/customer/domains/formfield.domains_add.php b/lib/formfields/customer/domains/formfield.domains_add.php
index fb9adc47..238adfff 100644
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -76,10 +76,9 @@ return array(
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_add.png',
- 'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+ 'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
'fields' => array(
'ssl_redirect' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['domains']['ssl_redirect']['title'],
'desc' => $lng['domains']['ssl_redirect']['description'],
'type' => 'checkbox',
@@ -89,7 +88,7 @@ return array(
'value' => array()
),
'letsencrypt' => array(
- 'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+ 'visible' => (Settings::Get('system.leenabled') == '1' ? true : false),
'label' => $lng['customer']['letsencrypt']['title'],
'desc' => $lng['customer']['letsencrypt']['description'],
'type' => 'checkbox',
@@ -99,7 +98,6 @@ return array(
'value' => array()
),
'hsts_maxage' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'type' => 'int',
@@ -107,8 +105,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => 0
),
- 'hsts_incsub' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'hsts_sub' => array(
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
@@ -118,7 +115,6 @@ return array(
'value' => array()
),
'hsts_preload' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',
diff --git a/lib/formfields/customer/domains/formfield.domains_edit.php b/lib/formfields/customer/domains/formfield.domains_edit.php
index 2a7b593b..6ac6d186 100644
--- a/lib/formfields/customer/domains/formfield.domains_edit.php
+++ b/lib/formfields/customer/domains/formfield.domains_edit.php
@@ -87,10 +87,9 @@ return array(
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_edit.png',
- 'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+ 'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false,
'fields' => array(
'ssl_redirect' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
'label' => $lng['domains']['ssl_redirect']['title'],
'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
'type' => 'checkbox',
@@ -100,7 +99,7 @@ return array(
'value' => array($result['ssl_redirect'])
),
'letsencrypt' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false) : false),
+ 'visible' => Settings::Get('system.leenabled') == '1' ? true : false,
'label' => $lng['customer']['letsencrypt']['title'],
'desc' => $lng['customer']['letsencrypt']['description'],
'type' => 'checkbox',
@@ -110,7 +109,6 @@ return array(
'value' => array($result['letsencrypt'])
),
'hsts_maxage' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'type' => 'int',
@@ -118,8 +116,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => $result['hsts']
),
- 'hsts_incsub' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'hsts_sub' => array(
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
@@ -129,7 +126,6 @@ return array(
'value' => array($result['hsts_sub'])
),
'hsts_preload' => array(
- 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',
diff --git a/lib/functions/filedir/function.makeCorrectDir.php b/lib/functions/filedir/function.makeCorrectDir.php
index 75dc00d1..dcc91ca2 100644
--- a/lib/functions/filedir/function.makeCorrectDir.php
+++ b/lib/functions/filedir/function.makeCorrectDir.php
@@ -26,7 +26,11 @@
*/
function makeCorrectDir($dir) {
- assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+ if (version_compare("5.4.6", PHP_VERSION, ">")) {
+ assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+ } else {
+ assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+ }
$dir = trim($dir);
diff --git a/lib/functions/formfields/string/function.validateFormFieldString.php b/lib/functions/formfields/string/function.validateFormFieldString.php
index addfc8b6..45544a18 100644
--- a/lib/functions/formfields/string/function.validateFormFieldString.php
+++ b/lib/functions/formfields/string/function.validateFormFieldString.php
@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
$newfieldvalue = '';
$returnvalue = 'stringmustntbeempty';
} else {
- $newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
+ $newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
}
}
diff --git a/lib/functions/output/function.RedirectCode.php b/lib/functions/output/function.RedirectCode.php
index b970e3b0..37bd10e1 100644
--- a/lib/functions/output/function.RedirectCode.php
+++ b/lib/functions/output/function.RedirectCode.php
@@ -16,11 +16,11 @@
/**
