do not double validate openbasedir-values, as appendOpenbasedirPath() already takes care of that; also fix /dev/urandom as openbasedir-path-value to be treated as file correctly, fixes #1669

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

lib/classes/phpinterface/class.phpinterface_fcgid.php

@@ -135,15 +135,6 @@ class phpinterface_fcgid {
 			$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 			$openbasedir .= $_phpappendopenbasedir;
 
-			$openbasedir = explode(':', $openbasedir);
-			$clean_openbasedir = array();
-			foreach ($openbasedir as $number => $path) {
-				if (trim($path) != '/') {
-					$clean_openbasedir[] = makeCorrectDir($path);
-				}
-			}
-			$openbasedir = implode(':', $clean_openbasedir);
-
 		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';

lib/classes/phpinterface/class.phpinterface_fpm.php

@@ -267,15 +267,6 @@ class phpinterface_fpm {
 
 					$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 					$openbasedir .= $_phpappendopenbasedir;
-
-					$openbasedir = explode(':', $openbasedir);
-					$clean_openbasedir = array();
-					foreach ($openbasedir as $number => $path) {
-						if (trim($path) != '/') {
-							$clean_openbasedir[] = makeCorrectDir($path);
-						}
-					}
-					$openbasedir = implode(':', $clean_openbasedir);
 				}
 			}
 			$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";

lib/functions/validate/function.appendOpenbasedirPath.php

@@ -21,40 +21,43 @@
  * to a line for a open_basedir directive
  *
  * @param string $path
- *            the path to check and append
+ *        	the path to check and append
  * @param boolean $first
- *            if true, no ':' will be prefixed to the path
+ *        	if true, no ':' will be prefixed to the path
  *
  * @return string
  */
 function appendOpenBasedirPath($path = '', $first = false)
 {
-    if ($path != '' && $path != '/'
+	if ($path != '' && $path != '/' &&
-        && (! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
+		(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
-        && ! preg_match("#^/proc#i", $path)
+		&& ! preg_match("#^/proc#i", $path)
-        && ! preg_match("#^/etc#i", $path)
+		&& ! preg_match("#^/etc#i", $path)
-        && ! preg_match("#^/sys#i", $path)
+		&& ! preg_match("#^/sys#i", $path)
-        && ! preg_match("#:#", $path)
+		&& ! preg_match("#:#", $path)) {
-    ) {
 
-        $path = makeCorrectDir($path);
+		if (preg_match("#^/dev/urandom#i", $path)) {
+			$path = makeCorrectFile($path);
+		} else {
+			$path = makeCorrectDir($path);
+		}
 
-        // check for php-version that requires the trailing
+		// check for php-version that requires the trailing
-        // slash to be removed as it does not allow the usage
+		// slash to be removed as it does not allow the usage
-        // of the subfolders within the given folder, fixes #797
+		// of the subfolders within the given folder, fixes #797
-        if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
+		if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
-            // check trailing slash
+			// check trailing slash
-            if (substr($path, - 1, 1) == '/') {
+			if (substr($path, - 1, 1) == '/') {
-                // remove it
+				// remove it
-                $path = substr($path, 0, - 1);
+				$path = substr($path, 0, - 1);
-            }
+			}
-        }
+		}
 
-        if ($first) {
+		if ($first) {
-            return $path;
+			return $path;
-        }
+		}
 
-        return ':' . $path;
+		return ':' . $path;
-    }
+	}
-    return '';
+	return '';
 }