Merge remote-tracking branch 'origin/0.10.x' into private-0.10.35.1-dmarc
This commit is contained in:
@@ -180,12 +180,18 @@ abstract class ApiParameter
|
||||
*/
|
||||
private function trimArray($input)
|
||||
{
|
||||
if (! is_array($input)) {
|
||||
if ($input === '') {
|
||||
return "";
|
||||
}
|
||||
if (is_numeric($input) || is_null($input)) {
|
||||
return $input;
|
||||
}
|
||||
if (!is_array($input)) {
|
||||
return trim($input);
|
||||
}
|
||||
return array_map(array(
|
||||
return array_map([
|
||||
$this,
|
||||
'trimArray'
|
||||
), $input);
|
||||
], $input);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -227,7 +227,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
$ipaddress = $this->getParam('ipaddress', true, - 1);
|
||||
|
||||
// validation
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', '', '', array(), true);
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$idna_convert = new \Froxlor\Idna\IdnaWrapper();
|
||||
$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
|
||||
$def_language = \Froxlor\Validate\Validate::validate($def_language, 'default language', '', '', array(), true);
|
||||
@@ -475,7 +475,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
$email = $this->getParam('email', true, $idna_convert->decode($result['email'] ?? ''));
|
||||
$password = $this->getParam('admin_password', true, '');
|
||||
$def_language = $this->getParam('def_language', true, $result['def_language']);
|
||||
$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
|
||||
$custom_notes = $this->getParam('custom_notes', true, ($result['custom_notes'] ?? ""));
|
||||
$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
|
||||
$theme = $this->getParam('theme', true, $result['theme']);
|
||||
|
||||
@@ -527,7 +527,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
}
|
||||
|
||||
// validation
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', '', '', array(), true);
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$idna_convert = new \Froxlor\Idna\IdnaWrapper();
|
||||
$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
|
||||
$def_language = \Froxlor\Validate\Validate::validate($def_language, 'default language', '', '', array(), true);
|
||||
|
||||
@@ -406,12 +406,12 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
}
|
||||
|
||||
// validation
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', '', '', array(), true);
|
||||
$firstname = \Froxlor\Validate\Validate::validate($firstname, 'first name', '', '', array(), true);
|
||||
$company = \Froxlor\Validate\Validate::validate($company, 'company', '', '', array(), true);
|
||||
$street = \Froxlor\Validate\Validate::validate($street, 'street', '', '', array(), true);
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$firstname = \Froxlor\Validate\Validate::validate($firstname, 'first name', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$company = \Froxlor\Validate\Validate::validate($company, 'company', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$street = \Froxlor\Validate\Validate::validate($street, 'street', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$zipcode = \Froxlor\Validate\Validate::validate($zipcode, 'zipcode', '/^[0-9 \-A-Z]*$/', '', array(), true);
|
||||
$city = \Froxlor\Validate\Validate::validate($city, 'city', '', '', array(), true);
|
||||
$city = \Froxlor\Validate\Validate::validate($city, 'city', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$phone = \Froxlor\Validate\Validate::validate($phone, 'phone', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
|
||||
$fax = \Froxlor\Validate\Validate::validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
|
||||
$idna_convert = new \Froxlor\Idna\IdnaWrapper();
|
||||
@@ -1003,12 +1003,12 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
// validation
|
||||
if ($this->isAdmin()) {
|
||||
$idna_convert = new \Froxlor\Idna\IdnaWrapper();
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', '', '', array(), true);
|
||||
$firstname = \Froxlor\Validate\Validate::validate($firstname, 'first name', '', '', array(), true);
|
||||
$company = \Froxlor\Validate\Validate::validate($company, 'company', '', '', array(), true);
|
||||
$street = \Froxlor\Validate\Validate::validate($street, 'street', '', '', array(), true);
|
||||
$name = \Froxlor\Validate\Validate::validate($name, 'name', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$firstname = \Froxlor\Validate\Validate::validate($firstname, 'first name', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$company = \Froxlor\Validate\Validate::validate($company, 'company', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$street = \Froxlor\Validate\Validate::validate($street, 'street', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$zipcode = \Froxlor\Validate\Validate::validate($zipcode, 'zipcode', '/^[0-9 \-A-Z]*$/', '', array(), true);
|
||||
$city = \Froxlor\Validate\Validate::validate($city, 'city', '', '', array(), true);
|
||||
$city = \Froxlor\Validate\Validate::validate($city, 'city', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$phone = \Froxlor\Validate\Validate::validate($phone, 'phone', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