* return an array of all enabled redirect-codes
- *
+ *
* @return array array of enabled redirect-codes
*/
function getRedirectCodesArray() {
-
+
$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
$result_stmt = Database::query($sql);
@@ -35,13 +35,13 @@ function getRedirectCodesArray() {
/**
* return an array of all enabled redirect-codes
* for the settings form
- *
+ *
* @return array array of enabled redirect-codes
*/
function getRedirectCodes() {
global $lng;
-
+
$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
$result_stmt = Database::query($sql);
@@ -54,16 +54,17 @@ function getRedirectCodes() {
}
/**
- * returns the redirect-code for a given
+ * returns the redirect-code for a given
* domain-id
- *
+ *
* @param integer $domainid id of the domain
- *
+ * @param string $default
+ *
* @return string redirect-code
*/
-function getDomainRedirectCode($domainid = 0) {
+function getDomainRedirectCode($domainid = 0, $default = '') {
- $code = '';
+ $code = $default;
if ($domainid > 0) {
$result_stmt = Database::prepare("
@@ -83,11 +84,11 @@ function getDomainRedirectCode($domainid = 0) {
}
/**
- * returns the redirect-id for a given
+ * returns the redirect-id for a given
* domain-id
- *
+ *
* @param integer $domainid id of the domain
- *
+ *
* @return integer redirect-code-id
*/
function getDomainRedirectId($domainid = 0) {
@@ -112,10 +113,10 @@ function getDomainRedirectId($domainid = 0) {
/**
* adds a redirectcode for a domain
- *
+ *
* @param integer $domainid id of the domain to add the code for
- * @param integer $redirect selected redirect-id
- *
+ * @param integer $redirect selected redirect-id
+ *
* @return null
*/
function addRedirectToDomain($domainid = 0, $redirect = 1) {
@@ -130,10 +131,10 @@ function addRedirectToDomain($domainid = 0, $redirect = 1) {
/**
* updates the redirectcode of a domain
* if redirect-code is false, nothing happens
- *
+ *
* @param integer $domainid id of the domain to update
* @param integer $redirect selected redirect-id or false
- *
+ *
* @return null
*/
function updateRedirectOfDomain($domainid = 0, $redirect = false) {
diff --git a/lib/functions/validate/function.validateUrl.php b/lib/functions/validate/function.validateUrl.php
index 07ce29ac..0515e48d 100644
--- a/lib/functions/validate/function.validateUrl.php
+++ b/lib/functions/validate/function.validateUrl.php
@@ -37,7 +37,11 @@ function validateUrl($url) {
}
// needs converting
- $url = $idna_convert->encode($url);
+ try {
+ $url = $idna_convert->encode($url);
+ } catch (Exception $e) {
+ return false;
+ }
$pattern = "/^https?:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,4}(\:[0-9]+)?\/?(.+)?$/i";
if (preg_match($pattern, $url)) {
diff --git a/lib/functions/validate/function.validate_ip.php b/lib/functions/validate/function.validate_ip.php
index bd8055cc..f3caa492 100644
--- a/lib/functions/validate/function.validate_ip.php
+++ b/lib/functions/validate/function.validate_ip.php
@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
* @param string $lng index for error-message (if $return_bool is false)
* @param bool $allow_localhost whether to allow 127.0.0.1
* @param bool $allow_priv whether to allow private network addresses
+ * @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
*
* @return string|bool ip address on success, false on failure
*/
-function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
+function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {
- $filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
+ $cidr = "";
+ if ($allow_cidr) {
+ $org_ip = $ip;
+ $ip_cidr = explode("/", $ip);
+ if (count($ip_cidr) == 2) {
+ $ip = $ip_cidr[0];
+ $cidr = "/".$ip_cidr[1];
+ } else {
+ $ip = $org_ip;
+ }
+ } elseif (strpos($ip, "/") !== false) {
+ if ($return_bool) {
+ return false;
+ } else {
+ standard_error($lng, $ip);
+ exit();
+ }
+ }
+
+ $filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
) {
- return $ip;
+ return $ip.$cidr;
}
// special case where localhost ip is allowed (mysql-access-hosts for example)
if ($allow_localhost && $ip == '127.0.0.1') {
- return $ip;
+ return $ip.$cidr;
}
if ($return_bool) {
diff --git a/lib/version.inc.php b/lib/version.inc.php
index 72c746d7..52765f8d 100644
--- a/lib/version.inc.php
+++ b/lib/version.inc.php
@@ -16,10 +16,10 @@
*/
// Main version variable
-$version = '0.9.38-rc2';
+$version = '0.9.38.4';
// Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201611130';
+$dbversion = '201612110';
// Distribution branding-tag (used for Debian etc.)
