maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
Michael Kaufmann
2016-12-11 08:19:16 +01:00
committed by GitHub
parent 30087548b0 d8994ca65b
commit 3d4b56b233
27 changed files with 227 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
actions/admin/settings/122.froxlorvhost.php
View File

@@ -49,7 +49,36 @@ return array(
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.leenabled')
'visible' => Settings::Get('system.use_ssl')
),
'system_hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage'],
'settinggroup' => 'system',
'varname' => 'hsts_maxage',
'type' => 'int',
'int_min' => 0,
'int_max' => 94608000, // 3-years
'default' => 0,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.use_ssl')
),
'system_hsts_incsub' => array(
'label' => $lng['admin']['domain_hsts_incsub'],
'settinggroup' => 'system',
'varname' => 'hsts_incsub',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.use_ssl')
),
'system_hsts_preload' => array(
'label' => $lng['admin']['domain_hsts_preload'],
'settinggroup' => 'system',
'varname' => 'hsts_preload',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.use_ssl')
),
/**
* FCGID

11
actions/admin/settings/130.webserver.php
View File

@@ -179,6 +179,17 @@ return array(
'nginx'
)
),
'system_nginx_http2_support' => array(
'label' => $lng['serversettings']['nginx_http2_support'],
'settinggroup' => 'system',
'varname' => 'nginx_http2_support',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'nginx'
)
),
'system_nginx_php_backend' => array(
'label' => $lng['serversettings']['nginx_php_backend'],
'settinggroup' => 'system',

28
actions/admin/settings/131.ssl.php
View File

@@ -153,33 +153,7 @@ return array(
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage'],
'settinggroup' => 'system',
'varname' => 'hsts_maxage',
'type' => 'int',
'int_min' => 0,
'int_max' => 94608000, // 3-years
'default' => 0,
'save_method' => 'storeSettingField'
),
'system_hsts_incsub' => array(
'label' => $lng['admin']['domain_hsts_incsub'],
'settinggroup' => 'system',
'varname' => 'hsts_incsub',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_hsts_preload' => array(
'label' => $lng['admin']['domain_hsts_preload'],
'settinggroup' => 'system',
'varname' => 'hsts_preload',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
)
)
)
)

2
admin_domains.php
View File

@@ -210,6 +210,8 @@ if ($page == 'domains' || $page == 'overview') {
'id' => $id
));
$deleted_domains = $del_stmt->rowCount();
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`subdomains_used` = `subdomains_used` - :domaincount

16
customer_domains.php
View File

@@ -517,7 +517,12 @@ if ($page == 'overview') {
// check if we at least have one ssl-ip/port, #1179
$ssl_ipsandports = '';
$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
$ssl_ip_stmt = Database::prepare("
SELECT COUNT(*) as countSSL
FROM `".TABLE_PANEL_IPSANDPORTS."` pip
LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
WHERE pip.`ssl`='1'
");
Database::pexecute($ssl_ip_stmt);
$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -797,8 +802,13 @@ if ($page == 'overview') {
// check if we at least have one ssl-ip/port, #1179
$ssl_ipsandports = '';
$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
Database::pexecute($ssl_ip_stmt);
$ssl_ip_stmt = Database::prepare("
SELECT COUNT(*) as countSSL
FROM `".TABLE_PANEL_IPSANDPORTS."` pip
LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
");
Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
$ssl_ipsandports = 'notempty';

7
install/froxlor.sql
View File

@@ -497,6 +497,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('system', 'ssl_cert_chainfile', ''),
('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
('system', 'nginx_php_backend', '127.0.0.1:8888'),
('system', 'nginx_http2_support', '0'),
('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
('system', 'phpreload_command', ''),
('system', 'apache24', '0'),
@@ -544,7 +545,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('system', 'mail_smtp_user', ''),
('system', 'mail_smtp_passwd', ''),
('system', 'hsts_maxage', '0'),
('system', 'hsts_sub', '0'),
('system', 'hsts_incsub', '0'),
('system', 'hsts_preload', '0'),
('panel', 'decimal_places', '4'),
('panel', 'adminmail', 'admin@SERVERNAME'),
@@ -577,8 +578,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('panel', 'password_special_char_required', '0'),
('panel', 'password_special_char', '!?<>§$%+#=@'),
('panel', 'customer_hide_options', ''),
('panel', 'version', '0.9.38-rc2'),
('panel', 'db_version', '201611130');
('panel', 'version', '0.9.38.4'),
('panel', 'db_version', '201612110');
DROP TABLE IF EXISTS `panel_tasks`;