|
||||
$fax = \Froxlor\Validate\Validate::validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
|
||||
$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
|
||||
|
||||
@@ -65,7 +65,7 @@ class EmailForwarders extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
|
||||
$id = $result['id'];
|
||||
|
||||
// current destination array
|
||||
$result['destination_array'] = explode(' ', $result['destination']);
|
||||
$result['destination_array'] = explode(' ', ($result['destination'] ?? ''));
|
||||
|
||||
// prepare destination
|
||||
$destination = trim($destination);
|
||||
|
||||
@@ -378,9 +378,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
$listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']);
|
||||
$namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']);
|
||||
$vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']);
|
||||
$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, $result['specialsettings'])), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, ($result['specialsettings'] ?? ""))), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']);
|
||||
$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain'])), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, ($result['default_vhostconf_domain'] ?? ""))), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
|
||||
|
||||
if ((int) Settings::Get('system.use_ssl') == 1) {
|
||||
@@ -389,9 +389,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
$ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true);
|
||||
$ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true);
|
||||
$ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true);
|
||||
$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, ($result['ssl_specialsettings'] ?? ""))), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);
|
||||
$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, ($result['ssl_default_vhostconf_domain'] ?? ""))), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']);
|
||||
} else {
|
||||
$ssl = 0;
|
||||
|
||||
@@ -99,7 +99,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
}
|
||||
|
||||
// check whether we use that config as froxor-vhost config
|
||||
if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id'] || Settings::Get('phpfpm.vhost_defaultini') == $row['id']) {
|
||||
if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id']) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.vhost_defaultini') == $row['id'])) {
|
||||
$domains[] = Settings::Get('system.hostname');
|
||||
}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ namespace Froxlor\Cron\System;
|
||||
use Froxlor\Database\Database;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\FroxlorLogger;
|
||||
use Froxlor\FileDir;
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
@@ -150,13 +151,17 @@ class BackupCron extends \Froxlor\Cron\FroxlorCron
|
||||
$sql_root = Database::getSqlData();
|
||||
Database::needRoot(false);
|
||||
|
||||
$mysqlcnf_file = tempnam("/tmp", "frx");
|
||||
$mysqlcnf = "[mysqldump]\npassword=".$sql_root['passwd']."\n";
|
||||
file_put_contents($mysqlcnf_file, $mysqlcnf);
|
||||
|
||||
$has_dbs = false;
|
||||
while ($row = $sel_stmt->fetch()) {
|
||||
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mysqldump -u ' . escapeshellarg($sql_root['user']) . ' -pXXXXX ' . $row['databasename'] . ' > ' . \Froxlor\FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'));
|
||||
$bool_false = false;
|
||||
\Froxlor\FileDir::safe_exec('mysqldump -u ' . escapeshellarg($sql_root['user']) . ' -p' . $sql_root['passwd'] . ' ' . $row['databasename'] . ' > ' . \Froxlor\FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'), $bool_false, array(
|
||||
\Froxlor\FileDir::safe_exec('mysqldump --defaults-file=' . escapeshellarg($mysqlcnf_file) .' -u ' . escapeshellarg($sql_root['user']) . ' ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'), $bool_false, [
|
||||
'>'
|
||||
));
|
||||
]);
|
||||
$has_dbs = true;
|
||||
}
|
||||
|
||||
@@ -164,6 +169,8 @@ class BackupCron extends \Froxlor\Cron\FroxlorCron
|
||||
$create_backup_tar_data .= './mysql ';
|
||||
}
|
||||
|
||||
unlink($mysqlcnf_file);
|
||||
|
||||
unset($sql_root);
|
||||
}
|
||||
|
||||
|
||||
@@ -60,6 +60,7 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
|
||||
'name' => $row['name'],
|
||||
'firstname' => $row['firstname'],
|
||||
'company' => $row['company'],
|
||||
'loginname' => $row['loginname'],
|
||||
'customernumber' => $row['customernumber']
|
||||
);
|
||||
$replace_arr = array(
|
||||
@@ -374,6 +375,7 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
|
||||
'name' => $row['name'],
|
||||
'firstname' => $row['firstname'],
|
||||
'company' => $row['company'],
|
||||
'loginname' => $row['loginname'],
|
||||
'customernumber' => $row['customernumber']
|
||||
);
|
||||
$replace_arr = array(
|
||||
|
||||
@@ -190,10 +190,16 @@ class Database
|
||||
*/
|
||||
public static function getSqlUsernameLength()
|
||||
{
|
||||
// MySQL user names can be up to 32 characters long (16 characters before MySQL 5.7.8).