$branding = '';
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 036cf118..45996cd0 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -2062,3 +2062,6 @@ $lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in HSTS preload list';
$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.
Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.
Please read the details at hstspreload.appspot.com/#removal before sending the header with "preload".';
+
+$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
+$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';
diff --git a/lng/german.lng.php b/lng/german.lng.php
index 0af16748..490d2651 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1710,6 +1710,6 @@ $lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header
Der Wert 0 deaktiviert HSTS für diese Domain. Meist wird der Wert 31536000 gerne genutzt (ein Jahr).';
$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
-$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
+$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die HSTS preload Liste hinzu';
$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.
Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.
Beachte Details unter hstspreload.appspot.com/#removal bevor ein Header mit "preload" gesendet wird.';
diff --git a/scripts/jobs/cron_tasks.inc.dns.10.bind.php b/scripts/jobs/cron_tasks.inc.dns.10.bind.php
index 06fbc9c8..2934e2a6 100644
--- a/scripts/jobs/cron_tasks.inc.dns.10.bind.php
+++ b/scripts/jobs/cron_tasks.inc.dns.10.bind.php
@@ -129,9 +129,7 @@ class bind extends DnsBase
// AXFR server #100
if (count($this->_axfr) > 0) {
foreach ($this->_axfr as $axfrserver) {
- if (validate_ip($axfrserver, true) !== false) {
- $bindconf_file .= ' ' . $axfrserver . ';' . "\n";
- }
+ $bindconf_file .= ' ' . $axfrserver . ';' . "\n";
}
}
// close allow-transfer
diff --git a/scripts/jobs/cron_tasks.inc.dns.20.pdns.php b/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
index fac7a736..27a63632 100644
--- a/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
+++ b/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
@@ -194,10 +194,8 @@ class pdns extends DnsBase
// AXFR server #100
if (count($this->_axfr) > 0) {
foreach ($this->_axfr as $axfrserver) {
- if (validate_ip($axfrserver, true) !== false) {
- $ins_data['value'] = $axfrserver;
- $ins_stmt->execute($ins_data);
- }
+ $ins_data['value'] = $axfrserver;
+ $ins_stmt->execute($ins_data);
}
}
}
diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index f597dcad..174ae623 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -344,6 +344,15 @@ class apache extends HttpConfigBase
);
}
} // end of ssl-redirect check
+ else
+ {
+ // fallback of froxlor domain-data for processSpecialConfigTemplate()
+ $domain = array(
+ 'domain' => Settings::Get('system.hostname'),
+ 'loginname' => 'froxlor.panel',
+ 'documentroot' => $mypath
+ );
+ }
/**
* dirprotection, see #72
@@ -808,7 +817,7 @@ class apache extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
- $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
+ $domain['documentroot'] = 'https://%{HTTP_HOST}' . $_sslport . '/';
}
if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
@@ -875,10 +884,8 @@ class apache extends HttpConfigBase
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
$corrected_docroot = $domain['documentroot'];
- // prevent empty return-cde
- $code = "301";
// Get domain's redirect code
- $code = getDomainRedirectCode($domain['id']);
+ $code = getDomainRedirectCode($domain['id'], '301');
$modrew_red = '';
if ($code != '') {
$modrew_red = ' [R=' . $code . ';L,NE]';
diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
index 1f37d4c8..d1ba5d04 100644
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -162,7 +162,25 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
+ } else {
+ $domain = array(
+ 'id' => 'none',
+ 'domain' => Settings::Get('system.hostname'),
+ 'adminid' => 1, /* first admin-user (superadmin) */
+ 'guid' => Settings::Get('system.httpuser'),
+ 'openbasedir' => 0,
+ 'email' => Settings::Get('panel.adminmail'),
+ 'loginname' => 'froxlor.panel',
+ 'documentroot' => $mypath
+ );
}
+ } else {
+ // fallback of froxlor domain-data for processSpecialConfigTemplate()
+ $domain = array(
+ 'domain' => Settings::Get('system.hostname'),
+ 'loginname' => 'froxlor.panel',
+ 'documentroot' => $mypath
+ );
}
