maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

svn:eol-style got murdered on some files for whatever reason so it gets resurrected now, also set some svn:keywords

Browse Source
This commit is contained in:
Robert Foerster (Dessa)
2010-01-27 08:54:31 +00:00
parent 30f2de8f9e
commit 883963d2e2
190 changed files with 34136 additions and 34136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
lib/functions/filedir/function.findDirs.php
View File

@@ -1,88 +1,88 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Returns an array of found directories
*
* This function checks every found directory if they match either $uid or $gid, if they do
* the found directory is valid. It uses recursive function calls to find subdirectories. Due
* to the recursive behauviour this function may consume much memory.
*
* @param string path The path to start searching in
* @param integer uid The uid which must match the found directories
* @param integer gid The gid which must match the found direcotries
* @param array _fileList recursive transport array !for internal use only!
* @return array Array of found valid pathes
*
* @author Martin Burchert <martin.burchert@syscp.de>
* @author Manuel Bernhardt <manuel.bernhardt@syscp.de>
*/
function findDirs($path, $uid, $gid)
{
$list = array(
$path
);
$_fileList = array();
while(sizeof($list) > 0)
{
$path = array_pop($list);
$path = makeCorrectDir($path);
if(!is_readable($path))
{
return $_fileList;
}
$dh = opendir($path);
if($dh === false)
{
/*
* this should never be called because we checked
* 'is_readable' before...but we never know what might happen
*/
standard_error('cannotreaddir', $path);
return null;
}
else
{
while(false !== ($file = @readdir($dh)))
{
if($file == '.'
&& (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid))
{
$_fileList[] = makeCorrectDir($path);
}
if(is_dir($path . '/' . $file)
&& $file != '..'
&& $file != '.')
{
array_push($list, $path . '/' . $file);
}
}
@closedir($dh);
}
}
return $_fileList;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Returns an array of found directories
*
* This function checks every found directory if they match either $uid or $gid, if they do
* the found directory is valid. It uses recursive function calls to find subdirectories. Due
* to the recursive behauviour this function may consume much memory.
*
* @param string path The path to start searching in
* @param integer uid The uid which must match the found directories
* @param integer gid The gid which must match the found direcotries
* @param array _fileList recursive transport array !for internal use only!
* @return array Array of found valid pathes
*
* @author Martin Burchert <martin.burchert@syscp.de>
* @author Manuel Bernhardt <manuel.bernhardt@syscp.de>
*/
function findDirs($path, $uid, $gid)
{
$list = array(
$path
);
$_fileList = array();
while(sizeof($list) > 0)
{
$path = array_pop($list);
$path = makeCorrectDir($path);
if(!is_readable($path))
{
return $_fileList;
}
$dh = opendir($path);
if($dh === false)
{
/*
* this should never be called because we checked
* 'is_readable' before...but we never know what might happen
*/
standard_error('cannotreaddir', $path);
return null;
}
else
{
while(false !== ($file = @readdir($dh)))
{
if($file == '.'
&& (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid))
{
$_fileList[] = makeCorrectDir($path);
}
if(is_dir($path . '/' . $file)
&& $file != '..'
&& $file != '.')
{
array_push($list, $path . '/' . $file);
}
}
@closedir($dh);
}
}
return $_fileList;
}

112
lib/functions/filedir/function.isConfigDir.php
View File

@@ -1,56 +1,56 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Checks if a given directory is valid for multiple configurations
* or should rather be used as a single file
*
* @param string The dir
* @return bool true if usable as dir, false otherwise
*
* @author Florian Lippert <flo@syscp.org>
*/
function isConfigDir($dir)
{
if(file_exists($dir))
{
if(is_dir($dir))
{
$returnval = true;
}
else
{
$returnval = false;
}
}
else
{
if(substr($dir, -1) == '/')
{
$returnval = true;
}
else
{
$returnval = false;
}
}
return $returnval;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Checks if a given directory is valid for multiple configurations
* or should rather be used as a single file
*
* @param string The dir
* @return bool true if usable as dir, false otherwise
*
* @author Florian Lippert <flo@syscp.org>
*/
function isConfigDir($dir)
{
if(file_exists($dir))
{
if(is_dir($dir))
{
$returnval = true;
}
else
{
$returnval = false;
}
}
else
{
if(substr($dir, -1) == '/')
{
$returnval = true;
}
else
{
$returnval = false;
}
}
return $returnval;
}