|
||||
$mysql_max = 32;
|
||||
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.8', '<')) {
|
||||
$mysql_max = 16;
|
||||
// MariaDB supports up to 80 characters but only 64 for databases and as we use the loginname also for
|
||||
// database names, we set the limit to 64 here
|
||||
if (strpos(strtolower(Database::getAttribute(\PDO::ATTR_SERVER_VERSION)), "mariadb") !== false) {
|
||||
$mysql_max = 64;
|
||||
} else {
|
||||
// MySQL user names can be up to 32 characters long (16 characters before MySQL 5.7.8).
|
||||
$mysql_max = 32;
|
||||
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.8', '<')) {
|
||||
$mysql_max = 16;
|
||||
}
|
||||
}
|
||||
return $mysql_max;
|
||||
}
|
||||
|
||||
@@ -173,7 +173,10 @@ class DbManager
|
||||
|
||||
if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
|
||||
|
||||
$password = $users[$username]['password'];
|
||||
$password = [
|
||||
'password' => $users[$username]['password'],
|
||||
'plugin' => $users[$username]['plugin']
|
||||
];
|
||||
|
||||
foreach ($mysql_access_host_array as $mysql_access_host) {
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
|
||||
namespace Froxlor\Database\Manager;
|
||||
|
||||
use Froxlor\Database\Database;
|
||||
@@ -68,7 +69,7 @@ class DbManagerMySQL
|
||||
* username and sets the password for that user the given access_host
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $password
|
||||
* @param string|array $password
|
||||
* @param string $access_host
|
||||
* @param bool $p_encrypted
|
||||
* optional, whether the password is encrypted or not, default false
|
||||
@@ -77,7 +78,13 @@ class DbManagerMySQL
|
||||
*/
|
||||
public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false)
|
||||
{
|
||||
if (! $update) {
|
||||
$pwd_plugin = 'mysql_native_password';
|
||||
if (is_array($password) && count($password) == 2) {
|
||||
$pwd_plugin = $password['plugin'];
|
||||
$password = $password['password'];
|
||||
}
|
||||
|
||||
if (!$update) {
|
||||
// create user
|
||||
if ($p_encrypted) {
|
||||
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
|
||||
@@ -86,7 +93,7 @@ class DbManagerMySQL
|
||||
");
|
||||
} else {
|
||||
$stmt = Database::prepare("
|
||||
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password
|
||||
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH " . $pwd_plugin . " AS :password
|
||||
");
|
||||
}
|
||||
} else {
|
||||
@@ -115,7 +122,7 @@ class DbManagerMySQL
|
||||
}
|
||||
} else {
|
||||
if ($p_encrypted) {
|
||||
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password");
|
||||
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH " . $pwd_plugin . " AS :password");
|
||||
} else {
|
||||
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
|
||||
}
|
||||
@@ -136,7 +143,7 @@ class DbManagerMySQL
|
||||
*/
|
||||
public function deleteDatabase($dbname = null)
|
||||
{
|
||||
if (Database::getAttribute(\PDO::ATTR_SERVER_VERSION) < '5.0.2') {
|
||||
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {
|
||||
// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
|
||||
$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `" . $dbname . "`");
|
||||
Database::pexecute($stmt, array(), false);
|
||||
@@ -247,9 +254,10 @@ class DbManagerMySQL
|
||||
$allsqlusers = array();
|
||||
while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
|
||||
if ($user_only == false) {
|
||||
if (! isset($allsqlusers[$row['User']]) || ! is_array($allsqlusers[$row['User']])) {
|
||||
if (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {
|
||||
$allsqlusers[$row['User']] = array(
|
||||
'password' => $row['Password'] ?? $row['authentication_string'],
