maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

use safe_exec from class now

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2018-12-19 17:19:56 +01:00
parent c4024c8107
commit 549ccda166
17 changed files with 85 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/Cron/Http/DomainSSL.php
View File

@@ -66,7 +66,7 @@ class DomainSSL
$sslcertpath = \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.customer_ssl_path'));
// create path if it does not exist
if (! file_exists($sslcertpath)) {
safe_exec('mkdir -p ' . escapeshellarg($sslcertpath));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($sslcertpath));
}
// make correct files for the certificates
$ssl_files = array(

53
lib/Froxlor/Cron/Http/Lighttpd.php
View File

@@ -20,10 +20,9 @@ use Froxlor\Cron\Http\Php\PhpInterface;
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*
* @todo ssl-redirect to non-standard port
*/
class Lighttpd extends HttpConfigBase
{
@@ -63,11 +62,11 @@ class Lighttpd extends HttpConfigBase
Fpm::createDummyPool($restart_cmd['config_dir']);
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: running ' . $restart_cmd['reload_cmd']);
safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
\Froxlor\FileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
}
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: reloading lighttpd');
safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
\Froxlor\FileDir::safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
}
public function createIpPort()
@@ -128,12 +127,12 @@ class Lighttpd extends HttpConfigBase
}
}
if (!$is_redirect) {
if (! $is_redirect) {
/**
* dirprotection, see #72
*
* @todo use better regex for this, deferred until 0.9.5
*
*
* $this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
* $this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n";
* $this->lighttpd_data[$vhost_filename].= ' }' . "\n";
@@ -211,10 +210,10 @@ class Lighttpd extends HttpConfigBase
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
if (!file_exists($row_ipsandports['ssl_cert_file'])) {
if (! file_exists($row_ipsandports['ssl_cert_file'])) {
// explicitly disable ssl for this vhost
$row_ipsandports['ssl_cert_file'] = "";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.Settings::Get('system.hostname').'"');
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "' . Settings::Get('system.ssl_cert_file') . '" does not seem to exist. Disabling SSL-vhost for "' . Settings::Get('system.hostname') . '"');
}
}
@@ -229,7 +228,7 @@ class Lighttpd extends HttpConfigBase
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
'customerroot' => $mypath,
'parentdomainid' => 0,
'parentdomainid' => 0
);
// override corresponding array values
@@ -253,10 +252,10 @@ class Lighttpd extends HttpConfigBase
} else {
$this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.use-compression = "disable"' . "\n";
if (!empty(Settings::Get('system.dhparams_file'))) {
if (! empty(Settings::Get('system.dhparams_file'))) {
$dhparams = \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) {
safe_exec('openssl dhparam -out '.escapeshellarg($dhparams).' 4096');
if (! file_exists($dhparams)) {
\Froxlor\FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
}
$this->lighttpd_data[$vhost_filename] .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.ec-curve = "secp384r1"' . "\n";
@@ -392,7 +391,7 @@ class Lighttpd extends HttpConfigBase
foreach ($domains as $domain) {
if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
safe_exec('mkdir -p ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost') . '/vhosts/')));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost') . '/vhosts/')));
// determine correct include-path:
// e.g. '/etc/lighttpd/conf-enabled/vhosts/ has to become'
@@ -404,10 +403,10 @@ class Lighttpd extends HttpConfigBase
// maindomain
if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) {
$vhost_no = '50';
} // sub-but-main-domain
} // sub-but-main-domain
elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) {
$vhost_no = '51';
} // subdomains
} // subdomains
else {
// number of dots in a domain specifies it's position (and depth of subdomain) starting at 89 going downwards on higher depth
$vhost_no = (string) (90 - substr_count($domain['domain'], ".") + 1);
@@ -486,7 +485,7 @@ class Lighttpd extends HttpConfigBase
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id']);
$vhost_content .= ' url.redirect-code = ' . $code. "\n";
$vhost_content .= ' url.redirect-code = ' . $code . "\n";
$vhost_content .= ' url.redirect = (' . "\n";
$vhost_content .= ' "^/(.*)$" => "' . $uri . '$1"' . "\n";
$vhost_content .= ' )' . "\n";
@@ -559,10 +558,10 @@ class Lighttpd extends HttpConfigBase
if ($ssl_vhost === true && $domain['ssl'] == '1' && (int) Settings::Get('system.use_ssl') == 1) {
if ($domain['ssl_cert_file'] == '') {
$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
if (!file_exists($domain['ssl_cert_file'])) {
if (! file_exists($domain['ssl_cert_file'])) {
// explicitly disable ssl for this vhost
$domain['ssl_cert_file'] = "";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.$domain['domain'].'"');
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "' . Settings::Get('system.ssl_cert_file') . '" does not seem to exist. Disabling SSL-vhost for "' . $domain['domain'] . '"');
}
}
@@ -573,12 +572,12 @@ class Lighttpd extends HttpConfigBase
if ($domain['ssl_cert_file'] != '') {
// ssl.engine only necessary once in the ip/port vhost (SERVER['socket'] condition)
//$ssl_settings .= 'ssl.engine = "enable"' . "\n";
// $ssl_settings .= 'ssl.engine = "enable"' . "\n";
$ssl_settings .= 'ssl.use-compression = "disable"' . "\n";
if (!empty(Settings::Get('system.dhparams_file'))) {
if (! empty(Settings::Get('system.dhparams_file'))) {
$dhparams = \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) {
safe_exec('openssl dhparam -out '.escapeshellarg($dhparams).' 4096');
if (! file_exists($dhparams)) {
\Froxlor\FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
}
$ssl_settings .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
$ssl_settings .= 'ssl.ec-curve = "secp384r1"' . "\n";
@@ -927,10 +926,10 @@ class Lighttpd extends HttpConfigBase
} else {
$stats_text .= ' alias.url = ( "/webalizer/" => "' . \Froxlor\FileDir::makeCorrectFile($domain['customerroot'] . '/webalizer/') . '" )' . "\n";
}
} // if the docroots are equal, we still have to set an alias for awstats
// because the stats are in /awstats/[domain], not just /awstats/
// also, the awstats-icons are someplace else too!
// -> webalizer does not need this!
} // if the docroots are equal, we still have to set an alias for awstats
// because the stats are in /awstats/[domain], not just /awstats/
// also, the awstats-icons are someplace else too!
// -> webalizer does not need this!
elseif (Settings::Get('system.awstats_enabled') == '1') {
$stats_text .= ' alias.url = ( "/awstats/" => "' . \Froxlor\FileDir::makeCorrectFile($domain['documentroot'] . '/awstats/' . $domain['domain']) . '" )' . "\n";
$stats_text .= ' alias.url += ( "/awstats-icon" => "' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.awstats_icons')) . '" )' . "\n";
@@ -970,7 +969,7 @@ class Lighttpd extends HttpConfigBase
} else {
if (! file_exists(Settings::Get('system.apacheconf_vhost'))) {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'lighttpd::writeConfigs: mkdir ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
safe_exec('mkdir ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
\Froxlor\FileDir::safe_exec('mkdir ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
}
// Write a single file for every vhost

