maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

- fixed open_basedir issues, fixes #227

Browse Source
This commit is contained in:
Michael Kaufmann (d00p)
2010-05-12 06:52:11 +00:00
parent a5cf1a0ac9
commit 65e0962111
8 changed files with 104 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
admin_domains.php
View File

@@ -451,6 +451,10 @@ if($page == 'domains'
{
standard_error(array('stringisempty', 'mydocumentroot'));
}
elseif(strstr($documentroot, ":") !== FALSE)
{
standard_error('pathmaynotcontaincolon');
}
elseif($customerid == 0)
{
standard_error('adduserfirst');
@@ -744,6 +748,11 @@ if($page == 'domains'
{
$documentroot = $customer['documentroot'];
}
if(strstr($documentroot, ":") !== FALSE)
{
standard_error('pathmaynotcontaincolon');
}
}
else
{

8
customer_domains.php
View File

@@ -251,6 +251,10 @@ elseif($page == 'domains')
{
$path = $userinfo['documentroot'] . '/' . $path;
$path = makeCorrectDir($path);
if (strstr($path, ":") !== FALSE)
{
standard_error('pathmaynotcontaincolon');
}
}
else
{
@@ -412,6 +416,10 @@ elseif($page == 'domains')
{
$path = $userinfo['documentroot'] . '/' . $path;
$path = makeCorrectDir($path);
if (strstr($path, ":") !== FALSE)
{
standard_error('pathmaynotcontaincolon');
}
}
else
{

45
lib/functions/validate/function.appenOpenbasedirPath.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* checks give path for security issues
* and returns a string that can be appended
* to a line for a open_basedir directive
*
* @param string $path the path to check and append
* @param boolean $first if true, no ':' will be prefixed to the path
*
* @return string
*/
function appendOpenBasedirPath($path = '', $first = false)
{
$path = makeCorrectDir($path);
if($path != ''
&& $path != '/'
&& !preg_match("#^/dev#i", $path)
&& !preg_match("#^/proc#i", $path)
&& !preg_match("#^/etc#i", $path)
&& !preg_match("#^/sys#i", $path)
&& !preg_match("#:#", $path)
) {
if($first)
return $path;
return ':' . $path;
}
return '';
}

3
lng/english.lng.php
View File

@@ -1401,4 +1401,7 @@ $lng['serversettings']['customredirect_enabled']['description'] = 'Allow custome
$lng['serversettings']['customredirect_default']['title'] = 'Default redirect';
$lng['serversettings']['customredirect_default']['description'] = 'Set the default redirect-code which should be used if the customer does not set it himself';
// ADDED IN FROXLOR 0.9.7-svn2
$lng['error']['pathmaynotcontaincolon'] = 'The path you have entered should not contain a colon (":"). Please enter a correct path value.';
?>

3
lng/german.lng.php
View File

@@ -1397,4 +1397,7 @@ $lng['serversettings']['customredirect_enabled']['description'] = 'Erlaubt es Ku
$lng['serversettings']['customredirect_default']['title'] = 'Standard Redirect';
$lng['serversettings']['customredirect_default']['description'] = 'Dieser Redirect wird immer genutzt, sofern der Kunde keinen anderen ausw&auml;hlt.';
// ADDED IN FROXLOR 0.9.7-svn2
$lng['error']['pathmaynotcontaincolon'] = 'Der eingegebene Pfad sollte keinen Doppelpunkt (":") enthalten. Bitte geben Sie einen korrekten Wert f&uuml;r den Pfad ein.';
?>

18
scripts/jobs/cron_tasks.inc.http.10.apache.php
View File

@@ -270,23 +270,17 @@ class apache
if($domain['openbasedir'] == '1')
{
if($this->settings['system']['phpappendopenbasedir'] != '')
if($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false)
{
$_phpappendopenbasedir = ':' . $this->settings['system']['phpappendopenbasedir'];
$_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true);
}
else
{
$_phpappendopenbasedir = '';
}
if($domain['openbasedir_path'] == '1')
{
$php_options_text.= ' php_admin_value open_basedir "' . $domain['customerroot'] . $_phpappendopenbasedir . "\"\n";
}
else
{
$php_options_text.= ' php_admin_value open_basedir "' . $domain['documentroot'] . $_phpappendopenbasedir . "\"\n";
$_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true);
}
$_phpappendopenbasedir .= appendOpenBasedirPath($this->settings['system']['phpappendopenbasedir']);
$php_options_text.= ' php_admin_value open_basedir "' . $_phpappendopenbasedir . '"'."\n";
}
if($domain['safemode'] == '0')

21
scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
View File

@@ -166,22 +166,31 @@ class apache_fcgid extends apache
if($domain['openbasedir'] == '1')
{
$openbasedirc = '';
if($domain['openbasedir_path'] == '0')
$_phpappendopenbasedir = appendOpenBasedirPath($this->settings['system']['mod_fcgid_peardir']);
$_phpappendopenbasedir .= appendOpenBasedirPath($this->settings['system']['phpappendopenbasedir']);
if($domain['openbasedir_path'] == '0' && strstr($domain['documentroot'], ":") === false)
{
$openbasedir = $domain['documentroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
$openbasedir = appendOpenBasedirPath($domain['documentroot'], true);
}
else
{
$openbasedir = $domain['customerroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
$openbasedir = appendOpenBasedirPath($domain['customerroot'], true);
}
$openbasedir .= appendOpenBasedirPath($tmpdir);
$openbasedir .= $_phpappendopenbasedir;
$openbasedir = explode(':', $openbasedir);
$clean_openbasedir = array();
foreach($openbasedir as $number => $path)
{
$openbasedir[$number] = makeCorrectDir($path);
if(trim($path) != '/')
{
$clean_openbasedir[] = makeCorrectDir($path);
}
}
$openbasedir = implode(':', $openbasedir);
$openbasedir = implode(':', $clean_openbasedir);
}
else
{

21
scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
View File

@@ -190,22 +190,31 @@ class lighttpd_fcgid extends lighttpd
if($domain['openbasedir'] == '1')
{
$openbasedirc = '';
if($domain['openbasedir_path'] == '0')
$_phpappendopenbasedir = appendOpenBasedirPath($this->settings['system']['mod_fcgid_peardir']);
$_phpappendopenbasedir .= appendOpenBasedirPath($this->settings['system']['phpappendopenbasedir']);
if($domain['openbasedir_path'] == '0' && strstr($domain['documentroot'], ":") === false)
{
$openbasedir = $domain['documentroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
$openbasedir = appendOpenBasedirPath($domain['documentroot'], true);
}
else
{
$openbasedir = $domain['customerroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
$openbasedir = appendOpenBasedirPath($domain['customerroot'], true);
}
$openbasedir .= appendOpenBasedirPath($tmpdir);
$openbasedir .= $_phpappendopenbasedir;
$openbasedir = explode(':', $openbasedir);
$clean_openbasedir = array();
foreach($openbasedir as $number => $path)
{
$openbasedir[$number] = makeCorrectDir($path);
if(trim($path) != '/')
{
$clean_openbasedir[] = makeCorrectDir($path);
}
}
$openbasedir = implode(':', $openbasedir);
$openbasedir = implode(':', $clean_openbasedir);
}
else
{