|
||||
'plugin' => $row['plugin'] ?? 'mysql_native_password',
|
||||
'hosts' => array()
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
|
||||
namespace Froxlor;
|
||||
|
||||
use Froxlor\Database\Database;
|
||||
@@ -96,14 +97,14 @@ class FileDir
|
||||
$subdir = self::makeCorrectDir($subdir);
|
||||
$subdirs = array();
|
||||
|
||||
if ($within_homedir || ! $allow_notwithinhomedir) {
|
||||
if ($within_homedir || !$allow_notwithinhomedir) {
|
||||
$subdirlen = strlen($subdir);
|
||||
$offset = 0;
|
||||
|
||||
while ($offset < $subdirlen) {
|
||||
$offset = strpos($subdir, '/', $offset);
|
||||
$subdirelem = substr($subdir, 0, $offset);
|
||||
$offset ++;
|
||||
$offset++;
|
||||
array_push($subdirs, self::makeCorrectDir($homeDir . $subdirelem));
|
||||
}
|
||||
} else {
|
||||
@@ -113,7 +114,7 @@ class FileDir
|
||||
$subdirs = array_unique($subdirs);
|
||||
sort($subdirs);
|
||||
foreach ($subdirs as $sdir) {
|
||||
if (! is_dir($sdir)) {
|
||||
if (!is_dir($sdir)) {
|
||||
$sdir = self::makeCorrectDir($sdir);
|
||||
self::safe_exec('mkdir -p ' . escapeshellarg($sdir));
|
||||
// place index
|
||||
@@ -247,7 +248,7 @@ class FileDir
|
||||
*/
|
||||
public static function makeCorrectFile($filename)
|
||||
{
|
||||
if (! isset($filename) || trim($filename) == '') {
|
||||
if (!isset($filename) || trim($filename) == '') {
|
||||
$error = 'Given filename for function ' . __FUNCTION__ . ' is empty.' . "\n";
|
||||
$error .= 'This is very dangerous and should not happen.' . "\n";
|
||||
$error .= 'Please inform the Froxlor team about this issue so they can fix it.';
|
||||
@@ -278,7 +279,7 @@ class FileDir
|
||||
{
|
||||
if (is_string($dir) && strlen($dir) > 0) {
|
||||
$dir = trim($dir);
|
||||
if (substr($dir, - 1, 1) != '/') {
|
||||
if (substr($dir, -1, 1) != '/') {
|
||||
$dir .= '/';
|
||||
}
|
||||
if (substr($dir, 0, 1) != '/') {
|
||||
@@ -355,7 +356,7 @@ class FileDir
|
||||
$destination = substr($destination, 1);
|
||||
}
|
||||
|
||||
if (substr($destination, - 1, 1) == ' ') {
|
||||
if (substr($destination, -1, 1) == ' ') {
|
||||
$destination = substr($destination, 0, strlen($destination) - 1);
|
||||
}
|
||||
|
||||
@@ -390,7 +391,7 @@ class FileDir
|
||||
// but dirList holds the paths with starting slash
|
||||
// so we just add one here to get the correct
|
||||
// default path selected, #225
|
||||
if (substr($value, 0, 1) != '/' && ! $dom) {
|
||||
if (substr($value, 0, 1) != '/' && !$dom) {
|
||||
$value = '/' . $value;
|
||||
}
|
||||
|
||||
@@ -408,34 +409,22 @@ class FileDir
|
||||
natcasesort($dirList);
|
||||
|
||||
if (sizeof($dirList) > 0) {
|
||||
if (sizeof($dirList) <= 100) {
|
||||
$_field = '';
|
||||
foreach ($dirList as $dir) {
|
||||
if (strpos($dir, $path) === 0) {
|
||||
$dir = substr($dir, strlen($path));
|
||||
// docroot cut off of current directory == empty -> directory is the docroot
|
||||
if (empty($dir)) {
|
||||
$dir = '/';
|
||||
}
|
||||
$dir = self::makeCorrectDir($dir);
|
||||
$_field = '';
|
||||
foreach ($dirList as $dir) {
|
||||
if (strpos($dir, $path) === 0) {
|
||||
$dir = substr($dir, strlen($path));
|
||||
// docroot cut off of current directory == empty -> directory is the docroot
|
||||
if (empty($dir)) {
|
||||
$dir = '/';
|
||||
}
|
||||
$_field .= \Froxlor\UI\HTML::makeoption($dir, $dir, $value);
|
||||
$dir = self::makeCorrectDir($dir);
|
||||
}
|
||||
$field = array(
|
||||
'type' => 'select',
|
||||
'value' => $_field
|
||||
);
|
||||
} else {
|
||||
// remove starting slash we added
|
||||
// for the Dropdown, #225
|
||||
$value = substr($value, 1);
|
||||
// $field = $lng['panel']['toomanydirs'];