84
lib/functions/filedir/function.makeCorrectDir.php
View File

@@ -1,42 +1,42 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function which returns a correct dirname, means to add slashes at the beginning and at the end if there weren't some
*
* @param string The dirname
* @return string The corrected dirname
* @author Florian Lippert <flo@syscp.org>
*/
function makeCorrectDir($dir)
{
if(substr($dir, -1, 1) != '/')
{
$dir.= '/';
}
if(substr($dir, 0, 1) != '/')
{
$dir = '/' . $dir;
}
$dir = makeSecurePath($dir);
return $dir;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function which returns a correct dirname, means to add slashes at the beginning and at the end if there weren't some
*
* @param string The dirname
* @return string The corrected dirname
* @author Florian Lippert <flo@syscp.org>
*/
function makeCorrectDir($dir)
{
if(substr($dir, -1, 1) != '/')
{
$dir.= '/';
}
if(substr($dir, 0, 1) != '/')
{
$dir = '/' . $dir;
}
$dir = makeSecurePath($dir);
return $dir;
}

78
lib/functions/filedir/function.makeCorrectFile.php
View File

@@ -1,39 +1,39 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function which returns a correct filename, means to add a slash at the beginning if there wasn't one
*
* @param string filename the filename
* @return string the corrected filename
* @author Florian Lippert <flo@syscp.org>
* @author Michael Russ <mr@edvruss.com>
* @author Martin Burchert <eremit@adm1n.de>
*/
function makeCorrectFile($filename)
{
if(substr($filename, 0, 1) != '/')
{
$filename = '/' . $filename;
}
$filename = makeSecurePath($filename);
return $filename;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function which returns a correct filename, means to add a slash at the beginning if there wasn't one
*
* @param string filename the filename
* @return string the corrected filename
* @author Florian Lippert <flo@syscp.org>
* @author Michael Russ <mr@edvruss.com>
* @author Martin Burchert <eremit@adm1n.de>
*/
function makeCorrectFile($filename)
{
if(substr($filename, 0, 1) != '/')
{
$filename = '/' . $filename;
}
$filename = makeSecurePath($filename);
return $filename;
}

158
lib/functions/filedir/function.makePathfield.php
View File

@@ -1,79 +1,79 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Returns a valid html tag for the choosen $fieldType for pathes
*
* @param string path The path to start searching in
* @param integer uid The uid which must match the found directories
* @param integer gid The gid which must match the found direcotries
* @param string fieldType Either "Manual" or "Dropdown"
* @return string The html tag for the choosen $fieldType
*
* @author Martin Burchert <martin.burchert@syscp.de>
* @author Manuel Bernhardt <manuel.bernhardt@syscp.de>
*/
function makePathfield($path, $uid, $gid, $fieldType, $value = '')
{
global $lng;
$value = str_replace($path, '', $value);
$field = '';
if($fieldType == 'Manual')
{
$field = '<input type="text" name="path" value="' . htmlspecialchars($value) . '" size="30" />';
}
elseif($fieldType == 'Dropdown')
{
$dirList = findDirs($path, $uid, $gid);
natcasesort($dirList);
if(sizeof($dirList) > 0)
{
if(sizeof(dirList) <= 100)
{
$field = '<select name="path">';
foreach($dirList as $key => $dir)
{
if(strpos($dir, $path) === 0)
{
$dir = makeCorrectDir(substr($dir, strlen($path)));
}
$field.= makeoption($dir, $dir, $value);
}
$field.= '</select>';
}
else
{
$field = $lng['panel']['toomanydirs'];
$field.= '<input type="text" name="path" value="' . htmlspecialchars($value) . '" size="30" />';
}
}
else
{
$field = $lng['panel']['dirsmissing'];
$field.= '<input type="hidden" name="path" value="/" />';
}
}
return $field;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Returns a valid html tag for the choosen $fieldType for pathes
*
* @param string path The path to start searching in
* @param integer uid The uid which must match the found directories
* @param integer gid The gid which must match the found direcotries
* @param string fieldType Either "Manual" or "Dropdown"
* @return string The html tag for the choosen $fieldType
*
* @author Martin Burchert <martin.burchert@syscp.de>
* @author Manuel Bernhardt <manuel.bernhardt@syscp.de>
*/
function makePathfield($path, $uid, $gid, $fieldType, $value = '')
{
global $lng;
$value = str_replace($path, '', $value);
$field = '';
if($fieldType == 'Manual')
{
$field = '<input type="text" name="path" value="' . htmlspecialchars($value) . '" size="30" />';
}
elseif($fieldType == 'Dropdown')
{
$dirList = findDirs($path, $uid, $gid);
natcasesort($dirList);
if(sizeof($dirList) > 0)
{
if(sizeof(dirList) <= 100)
{
$field = '<select name="path">';
foreach($dirList as $key => $dir)
{
if(strpos($dir, $path) === 0)
{
$dir = makeCorrectDir(substr($dir, strlen($path)));
}
$field.= makeoption($dir, $dir, $value);
}
$field.= '</select>';
}
else
{
$field = $lng['panel']['toomanydirs'];
$field.= '<input type="text" name="path" value="' . htmlspecialchars($value) . '" size="30" />';
}
}
else
{
$field = $lng['panel']['dirsmissing'];
$field.= '<input type="hidden" name="path" value="/" />';
}
}
return $field;
}