2
lib/Froxlor/Cron/Http/LighttpdFcgi.php
View File

@@ -126,7 +126,7 @@ class LighttpdFcgi extends Lighttpd
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
\Froxlor\FileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new PhpInterface($domain);

12
lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -72,19 +72,19 @@ class Nginx extends HttpConfigBase
Fpm::createDummyPool($restart_cmd['config_dir']);
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: running ' . $restart_cmd['reload_cmd']);
safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
\Froxlor\FileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
}
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: reloading nginx');
safe_exec(Settings::Get('system.apachereload_command'));
\Froxlor\FileDir::safe_exec(Settings::Get('system.apachereload_command'));
/**
* nginx does not auto-spawn fcgi-processes
*/
if (Settings::Get('system.phpreload_command') != '' && (int) Settings::Get('phpfpm.enabled') == 0) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: restarting php processes');
safe_exec(Settings::Get('system.phpreload_command'));
\Froxlor\FileDir::safe_exec(Settings::Get('system.phpreload_command'));
}
}
@@ -339,7 +339,7 @@ class Nginx extends HttpConfigBase
foreach ($domains as $domain) {
if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
safe_exec('mkdir -p ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
}
$vhost_filename = $this->getVhostFilename($domain);
@@ -647,7 +647,7 @@ class Nginx extends HttpConfigBase
if (! empty(Settings::Get('system.dhparams_file'))) {
$dhparams = \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (! file_exists($dhparams)) {
safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
\Froxlor\FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
}
$sslsettings .= 'ssl_dhparam ' . $dhparams . ';' . "\n";
}
@@ -1159,7 +1159,7 @@ class Nginx extends HttpConfigBase
} else {
if (! file_exists(Settings::Get('system.apacheconf_vhost'))) {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'nginx::writeConfigs: mkdir ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
safe_exec('mkdir -p ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
}
// Write a single file for every vhost