|
||||
$field = array(
|
||||
'type' => 'text',
|
||||
'value' => htmlspecialchars($value),
|
||||
'note' => $lng['panel']['toomanydirs']
|
||||
);
|
||||
$_field .= \Froxlor\UI\HTML::makeoption($dir, $dir, $value);
|
||||
}
|
||||
$field = array(
|
||||
'type' => 'select',
|
||||
'value' => $_field
|
||||
);
|
||||
} else {
|
||||
// $field = $lng['panel']['dirsmissing'];
|
||||
// $field = '<input type="hidden" name="path" value="/" />';
|
||||
@@ -489,22 +478,31 @@ class FileDir
|
||||
$filter = function ($file, $key, $iterator) use ($exclude) {
|
||||
if (in_array($file->getFilename(), $exclude)) {
|
||||
return false;
|
||||
} elseif (substr($file->getFilename(), 0, 1) == '.') {
|
||||
// also hide hidden folders
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
};
|
||||
|
||||
// create RecursiveIteratorIterator
|
||||
$its = new \RecursiveIteratorIterator(new \RecursiveCallbackFilterIterator(new \RecursiveDirectoryIterator($path, \RecursiveDirectoryIterator::SKIP_DOTS), $filter));
|
||||
$its = new \RecursiveIteratorIterator(
|
||||
new \RecursiveCallbackFilterIterator(
|
||||
new \RecursiveDirectoryIterator($path, \RecursiveDirectoryIterator::SKIP_DOTS),
|
||||
$filter
|
||||
),
|
||||
\RecursiveIteratorIterator::SELF_FIRST,
|
||||
\RecursiveIteratorIterator::CATCH_GET_CHILD
|
||||
);
|
||||
// we can limit the recursion-depth, but will it be helpful or
|
||||
// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
|
||||
// let's keep this in mind and see whether it will be useful
|
||||
// @TODO
|
||||
// $its->setMaxDepth(2);
|
||||
$its->setMaxDepth(2);
|
||||
|
||||
// check every file
|
||||
foreach ($its as $fullFileName => $it) {
|
||||
if ($it->isDir() && (fileowner($fullFileName) == $uid || filegroup($fullFileName) == $gid)) {
|
||||
$_fileList[] = self::makeCorrectDir(dirname($fullFileName));
|
||||
$_fileList[] = self::makeCorrectDir($fullFileName);
|
||||
}
|
||||
}
|
||||
$_fileList[] = $path;
|
||||
@@ -525,7 +523,7 @@ class FileDir
|
||||
*/
|
||||
public static function isFreeBSD($exact = false)
|
||||
{
|
||||
if (($exact && PHP_OS == 'FreeBSD') || (! $exact && stristr(PHP_OS, 'BSD'))) {
|
||||
if (($exact && PHP_OS == 'FreeBSD') || (!$exact && stristr(PHP_OS, 'BSD'))) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
@@ -7,7 +7,7 @@ final class Froxlor
|
||||
{
|
||||
|
||||
// Main version variable
|
||||
const VERSION = '0.10.35.1';
|
||||
const VERSION = '0.10.38.3';
|
||||
|
||||
// Database version (YYYYMMDDC where C is a daily counter)
|
||||
const DBVERSION = '202112310';
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
|
||||
namespace Froxlor\Settings;
|
||||
|
||||
use Froxlor\Database\Database;
|
||||
@@ -63,9 +64,9 @@ class Store
|
||||
if (count($ids) > 0) {
|
||||
$defaultips_new = explode(',', $newfieldvalue);
|
||||
|
||||
if (! empty($defaultips_old) && ! empty($newfieldvalue)) {
|
||||
if (!empty($defaultips_old) && !empty($newfieldvalue)) {
|
||||
$in_value = $defaultips_old . ", " . $newfieldvalue;
|
||||
} elseif (! empty($defaultips_old) && empty($newfieldvalue)) {
|
||||
} elseif (!empty($defaultips_old) && empty($newfieldvalue)) {
|
||||
$in_value = $defaultips_old;
|
||||
} else {
|
||||
$in_value = $newfieldvalue;
|
||||
@@ -280,11 +281,11 @@ class Store
|
||||
if ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'mysql_access_host') {
|
||||
$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));
|
||||
|
||||
if (in_array('127.0.0.1', $mysql_access_host_array) && ! in_array('localhost', $mysql_access_host_array)) {
|
||||
if (in_array('127.0.0.1', $mysql_access_host_array) && !in_array('localhost', $mysql_access_host_array)) {