84
lib/functions/filedir/function.makeSecurePath.php
View File

@@ -1,42 +1,42 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function which returns a secure path, means to remove all multiple dots and slashes
*
* @param string The path
* @return string The corrected path
* @author Florian Lippert <flo@syscp.org>
*/
function makeSecurePath($path)
{
$search = Array(
'#/+#',
'#\.+#',
'#\0+#'
);
$replace = Array(
'/',
'.',
''
);
$path = preg_replace($search, $replace, $path);
return $path;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function which returns a secure path, means to remove all multiple dots and slashes
*
* @param string The path
* @return string The corrected path
* @author Florian Lippert <flo@syscp.org>
*/
function makeSecurePath($path)
{
$search = Array(
'#/+#',
'#\.+#',
'#\0+#'
);
$replace = Array(
'/',
'.',
''
);
$path = preg_replace($search, $replace, $path);
return $path;
}

172
lib/functions/filedir/function.mkDirWithCorrectOwnership.php
View File

@@ -1,86 +1,86 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Creates a directory below a users homedir and sets all directories,
* which had to be created below with correct Owner/Group
* (Copied from cron_tasks.php:rev1189 as we'll need this more often in future)
*
* @param string The homedir of the user
* @param string The dir which should be created
* @param int The uid of the user
* @param int The gid of the user
* @return bool true if everything went okay, false if something went wrong
*
* @author Florian Lippert <flo@syscp.org>
* @author Martin Burchert <martin.burchert@syscp.org>
*/
function mkDirWithCorrectOwnership($homeDir, $dirToCreate, $uid, $gid)
{
$returncode = true;
if($homeDir != ''
&& $dirToCreate != '')
{
$homeDir = makeCorrectDir($homeDir);
$dirToCreate = makeCorrectDir($dirToCreate);
if(substr($dirToCreate, 0, strlen($homeDir)) == $homeDir)
{
$subdir = substr($dirToCreate, strlen($homeDir));
}
else
{
$subdir = $dirToCreate;
}
$subdir = makeCorrectDir($subdir);
$subdirlen = strlen($subdir);
$subdirs = array();
array_push($subdirs, $dirToCreate);
$offset = 0;
while($offset < $subdirlen)
{
$offset = strpos($subdir, '/', $offset);
$subdirelem = substr($subdir, 0, $offset);
$offset++;
array_push($subdirs, makeCorrectDir($homeDir . $subdirelem));
}
$subdirs = array_unique($subdirs);
sort($subdirs);
foreach($subdirs as $sdir)
{
if(!is_dir($sdir))
{
$sdir = makeCorrectDir($sdir);
safe_exec('mkdir -p ' . escapeshellarg($sdir));
safe_exec('chown -R ' . (int)$uid . ':' . (int)$gid . ' ' . escapeshellarg($sdir));
}
}
}
else
{
$returncode = false;
}
return $returncode;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Creates a directory below a users homedir and sets all directories,
* which had to be created below with correct Owner/Group
* (Copied from cron_tasks.php:rev1189 as we'll need this more often in future)
*
* @param string The homedir of the user
* @param string The dir which should be created
* @param int The uid of the user
* @param int The gid of the user
* @return bool true if everything went okay, false if something went wrong
*
* @author Florian Lippert <flo@syscp.org>
* @author Martin Burchert <martin.burchert@syscp.org>
*/
function mkDirWithCorrectOwnership($homeDir, $dirToCreate, $uid, $gid)
{
$returncode = true;
if($homeDir != ''
&& $dirToCreate != '')
{
$homeDir = makeCorrectDir($homeDir);
$dirToCreate = makeCorrectDir($dirToCreate);
if(substr($dirToCreate, 0, strlen($homeDir)) == $homeDir)
{
$subdir = substr($dirToCreate, strlen($homeDir));
}
else
{
$subdir = $dirToCreate;
}
$subdir = makeCorrectDir($subdir);
$subdirlen = strlen($subdir);
$subdirs = array();
array_push($subdirs, $dirToCreate);
$offset = 0;
while($offset < $subdirlen)
{
$offset = strpos($subdir, '/', $offset);
$subdirelem = substr($subdir, 0, $offset);
$offset++;
array_push($subdirs, makeCorrectDir($homeDir . $subdirelem));
}
$subdirs = array_unique($subdirs);
sort($subdirs);
foreach($subdirs as $sdir)
{
if(!is_dir($sdir))
{
$sdir = makeCorrectDir($sdir);
safe_exec('mkdir -p ' . escapeshellarg($sdir));
safe_exec('chown -R ' . (int)$uid . ':' . (int)$gid . ' ' . escapeshellarg($sdir));
}
}
}
else
{
$returncode = false;
}
return $returncode;
}