41
install/updates/froxlor/0.9/update_0.9.inc.php
View File

@@ -3514,11 +3514,50 @@ if (isFroxlorVersion('0.9.38-rc1')) {
updateToVersion('0.9.38-rc2');
}
if (isFroxlorVersion('0.9.38-rc2')) {
showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
updateToVersion('0.9.38');
}
if (isDatabaseVersion('201610070')) {
showUpdateStep("Add Nginx http2 setting");
Settings::AddNew("system.nginx_http2_support", 0);
lastStepStatus(0);
updateToDbVersion('201611180');
}
if (isFroxlorVersion('0.9.38')) {
showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
updateToVersion('0.9.38.1');
}
if (isFroxlorVersion('0.9.38.1')) {
showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
updateToVersion('0.9.38.2');
}
if (isFroxlorVersion('0.9.38.2')) {
showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
updateToVersion('0.9.38.3');
}
if (isFroxlorVersion('0.9.38.3')) {
showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
updateToVersion('0.9.38.4');
}
if (isDatabaseVersion('201611180')) {
showUpdateStep("Updating database table definition for panel_domains");
Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `phpenabled` tinyint(1) NOT NULL default '1' AFTER `parentdomainid`;");
lastStepStatus(0);
updateToDbVersion('201611130');
updateToDbVersion('201612110');
}

2
lib/classes/ssl/class.lescript.php
View File

@@ -188,7 +188,7 @@ class lescript
$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
// simple self check
$selfcheckContextOptions = array('http' => array('header' => "User Agent: Froxlor/".$this->version));
$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
$selfcheckContext = stream_context_create($selfcheckContextOptions);
if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
$errmsg = json_encode(error_get_last());

2
lib/formfields/admin/domains/formfield.domains_add.php
View File

@@ -175,7 +175,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => 0
),
'hsts_incsub' => array(
'hsts_sub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],

2
lib/formfields/admin/domains/formfield.domains_edit.php
View File

@@ -198,7 +198,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => $result['hsts']
),
'hsts_incsub' => array(
'hsts_sub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],

10
lib/formfields/customer/domains/formfield.domains_add.php
View File

@@ -76,10 +76,9 @@ return array(
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_add.png',
'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
'fields' => array(
'ssl_redirect' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['domains']['ssl_redirect']['title'],
'desc' => $lng['domains']['ssl_redirect']['description'],
'type' => 'checkbox',
@@ -89,7 +88,7 @@ return array(
'value' => array()
),
'letsencrypt' => array(
'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
'visible' => (Settings::Get('system.leenabled') == '1' ? true : false),
'label' => $lng['customer']['letsencrypt']['title'],
'desc' => $lng['customer']['letsencrypt']['description'],
'type' => 'checkbox',
@@ -99,7 +98,6 @@ return array(
'value' => array()
),
'hsts_maxage' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'type' => 'int',
@@ -107,8 +105,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => 0
),
'hsts_incsub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'hsts_sub' => array(
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
@@ -118,7 +115,6 @@ return array(
'value' => array()
),
'hsts_preload' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',

10
lib/formfields/customer/domains/formfield.domains_edit.php
View File

@@ -87,10 +87,9 @@ return array(
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_edit.png',
'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false,
'fields' => array(
'ssl_redirect' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
'label' => $lng['domains']['ssl_redirect']['title'],
'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
'type' => 'checkbox',
@@ -100,7 +99,7 @@ return array(
'value' => array($result['ssl_redirect'])
),
'letsencrypt' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false) : false),
'visible' => Settings::Get('system.leenabled') == '1' ? true : false,
'label' => $lng['customer']['letsencrypt']['title'],
'desc' => $lng['customer']['letsencrypt']['description'],
'type' => 'checkbox',
@@ -110,7 +109,6 @@ return array(
'value' => array($result['letsencrypt'])
),
'hsts_maxage' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'type' => 'int',
@@ -118,8 +116,7 @@ return array(
'int_max' => 94608000, // 3-years
'value' => $result['hsts']
),
'hsts_incsub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'hsts_sub' => array(
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
@@ -129,7 +126,6 @@ return array(
'value' => array($result['hsts_sub'])
),
'hsts_preload' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',

6
lib/functions/filedir/function.makeCorrectDir.php
View File

@@ -26,7 +26,11 @@
*/
function makeCorrectDir($dir) {
assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
if (version_compare("5.4.6", PHP_VERSION, ">")) {
assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
} else {
assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
}
$dir = trim($dir);

2
lib/functions/formfields/string/function.validateFormFieldString.php
View File

@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
$newfieldvalue = '';
$returnvalue = 'stringmustntbeempty';
} else {
$newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
$newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
}
}