if ($row_ipsandports['specialsettings'] != '') {
@@ -424,7 +442,7 @@ class lighttpd extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
- $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
+ $domain['documentroot'] = 'https://%1' . $_sslport . '/';
}
// avoid using any whitespaces
@@ -432,10 +450,9 @@ class lighttpd extends HttpConfigBase
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
$uri = $domain['documentroot'];
- // prevent empty return-cde
- $code = "301";
+
// Get domain's redirect code
- $code = getDomainRedirectCode($domain['id']);
+ $code = getDomainRedirectCode($domain['id'], '301');
$vhost_content .= ' url.redirect-code = ' . $code. "\n";
$vhost_content .= ' url.redirect = (' . "\n";
@@ -532,14 +549,14 @@ class lighttpd extends HttpConfigBase
if ($domain['hsts'] >= 0) {
- $vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
+ $ssl_settings .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
if ($domain['hsts_sub'] == 1) {
- $vhost_content .= '; includeSubDomains';
+ $ssl_settings .= '; includeSubDomains';
}
if ($domain['hsts_preload'] == 1) {
- $vhost_content .= '; preload';
+ $ssl_settings .= '; preload';
}
- $vhost_content .= '") }' . "\n";
+ $ssl_settings .= '") }' . "\n";
}
}
}
diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
index 6d2fb617..551d43b9 100644
--- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php
+++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
@@ -196,15 +196,22 @@ class nginx extends HttpConfigBase
}
}
+ $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
+
/**
* this HAS to be set for the default host in nginx or else no vhost will work
*/
- $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
+ if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') {
+ $acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
+ $this->nginx_data[$vhost_filename] .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n";
+ }
+
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
@@ -217,7 +224,7 @@ class nginx extends HttpConfigBase
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
- $this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
}
@@ -411,7 +418,9 @@ class nginx extends HttpConfigBase
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
- $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+ $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
+
+ $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
}
// get all server-names
@@ -438,7 +447,7 @@ class nginx extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
- $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
+ $domain['documentroot'] = 'https://$host' . $_sslport . '/';
}
// avoid using any whitespaces
@@ -460,12 +469,11 @@ class nginx extends HttpConfigBase
if (substr($uri, - 1) == '/') {
$uri = substr($uri, 0, - 1);
}
- // prevent empty return-cde
- $code = "301";
- // Get domain's redirect code
- $code = getDomainRedirectCode($domain['id']);
- $vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
+ // Get domain's redirect code
+ $code = getDomainRedirectCode($domain['id'], '301');
+
+ $vhost_content .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
$vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n";
$vhost_content .= "\t" . '}' . "\n";
} else {
diff --git a/templates/Sparkle/admin/ipsandports/ipsandports.tpl b/templates/Sparkle/admin/ipsandports/ipsandports.tpl
index 753aa1bd..4112553f 100644
--- a/templates/Sparkle/admin/ipsandports/ipsandports.tpl
+++ b/templates/Sparkle/admin/ipsandports/ipsandports.tpl
@@ -27,7 +27,7 @@ $header
{$lng['admin']['ipsandports']['ip']} {$arrowcode['ip']} |
{$lng['admin']['ipsandports']['port']} {$arrowcode['port']} |
Listen |
- NameVirtualHost |
+ NameVirtualHost |
vHost-Container |
Specialsettings |
ServerName |
diff --git a/templates/Sparkle/admin/ipsandports/ipsandports_ipandport.tpl b/templates/Sparkle/admin/ipsandports/ipsandports_ipandport.tpl
index 245ba681..720c486a 100644
--- a/templates/Sparkle/admin/ipsandports/ipsandports_ipandport.tpl
+++ b/templates/Sparkle/admin/ipsandports/ipsandports_ipandport.tpl
@@ -2,7 +2,7 @@
{$row['ip']} |
{$row['port']} |
{$lng['panel']['yes']}{$lng['panel']['no']} |
- {$lng['panel']['yes']}{$lng['panel']['no']} |
+ {$lng['panel']['yes']}{$lng['panel']['no']} |
{$lng['panel']['yes']}{$lng['panel']['no']} |
{$lng['panel']['yes']}{$lng['panel']['no']} |
{$lng['panel']['yes']}{$lng['panel']['no']} |