234
lib/functions/filedir/function.safe_exec.php
View File

@@ -1,117 +1,117 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Wrapper around the exec command.
*
* @author Martin Burchert <eremit@adm1n.de>
* @version 1.2
* @param string exec_string String to be executed
* @return string The result of the exec()
*
* History:
* 1.0 : Initial Version
* 1.1 : Added |,&,>,<,`,*,$,~,? as security breaks.
* 1.2 : Removed * as security break
*/
function safe_exec($exec_string, &$return_value = false)
{
global $settings;
//
// define allowed system commands
//
$allowed_commands = array(
'touch',
'chown',
'mkdir',
'webalizer',
'cp',
'du',
'chmod',
'chattr',
$settings['system']['apachereload_command'],
$settings['system']['bindreload_command'],
$settings['dkim']['dkimrestart_command'],
$settings['system']['awstats_updateall_command'],
'openssl',
'unzip',
'php',
'rm'
);
//
// check for ; in execute command
//
if((stristr($exec_string, ';'))
or (stristr($exec_string, '|'))
or (stristr($exec_string, '&'))
or (stristr($exec_string, '>'))
or (stristr($exec_string, '<'))
or (stristr($exec_string, '`'))
or (stristr($exec_string, '$'))
or (stristr($exec_string, '~'))
or (stristr($exec_string, '?')))
{
die('SECURITY CHECK FAILED!' . "\n" . 'The execute string "' . htmlspecialchars($exec_string) . '" is a possible security risk!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
}
//
// check if command is allowed here
//
$ok = false;
foreach($allowed_commands as $allowed_command)
{
if(strpos($exec_string, $allowed_command) == 0
&& (strlen($exec_string) === ($allowed_command_pos = strlen($allowed_command)) || substr($exec_string, $allowed_command_pos, 1) === ' '))
{
$ok = true;
}
}
if(!$ok)
{
die('SECURITY CHECK FAILED!' . "\n" . 'Your command "' . htmlspecialchars($exec_string) . '" is not allowed!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
}
//
// execute the command and return output
//
// --- martin @ 08.08.2005 -------------------------------------------------------
// fixing usage of uninitialised variable
$return = '';
// -------------------------------------------------------------------------------
if($return_value == false)
{
exec($exec_string, $return);
}
else
{
exec($exec_string, $return, $return_value);
}
return $return;
}
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Wrapper around the exec command.
*
* @author Martin Burchert <eremit@adm1n.de>
* @version 1.2
* @param string exec_string String to be executed
* @return string The result of the exec()
*
* History:
* 1.0 : Initial Version
* 1.1 : Added |,&,>,<,`,*,$,~,? as security breaks.
* 1.2 : Removed * as security break
*/
function safe_exec($exec_string, &$return_value = false)
{
global $settings;
//
// define allowed system commands
//
$allowed_commands = array(
'touch',
'chown',
'mkdir',
'webalizer',
'cp',
'du',
'chmod',
'chattr',
$settings['system']['apachereload_command'],
$settings['system']['bindreload_command'],
$settings['dkim']['dkimrestart_command'],
$settings['system']['awstats_updateall_command'],
'openssl',
'unzip',
'php',
'rm'
);
//
// check for ; in execute command
//
if((stristr($exec_string, ';'))
or (stristr($exec_string, '|'))
or (stristr($exec_string, '&'))
or (stristr($exec_string, '>'))
or (stristr($exec_string, '<'))
or (stristr($exec_string, '`'))
or (stristr($exec_string, '$'))
or (stristr($exec_string, '~'))
or (stristr($exec_string, '?')))
{
die('SECURITY CHECK FAILED!' . "\n" . 'The execute string "' . htmlspecialchars($exec_string) . '" is a possible security risk!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
}
//
// check if command is allowed here
//
$ok = false;
foreach($allowed_commands as $allowed_command)
{
if(strpos($exec_string, $allowed_command) == 0
&& (strlen($exec_string) === ($allowed_command_pos = strlen($allowed_command)) || substr($exec_string, $allowed_command_pos, 1) === ' '))
{
$ok = true;
}
}
if(!$ok)
{
die('SECURITY CHECK FAILED!' . "\n" . 'Your command "' . htmlspecialchars($exec_string) . '" is not allowed!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
}
//
// execute the command and return output
//
// --- martin @ 08.08.2005 -------------------------------------------------------
// fixing usage of uninitialised variable
$return = '';
// -------------------------------------------------------------------------------
if($return_value == false)
{
exec($exec_string, $return);
}
else
{
exec($exec_string, $return, $return_value);
}
return $return;
}