35
lib/functions/output/function.RedirectCode.php
View File

@@ -16,11 +16,11 @@
/**
* return an array of all enabled redirect-codes
*
*
* @return array array of enabled redirect-codes
*/
function getRedirectCodesArray() {
$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
$result_stmt = Database::query($sql);
@@ -35,13 +35,13 @@ function getRedirectCodesArray() {
/**
* return an array of all enabled redirect-codes
* for the settings form
*
*
* @return array array of enabled redirect-codes
*/
function getRedirectCodes() {
global $lng;
$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
$result_stmt = Database::query($sql);
@@ -54,16 +54,17 @@ function getRedirectCodes() {
}
/**
* returns the redirect-code for a given
* returns the redirect-code for a given
* domain-id
*
*
* @param integer $domainid id of the domain
*
* @param string $default
*
* @return string redirect-code
*/
function getDomainRedirectCode($domainid = 0) {
function getDomainRedirectCode($domainid = 0, $default = '') {
$code = '';
$code = $default;
if ($domainid > 0) {
$result_stmt = Database::prepare("
@@ -83,11 +84,11 @@ function getDomainRedirectCode($domainid = 0) {
}
/**
* returns the redirect-id for a given
* returns the redirect-id for a given
* domain-id
*
*
* @param integer $domainid id of the domain
*
*
* @return integer redirect-code-id
*/
function getDomainRedirectId($domainid = 0) {
@@ -112,10 +113,10 @@ function getDomainRedirectId($domainid = 0) {
/**
* adds a redirectcode for a domain
*
*
* @param integer $domainid id of the domain to add the code for
* @param integer $redirect selected redirect-id
*
* @param integer $redirect selected redirect-id
*
* @return null
*/
function addRedirectToDomain($domainid = 0, $redirect = 1) {
@@ -130,10 +131,10 @@ function addRedirectToDomain($domainid = 0, $redirect = 1) {
/**
* updates the redirectcode of a domain
* if redirect-code is false, nothing happens
*
*
* @param integer $domainid id of the domain to update
* @param integer $redirect selected redirect-id or false
*
*
* @return null
*/
function updateRedirectOfDomain($domainid = 0, $redirect = false) {

6
lib/functions/validate/function.validateUrl.php
View File

@@ -37,7 +37,11 @@ function validateUrl($url) {
}
// needs converting
$url = $idna_convert->encode($url);
try {
$url = $idna_convert->encode($url);
} catch (Exception $e) {
return false;
}
$pattern = "/^https?:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,4}(\:[0-9]+)?\/?(.+)?$/i";
if (preg_match($pattern, $url)) {

28
lib/functions/validate/function.validate_ip.php
View File

@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
* @param string $lng index for error-message (if $return_bool is false)
* @param bool $allow_localhost whether to allow 127.0.0.1
* @param bool $allow_priv whether to allow private network addresses
* @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
*
* @return string|bool ip address on success, false on failure
*/
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
$cidr = "";
if ($allow_cidr) {
$org_ip = $ip;
$ip_cidr = explode("/", $ip);
if (count($ip_cidr) == 2) {
$ip = $ip_cidr[0];
$cidr = "/".$ip_cidr[1];
} else {
$ip = $org_ip;
}
} elseif (strpos($ip, "/") !== false) {
if ($return_bool) {
return false;
} else {
standard_error($lng, $ip);
exit();
}
}
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
) {
return $ip;
return $ip.$cidr;
}
// special case where localhost ip is allowed (mysql-access-hosts for example)
if ($allow_localhost && $ip == '127.0.0.1') {
return $ip;
return $ip.$cidr;
}
if ($return_bool) {

4
lib/version.inc.php
View File

@@ -16,10 +16,10 @@
*/
// Main version variable
$version = '0.9.38-rc2';
$version = '0.9.38.4';
// Database version (YYYYMMDDC where C is a daily counter)
$dbversion = '201611130';
$dbversion = '201612110';
// Distribution branding-tag (used for Debian etc.)
$branding = '';

3
lng/english.lng.php
View File

@@ -2062,3 +2062,6 @@ $lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';

2
lng/german.lng.php
View File

@@ -1710,6 +1710,6 @@ $lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header<br>Der Wert <i>0</i> deaktiviert HSTS für diese Domain. Meist wird der Wert <i>31536000</i> gerne genutzt (ein Jahr).';
$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';

4
scripts/jobs/cron_tasks.inc.dns.10.bind.php
View File

@@ -129,9 +129,7 @@ class bind extends DnsBase
// AXFR server #100
if (count($this->_axfr) > 0) {
foreach ($this->_axfr as $axfrserver) {
if (validate_ip($axfrserver, true) !== false) {
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
}
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
}
}
// close allow-transfer

6
scripts/jobs/cron_tasks.inc.dns.20.pdns.php
View File

@@ -194,10 +194,8 @@ class pdns extends DnsBase
// AXFR server #100
if (count($this->_axfr) > 0) {
foreach ($this->_axfr as $axfrserver) {
if (validate_ip($axfrserver, true) !== false) {
$ins_data['value'] = $axfrserver;
$ins_stmt->execute($ins_data);
}
$ins_data['value'] = $axfrserver;
$ins_stmt->execute($ins_data);
}
}
}

