From 6e651200ca5c6168aee1f6027e4256a60f64e588 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Thu, 11 Jan 2018 13:04:38 +0100 Subject: [PATCH] Make php.ini flag/value possibilities dynamic (settings) Signed-off-by: Michael Kaufmann (d00p) --- actions/admin/settings/136.phpfpm.php | 34 ++++- install/froxlor.sql | 98 ++++++++++++++- .../updates/froxlor/0.9/update_0.9.inc.php | 104 +++++++++++++++ .../phpinterface/class.phpinterface_fpm.php | 118 ++---------------- lib/version.inc.php | 2 +- lng/english.lng.php | 4 + lng/german.lng.php | 4 + 7 files changed, 255 insertions(+), 109 deletions(-) diff --git a/actions/admin/settings/136.phpfpm.php b/actions/admin/settings/136.phpfpm.php index 13e733ae..a62f0c2f 100644 --- a/actions/admin/settings/136.phpfpm.php +++ b/actions/admin/settings/136.phpfpm.php @@ -86,7 +86,39 @@ return array( 'default' => false, 'visible' => Settings::Get('system.apache24'), 'save_method' => 'storeSettingField' - ) + ), + 'system_phpfpm_ini_flags' => array( + 'label' => $lng['phpfpm']['ini_flags'], + 'settinggroup' => 'phpfpm', + 'varname' => 'ini_flags', + 'type' => 'text', + 'default' => '', + 'save_method' => 'storeSettingField' + ), + 'system_phpfpm_ini_values' => array( + 'label' => $lng['phpfpm']['ini_values'], + 'settinggroup' => 'phpfpm', + 'varname' => 'ini_values', + 'type' => 'text', + 'default' => '', + 'save_method' => 'storeSettingField' + ), + 'system_phpfpm_ini_admin_flags' => array( + 'label' => $lng['phpfpm']['ini_admin_flags'], + 'settinggroup' => 'phpfpm', + 'varname' => 'ini_admin_flags', + 'type' => 'text', + 'default' => '', + 'save_method' => 'storeSettingField' + ), + 'system_phpfpm_ini_admin_values' => array( + 'label' => $lng['phpfpm']['ini_admin_values'], + 'settinggroup' => 'phpfpm', + 'varname' => 'ini_admin_values', + 'type' => 'text', + 'default' => '', + 'save_method' => 'storeSettingField' + ) ), ), ), diff --git a/install/froxlor.sql b/install/froxlor.sql index cbcae082..fd762195 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -423,6 +423,102 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('phpfpm', 'vhost_defaultini', '2'), ('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'), ('phpfpm', 'use_mod_proxy', '0'), + ('phpfpm', 'ini_flags', 'asp_tags +display_errors +display_startup_errors +html_errors +log_errors +magic_quotes_gpc +magic_quotes_runtime +magic_quotes_sybase +mail.add_x_header +session.cookie_secure +session.use_cookies +short_open_tag +track_errors +xmlrpc_errors +suhosin.simulation +suhosin.session.encrypt +suhosin.session.cryptua +suhosin.session.cryptdocroot +suhosin.cookie.encrypt +suhosin.cookie.cryptua +suhosin.cookie.cryptdocroot +suhosin.executor.disable_eval +mbstring.func_overload'), + ('phpfpm', 'ini_values', 'auto_append_file +auto_prepend_file +date.timezone +default_charset +error_reporting +include_path +log_errors_max_len +mail.log +max_execution_time +session.cookie_domain +session.cookie_lifetime +session.cookie_path +session.name +session.serialize_handler +upload_max_filesize +xmlrpc_error_number +session.auto_start +always_populate_raw_post_data +suhosin.session.cryptkey +suhosin.session.cryptraddr +suhosin.session.checkraddr +suhosin.cookie.cryptkey +suhosin.cookie.plainlist +suhosin.cookie.cryptraddr +suhosin.cookie.checkraddr +suhosin.executor.func.blacklist +suhosin.executor.eval.whitelist'), + ('phpfpm', 'ini_admin_flags', 'allow_call_time_pass_reference +allow_url_fopen +allow_url_include +auto_detect_line_endings +cgi.fix_pathinfo +cgi.force_redirect +enable_dl +expose_php +file_uploads +ignore_repeated_errors +ignore_repeated_source +log_errors +register_argc_argv +report_memleaks +opcache.enable +opcache.consistency_checks +opcache.dups_fix +opcache.load_comments +opcache.revalidate_path +opcache.save_comments +opcache.use_cwd +opcache.validate_timestamps +opcache.fast_shutdown'), + ('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env +date.timezone +disable_classes +disable_functions +error_log +gpc_order +max_input_time +max_input_vars +memory_limit +open_basedir +output_buffering +post_max_size +precision +sendmail_path +session.gc_divisor +session.gc_probability +variables_order +opcache.log_verbosity_level +opcache.restrict_api +opcache.revalidate_freq +opcache.max_accelerated_files +opcache.memory_consumption +opcache.interned_strings_buffer'), ('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'), ('system', 'lastaccountnumber', '0'), ('system', 'lastguid', '9999'), @@ -590,7 +686,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'password_special_char', '!?<>§$%+#=@'), ('panel', 'customer_hide_options', ''), ('panel', 'version', '0.9.38.8'), - ('panel', 'db_version', '201801101'); + ('panel', 'db_version', '201801110'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index 9891df2b..e9e1e39e 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -3761,3 +3761,107 @@ if (isDatabaseVersion('201801100')) { updateToDbVersion('201801101'); } + +if (isDatabaseVersion('201801101')) { + + showUpdateStep("Adding dynamic php-fpm php.ini settings"); + Settings::AddNew('phpfpm.ini_flags', 'asp_tags +display_errors +display_startup_errors +html_errors +log_errors +magic_quotes_gpc +magic_quotes_runtime +magic_quotes_sybase +mail.add_x_header +session.cookie_secure +session.use_cookies +short_open_tag +track_errors +xmlrpc_errors +suhosin.simulation +suhosin.session.encrypt +suhosin.session.cryptua +suhosin.session.cryptdocroot +suhosin.cookie.encrypt +suhosin.cookie.cryptua +suhosin.cookie.cryptdocroot +suhosin.executor.disable_eval +mbstring.func_overload'); + Settings::AddNew('phpfpm.ini_values', 'auto_append_file +auto_prepend_file +date.timezone +default_charset +error_reporting +include_path +log_errors_max_len +mail.log +max_execution_time +session.cookie_domain +session.cookie_lifetime +session.cookie_path +session.name +session.serialize_handler +upload_max_filesize +xmlrpc_error_number +session.auto_start +always_populate_raw_post_data +suhosin.session.cryptkey +suhosin.session.cryptraddr +suhosin.session.checkraddr +suhosin.cookie.cryptkey +suhosin.cookie.plainlist +suhosin.cookie.cryptraddr +suhosin.cookie.checkraddr +suhosin.executor.func.blacklist +suhosin.executor.eval.whitelist'); + Settings::AddNew('phpfpm.ini_admin_flags', 'allow_call_time_pass_reference +allow_url_fopen +allow_url_include +auto_detect_line_endings +cgi.fix_pathinfo +cgi.force_redirect +enable_dl +expose_php +file_uploads +ignore_repeated_errors +ignore_repeated_source +log_errors +register_argc_argv +report_memleaks +opcache.enable +opcache.consistency_checks +opcache.dups_fix +opcache.load_comments +opcache.revalidate_path +opcache.save_comments +opcache.use_cwd +opcache.validate_timestamps +opcache.fast_shutdown'); + Settings::AddNew('phpfpm.ini_admin_values', 'cgi.redirect_status_env +date.timezone +disable_classes +disable_functions +error_log +gpc_order +max_input_time +max_input_vars +memory_limit +open_basedir +output_buffering +post_max_size +precision +sendmail_path +session.gc_divisor +session.gc_probability +variables_order +opcache.log_verbosity_level +opcache.restrict_api +opcache.revalidate_freq +opcache.max_accelerated_files +opcache.memory_consumption +opcache.interned_strings_buffer'); + lastStepStatus(0); + + updateToDbVersion('201801110'); +} diff --git a/lib/classes/phpinterface/class.phpinterface_fpm.php b/lib/classes/phpinterface/class.phpinterface_fpm.php index 0509666a..f72a2410 100644 --- a/lib/classes/phpinterface/class.phpinterface_fpm.php +++ b/lib/classes/phpinterface/class.phpinterface_fpm.php @@ -48,112 +48,7 @@ class phpinterface_fpm * * @var array */ - private $_ini = array( - 'php_value' => array( - 'auto_append_file', - 'auto_prepend_file', - 'date.timezone', - 'default_charset', - 'error_reporting', - 'include_path', - 'log_errors_max_len', - 'mail.log', - 'max_execution_time', - 'session.cookie_domain', - 'session.cookie_lifetime', - 'session.cookie_path', - 'session.name', - 'session.serialize_handler', - 'upload_max_filesize', - 'xmlrpc_error_number', - 'session.auto_start', - 'always_populate_raw_post_data', - 'suhosin.session.cryptkey', - 'suhosin.session.cryptraddr', - 'suhosin.session.checkraddr', - 'suhosin.cookie.cryptkey', - 'suhosin.cookie.plainlist', - 'suhosin.cookie.cryptraddr', - 'suhosin.cookie.checkraddr', - 'suhosin.executor.func.blacklist', - 'suhosin.executor.eval.whitelist' - ), - 'php_flag' => array( - 'asp_tags', - 'display_errors', - 'display_startup_errors', - 'html_errors', - 'log_errors', - 'magic_quotes_gpc', - 'magic_quotes_runtime', - 'magic_quotes_sybase', - 'mail.add_x_header', - 'session.cookie_secure', - 'session.use_cookies', - 'short_open_tag', - 'track_errors', - 'xmlrpc_errors', - 'suhosin.simulation', - 'suhosin.session.encrypt', - 'suhosin.session.cryptua', - 'suhosin.session.cryptdocroot', - 'suhosin.cookie.encrypt', - 'suhosin.cookie.cryptua', - 'suhosin.cookie.cryptdocroot', - 'suhosin.executor.disable_eval', - 'mbstring.func_overload' - ), - 'php_admin_value' => array( - 'cgi.redirect_status_env', - 'date.timezone', - 'disable_classes', - 'disable_functions', - 'error_log', - 'gpc_order', - 'max_input_time', - 'max_input_vars', - 'memory_limit', - 'open_basedir', - 'output_buffering', - 'post_max_size', - 'precision', - 'sendmail_path', - 'session.gc_divisor', - 'session.gc_probability', - 'variables_order', - 'opcache.log_verbosity_level', - 'opcache.restrict_api', - 'opcache.revalidate_freq', - 'opcache.max_accelerated_files', - 'opcache.memory_consumption', - 'opcache.interned_strings_buffer' - ), - 'php_admin_flag' => array( - 'allow_call_time_pass_reference', - 'allow_url_fopen', - 'allow_url_include', - 'auto_detect_line_endings', - 'cgi.fix_pathinfo', - 'cgi.force_redirect', - 'enable_dl', - 'expose_php', - 'file_uploads', - 'ignore_repeated_errors', - 'ignore_repeated_source', - 'log_errors', - 'register_argc_argv', - 'report_memleaks', - 'opcache.enable', - 'opcache.consistency_checks', - 'opcache.dups_fix', - 'opcache.load_comments', - 'opcache.revalidate_path', - 'opcache.save_comments', - 'opcache.use_cwd', - 'opcache.validate_timestamps', - 'opcache.fast_shutdown' - ) - ); + private $_ini = array(); /** * main constructor @@ -165,6 +60,17 @@ class phpinterface_fpm } $this->_domain = $domain; $this->_readFpmConfig($domain['fpm_config_id']); + $this->_buildIniMapping(); + } + + private