2
lib/Froxlor/Cron/Http/NginxFcgi.php
View File

@@ -95,7 +95,7 @@ class NginxFcgi extends Nginx
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
\Froxlor\FileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new PhpInterface($domain);

18
lib/Froxlor/Cron/Http/Php/Fcgid.php
View File

@@ -102,8 +102,8 @@ class Fcgid
$starter_file_handler = fopen($this->getStarterFile(), 'w');
fwrite($starter_file_handler, $starter_file);
fclose($starter_file_handler);
safe_exec('chmod 750 ' . escapeshellarg($this->getStarterFile()));
safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($this->getStarterFile()));
\Froxlor\FileDir::safe_exec('chmod 750 ' . escapeshellarg($this->getStarterFile()));
\Froxlor\FileDir::safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($this->getStarterFile()));
setImmutable($this->getStarterFile());
}
@@ -173,8 +173,8 @@ class Fcgid
$phpini_file_handler = fopen($this->getIniFile(), 'w');
fwrite($phpini_file_handler, $phpini_file);
fclose($phpini_file_handler);
safe_exec('chown root:0 ' . escapeshellarg($this->getIniFile()));
safe_exec('chmod 0644 ' . escapeshellarg($this->getIniFile()));
\Froxlor\FileDir::safe_exec('chown root:0 ' . escapeshellarg($this->getIniFile()));
\Froxlor\FileDir::safe_exec('chmod 0644 ' . escapeshellarg($this->getIniFile()));
}
/**
@@ -190,8 +190,8 @@ class Fcgid
$configdir = \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
if (! is_dir($configdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));
\Froxlor\FileDir::safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
}
return $configdir;
@@ -210,9 +210,9 @@ class Fcgid
$tmpdir = \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir') . '/' . $this->_domain['loginname'] . '/');
if (! is_dir($tmpdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
\Froxlor\FileDir::safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
\Froxlor\FileDir::safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
}
return $tmpdir;

18
lib/Froxlor/Cron/Http/Php/Fpm.php
View File

@@ -290,7 +290,7 @@ class Fpm
$config = \Froxlor\FileDir::makeCorrectFile($configdir . '/' . $this->_domain['domain'] . '.conf');
if (! is_dir($configdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));
}
return $config;
@@ -311,8 +311,8 @@ class Fpm
$socket = strtolower(\Froxlor\FileDir::makeCorrectFile($socketdir . '/' . $this->_domain['fpm_config_id'] . '-' . $this->_domain['loginname'] . '-' . $this->_domain['domain'] . '-php-fpm.socket'));
if (! is_dir($socketdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($socketdir));
safe_exec('chown -R ' . Settings::Get('system.httpuser') . ':' . Settings::Get('system.httpgroup') . ' ' . escapeshellarg($socketdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($socketdir));
\Froxlor\FileDir::safe_exec('chown -R ' . Settings::Get('system.httpuser') . ':' . Settings::Get('system.httpgroup') . ' ' . escapeshellarg($socketdir));
}
return $socket;
@@ -331,9 +331,9 @@ class Fpm
$tmpdir = \Froxlor\FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
if (! is_dir($tmpdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
\Froxlor\FileDir::safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
\Froxlor\FileDir::safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
}
return $tmpdir;
@@ -357,8 +357,8 @@ class Fpm
$configdir = \Froxlor\FileDir::makeCorrectDir(Settings::Get('phpfpm.aliasconfigdir') . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
if (! is_dir($configdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));
\Froxlor\FileDir::safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
}
return $configdir;
@@ -373,7 +373,7 @@ class Fpm
public static function createDummyPool($configdir)
{
if (! is_dir($configdir)) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($configdir));
}
$config = \Froxlor\FileDir::makeCorrectFile($configdir . '/dummy.conf');
$dummy = "[dummy]