15
scripts/jobs/cron_tasks.inc.http.10.apache.php
View File

@@ -344,6 +344,15 @@ class apache extends HttpConfigBase
);
}
} // end of ssl-redirect check
else
{
// fallback of froxlor domain-data for processSpecialConfigTemplate()
$domain = array(
'domain' => Settings::Get('system.hostname'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath
);
}
/**
* dirprotection, see #72
@@ -808,7 +817,7 @@ class apache extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
$domain['documentroot'] = 'https://%{HTTP_HOST}' . $_sslport . '/';
}
if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
@@ -875,10 +884,8 @@ class apache extends HttpConfigBase
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
$corrected_docroot = $domain['documentroot'];
// prevent empty return-cde
$code = "301";
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id']);
$code = getDomainRedirectCode($domain['id'], '301');
$modrew_red = '';
if ($code != '') {
$modrew_red = ' [R=' . $code . ';L,NE]';

33
scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
View File

@@ -162,7 +162,25 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
} else {
$domain = array(
'id' => 'none',
'domain' => Settings::Get('system.hostname'),
'adminid' => 1, /* first admin-user (superadmin) */
'guid' => Settings::Get('system.httpuser'),
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath
);
}
} else {
// fallback of froxlor domain-data for processSpecialConfigTemplate()
$domain = array(
'domain' => Settings::Get('system.hostname'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath
);
}
if ($row_ipsandports['specialsettings'] != '') {
@@ -424,7 +442,7 @@ class lighttpd extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
$domain['documentroot'] = 'https://%1' . $_sslport . '/';
}
// avoid using any whitespaces
@@ -432,10 +450,9 @@ class lighttpd extends HttpConfigBase
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
$uri = $domain['documentroot'];
// prevent empty return-cde
$code = "301";
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id']);
$code = getDomainRedirectCode($domain['id'], '301');
$vhost_content .= ' url.redirect-code = ' . $code. "\n";
$vhost_content .= ' url.redirect = (' . "\n";
@@ -532,14 +549,14 @@ class lighttpd extends HttpConfigBase
if ($domain['hsts'] >= 0) {
$vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
$ssl_settings .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
if ($domain['hsts_sub'] == 1) {
$vhost_content .= '; includeSubDomains';
$ssl_settings .= '; includeSubDomains';
}
if ($domain['hsts_preload'] == 1) {
$vhost_content .= '; preload';
$ssl_settings .= '; preload';
}
$vhost_content .= '") }' . "\n";
$ssl_settings .= '") }' . "\n";
}
}
}

26
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -196,15 +196,22 @@ class nginx extends HttpConfigBase
}
}
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
/**
* this HAS to be set for the default host in nginx or else no vhost will work
*/
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') {
$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
$this->nginx_data[$vhost_filename] .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n";
}
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
@@ -217,7 +224,7 @@ class nginx extends HttpConfigBase
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
}
@@ -411,7 +418,9 @@ class nginx extends HttpConfigBase
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
}
// get all server-names
@@ -438,7 +447,7 @@ class nginx extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
$domain['documentroot'] = 'https://$host' . $_sslport . '/';
}
// avoid using any whitespaces
@@ -460,12 +469,11 @@ class nginx extends HttpConfigBase
if (substr($uri, - 1) == '/') {
$uri = substr($uri, 0, - 1);
}
// prevent empty return-cde
$code = "301";
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id']);
$vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id'], '301');
$vhost_content .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
$vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n";
$vhost_content .= "\t" . '}' . "\n";
} else {

2
templates/Sparkle/admin/ipsandports/ipsandports.tpl vendored
View File

@@ -27,7 +27,7 @@ $header
<th>{$lng['admin']['ipsandports']['ip']}&nbsp;{$arrowcode['ip']}</th>
<th>{$lng['admin']['ipsandports']['port']}&nbsp;{$arrowcode['port']}</th>
<if !$is_nginx><th>Listen</th></if>
<if $is_apache><th>NameVirtualHost</th></if>
<if $is_apache && !$is_apache24><th>NameVirtualHost</th></if>
<th>vHost-Container</th>
<th>Specialsettings</th>
<if $is_apache><th>ServerName</th></if>

2
templates/Sparkle/admin/ipsandports/ipsandports_ipandport.tpl vendored
View File

@@ -2,7 +2,7 @@
<td>{$row['ip']}</td>
<td>{$row['port']}</td>
<if !$is_nginx><td><if $row['listen_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
<if $is_apache><td><if $row['namevirtualhost_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
<if $is_apache && !$is_apache24><td><if $row['namevirtualhost_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
<td><if $row['vhostcontainer']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td>
<td><if $row['specialsettings']!=''>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td>
<if $is_apache><td><if $row['vhostcontainer_servername_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>