|
||||
$mysql_access_host_array[] = 'localhost';
|
||||
}
|
||||
|
||||
if (! in_array('127.0.0.1', $mysql_access_host_array) && in_array('localhost', $mysql_access_host_array)) {
|
||||
if (!in_array('127.0.0.1', $mysql_access_host_array) && in_array('localhost', $mysql_access_host_array)) {
|
||||
$mysql_access_host_array[] = '127.0.0.1';
|
||||
}
|
||||
|
||||
@@ -306,8 +307,8 @@ class Store
|
||||
|
||||
private static function cleanMySQLAccessHost($value)
|
||||
{
|
||||
if (substr($value, 0, 1) == '[' && substr($value, - 1) == ']') {
|
||||
return substr($value, 1, - 1);
|
||||
if (substr($value, 0, 1) == '[' && substr($value, -1) == ']') {
|
||||
return substr($value, 1, -1);
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
@@ -370,66 +371,85 @@ class Store
|
||||
}
|
||||
|
||||
public static function storeSettingImage($fieldname, $fielddata)
|
||||
{
|
||||
if (isset($fielddata['settinggroup'], $fielddata['varname']) && is_array($fielddata) && $fielddata['settinggroup'] !== '' && $fielddata['varname'] !== '') {
|
||||
$save_to = null;
|
||||
$path = \Froxlor\Froxlor::getInstallDir().'/img/';
|
||||
$path = \Froxlor\FileDir::makeCorrectDir($path);
|
||||
{
|
||||
if (isset($fielddata['settinggroup'], $fielddata['varname']) && is_array($fielddata) && $fielddata['settinggroup'] !== '' && $fielddata['varname'] !== '') {
|
||||
$save_to = null;
|
||||
$path = \Froxlor\Froxlor::getInstallDir() . '/img/';
|
||||
$path = \Froxlor\FileDir::makeCorrectDir($path);
|
||||
|
||||
// New file?
|
||||
if (isset($_FILES[$fieldname]) && $_FILES[$fieldname]['tmp_name']) {
|
||||
// Make sure upload directory exists
|
||||
if (!is_dir($path) && !mkdir($path, 0775)) {
|
||||
throw new \Exception("img directory does not exist and cannot be created");
|
||||
}
|
||||
// New file?
|
||||
if (isset($_FILES[$fieldname]) && $_FILES[$fieldname]['tmp_name']) {
|
||||
// Make sure upload directory exists
|
||||
if (!is_dir($path) && !mkdir($path, 0775)) {
|
||||
throw new \Exception("img directory does not exist and cannot be created");
|
||||
}
|
||||
|
||||
// Make sure we can write to the upload directory
|
||||
if (!is_writable($path)) {
|
||||
if (!chmod($path, 0775)) {
|
||||
throw new \Exception("Cannot write to img directory");
|
||||
}
|
||||
}
|
||||
// Make sure we can write to the upload directory
|
||||
if (!is_writable($path)) {
|
||||
if (!chmod($path, 0775)) {
|
||||
throw new \Exception("Cannot write to img directory");
|
||||
}
|
||||
}
|
||||
|
||||
// Make sure mime-type matches an image
|
||||
if (!in_array(mime_content_type($_FILES[$fieldname]['tmp_name']), ['image/jpeg','image/jpg','image/png','image/gif'])) {
|
||||
throw new \Exception("Uploaded file not a valid image");
|
||||
}
|
||||
// Make sure mime-type matches an image
|
||||
if (function_exists('finfo_open')) {
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
$mimetype = finfo_file($finfo, $_FILES[$fieldname]['tmp_name']);
|
||||
finfo_close($finfo);
|
||||
} else {
|
||||
$mimetype = mime_content_type($_FILES[$fieldname]['tmp_name']);
|
||||
}
|
||||
if (empty($mimetype)) {
|
||||
$mimetype = 'application/octet-stream';
|
||||
}
|
||||
if (!in_array($mimetype, ['image/jpeg', 'image/jpg', 'image/png', 'image/gif'])) {
|
||||
throw new \Exception("Uploaded file is not a valid image");
|
||||
}
|
||||
|
||||
// Determine file extension
|
||||
$spl = explode('.', $_FILES[$fieldname]['name']);
|
||||
$file_extension = strtolower(array_pop($spl));
|
||||
unset($spl);
|
||||
// Determine file extension
|
||||
$spl = explode('.', $_FILES[$fieldname]['name']);
|
||||