function _buildIniMapping() + { + $this->_ini = array( + 'php_flag' => explode("\n", Settings::Get('phpfpm.ini_flags')), + 'php_value' => explode("\n", Settings::Get('phpfpm.ini_values')), + 'php_admin_flag' => explode("\n", Settings::Get('phpfpm.ini_admin_flags')), + 'php_admin_value' => explode("\n", Settings::Get('phpfpm.ini_admin_values')) + ); } private function _readFpmConfig($fpm_config_id) diff --git a/lib/version.inc.php b/lib/version.inc.php index ac4adb0f..4f1da38b 100644 --- a/lib/version.inc.php +++ b/lib/version.inc.php @@ -19,7 +19,7 @@ $version = '0.9.38.8'; // Database version (YYYYMMDDC where C is a daily counter) -$dbversion = '201801101'; +$dbversion = '201801110'; // Distribution branding-tag (used for Debian etc.) $branding = ''; diff --git a/lng/english.lng.php b/lng/english.lng.php index 6f81978a..831893f2 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -2096,3 +2096,7 @@ $lng['serversettings']['ssl']['ssl_protocols']['title'] = 'Configure the TLS pro $lng['serversettings']['ssl']['ssl_protocols']['description'] = 'This is a list of ssl protocols that you want (or don\'t want) to use when using SSL. Notice: Some older browsers may not support the newest protcol versions.

Default value is:
TLSv1, TLSv1.2
'; $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'] = 'Allowed extensions'; $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'] = 'Limits the extensions of the main script FPM will allow to parse. This can prevent configuration mistakes on the web server side. You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code. Default value: .php'; +$lng['phpfpm']['ini_flags'] = 'Enter possible php_flags for php.ini. One entry per line'; +$lng['phpfpm']['ini_values'] = 'Enter possible php_values for php.ini. One entry per line'; +$lng['phpfpm']['ini_admin_flags'] = 'Enter possible php_admin_flags for php.ini. One entry per line'; +$lng['phpfpm']['ini_admin_values'] = 'Enter possible php_admin_values for php.ini. One entry per line'; diff --git a/lng/german.lng.php b/lng/german.lng.php index f67f55f5..9ccfa6da 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1747,3 +1747,7 @@ $lng['serversettings']['ssl']['ssl_protocols']['title'] = 'SSL Protokollversion $lng['serversettings']['ssl']['ssl_protocols']['description'] = 'Dies ist eine Liste von SSL/TLS Protokollversionen die genutzt werden sollen (oder auch nicht genutzt werden sollen), wenn SSL verwendet wird. Hinweis: Ältere Browser sind möglicherweise nicht vollständig zum neusten Protokoll kompatibel.

Standard-Wert ist:
TLSv1, TLSv1.2
'; $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'] = 'Erlaubte Dateiendungen'; $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'] = 'Beschränkt die Dateierweiterungen des Haupt-Skripts, das FPM zu parsen erlaubt. Dies kann Konfigurationsfehler auf der Webserverseite verhindern. Sie sollten FPM nur auf .php Erweiterungen beschränken, um zu verhindern, dass bösartige Nutzter andere Erweiterungen verwenden, um PHP Code auszuführen. Standardwert: .php'; +$lng['phpfpm']['ini_flags'] = 'Mögliche php_flags für die php.ini. Pro Zeile eine Direktive'; +$lng['phpfpm']['ini_values'] = 'Mögliche php_values für die php.ini. Pro Zeile eine Direktive'; +$lng['phpfpm']['ini_admin_flags'] = 'Mögliche php_admin_flags für die php.ini. Pro Zeile eine Direktive'; +$lng['phpfpm']['ini_admin_values'] = 'Mögliche php_admin_values für die php.ini. Pro Zeile eine Direktive';