$file_extension = strtolower(array_pop($spl));
|
||||
unset($spl);
|
||||
|
||||
// Move file
|
||||
if (!move_uploaded_file($_FILES[$fieldname]['tmp_name'], $path.$fielddata['image_name'].'.'.$file_extension)) {
|
||||
throw new \Exception("Unable to save image to img folder");
|
||||
}
|
||||
if (!in_array($file_extension, [
|
||||
'jpeg',
|
||||
'jpg',
|
||||
'png',
|
||||
'gif'
|
||||
])) {
|
||||
throw new Exception("Invalid file-extension, use one of: jpeg, jpg, png, gif");
|
||||
}
|
||||
|
||||
$save_to = 'img/'.$fielddata['image_name'].'.'.$file_extension.'?v='.time();
|
||||
}
|
||||
// Move file
|
||||
if (!move_uploaded_file($_FILES[$fieldname]['tmp_name'], $path . $fielddata['image_name'] . '.' . $file_extension)) {
|
||||
throw new \Exception("Unable to save image to img folder");
|
||||
}
|
||||
|
||||
// Delete file?
|
||||
if ($fielddata['value'] !== "" && array_key_exists($fieldname.'_delete', $_POST) && $_POST[$fieldname.'_delete']) {
|
||||
@unlink(\Froxlor\Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
|
||||
$save_to = '';
|
||||
}
|
||||
$save_to = 'img/' . $fielddata['image_name'] . '.' . $file_extension . '?v=' . time();
|
||||
}
|
||||
|
||||
// Nothing changed
|
||||
if ($save_to === null) {
|
||||
return array(
|
||||
$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $fielddata['value']
|
||||
);
|
||||
}
|
||||
// Delete file?
|
||||
if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && $_POST[$fieldname . '_delete']) {
|
||||
@unlink(\Froxlor\Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
|
||||
$save_to = '';
|
||||
}
|
||||
|
||||
if (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $save_to) === false) {
|
||||
return false;
|
||||
}
|
||||
// Nothing changed
|
||||
if ($save_to === null) {
|
||||
return array(
|
||||
$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $fielddata['value']
|
||||
);
|
||||
}
|
||||
|
||||
return array(
|
||||
$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $save_to
|
||||
);
|
||||
}
|
||||
if (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $save_to) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
return array(
|
||||
$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $save_to
|
||||
);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3561,7 +3561,7 @@ postmaster_address = postmaster@<SERVERNAME>
|
||||
|
||||
protocol lda {
|
||||
# Space separated list of plugins to load (default is global mail_plugins).
|
||||
#mail_plugins = $mail_plugins
|
||||
mail_plugins = $mail_plugins quota sieve
|
||||
}
|
||||
]]>
|
||||
</content>
|
||||
|
||||
@@ -3557,7 +3557,7 @@ postmaster_address = postmaster@<SERVERNAME>
|
||||
|
||||
protocol lda {
|
||||
# Space separated list of plugins to load (default is global mail_plugins).
|
||||
#mail_plugins = $mail_plugins
|
||||
mail_plugins = $mail_plugins quota sieve
|
||||
}
|
||||
]]>
|
||||
</content>
|
||||
|
||||
@@ -59,7 +59,7 @@ header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
|
||||
// Inline-JS is no longer allowed and used
|
||||
// See: http://people.mozilla.org/~bsterne/content-security-policy/index.html
|
||||
// New stuff see: https://www.owasp.org/index.php/List_of_useful_HTTP_headers and https://www.owasp.org/index.php/Content_Security_Policy
|
||||
$csp_content = "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';";
|
||||
$csp_content = "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';";
|
||||
header("Content-Security-Policy: " . $csp_content);
|
||||
header("X-Content-Security-Policy: " . $csp_content);
|
||||
header("X-WebKit-CSP: " . $csp_content);
|
||||
|
||||
Reference in New Issue
Block a user