maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

wrap ip-validating in Domains-ApiCommand to reduce duplicate code

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-03-05 08:12:08 +01:00
parent a869bc58cd
commit ae4a7ff943
2 changed files with 116 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/classes/api/abstract.ApiCommand.php
View File

@@ -156,7 +156,7 @@ abstract class ApiCommand
// ensure that we can display messages // ensure that we can display messages
$language = Settings::Get('panel.standardlanguage'); $language = Settings::Get('panel.standardlanguage');
if (isset($this->user_data['language']) && isset($languages[$this->user_data['language']])) { if (isset($this->user_data['language']) && isset($langs[$this->user_data['language']])) {
// default: use language from session, #277 // default: use language from session, #277
$language = $this->user_data['language']; $language = $this->user_data['language'];
} elseif (isset($this->user_data['def_language'])) { } elseif (isset($this->user_data['def_language'])) {

274
lib/classes/api/commands/class.Domains.php
View File

@@ -155,7 +155,6 @@ class Domains extends ApiCommand implements ResourceEntity
$ocsp_stapling = $this->getParam('ocsp_stapling', true, 0); $ocsp_stapling = $this->getParam('ocsp_stapling', true, 0);
// validation // validation
if ($p_domain == Settings::Get('system.hostname')) { if ($p_domain == Settings::Get('system.hostname')) {
standard_error('admin_domain_emailsystemhostname', '', true); standard_error('admin_domain_emailsystemhostname', '', true);
} }
@@ -304,104 +303,14 @@ class Domains extends ApiCommand implements ResourceEntity
$mod_fcgid_maxrequests = '-1'; $mod_fcgid_maxrequests = '-1';
} }
if ($this->getUserDetail('ip') != "-1") { // check non-ssl IP
$admin_ip_stmt = Database::prepare(" $ipandports = $this->validateIpAddresses($p_ipandports);
SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` // check ssl IP
WHERE `id` = :id ORDER BY `ip`, `port` ASC");
$admin_ip = Database::pexecute_first($admin_ip_stmt, array(
'id' => $this->getUserDetail('ip')
), true, true);
$additional_ip_condition = " AND `ip` = :adminip ";
$aip_param = array(
'adminip' => $admin_ip['ip']
);
} else {
$additional_ip_condition = '';
$aip_param = array();
}
if (empty($p_ipandports)) {
throw new Exception("No IPs given, unable to add domain (no default IPs set?)", 406);
}
$ipandports = array();
if (! empty($p_ipandports) && is_numeric($p_ipandports)) {
$p_ipandports = array($p_ipandports);
}
if (! empty($p_ipandports) && ! is_array($p_ipandports)) {
$p_ipandports = unserialize($p_ipandports);
}
if (! empty($p_ipandports) && is_array($p_ipandports)) {
foreach ($p_ipandports as $ipandport) {
$ipandport = intval($ipandport);
$ipandport_check_stmt = Database::prepare("
SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
WHERE `id` = :id " . $additional_ip_condition);
$ip_params = null;
$ip_params = array_merge(array(
'id' => $ipandport
), $aip_param);
$ipandport_check = Database::pexecute_first($ipandport_check_stmt, $ip_params, true, true);
if (! isset($ipandport_check['id']) || $ipandport_check['id'] == '0' || $ipandport_check['id'] != $ipandport) {
standard_error('ipportdoesntexist', '', true);
} else {
$ipandports[] = $ipandport;
}
}
}
if (Settings::Get('system.use_ssl') == "1" && ! empty($p_ssl_ipandports)) {
$ssl_ipandports = array(); $ssl_ipandports = array();
if (! empty($p_ssl_ipandports) && ! is_array($p_ssl_ipandports)) { if (Settings::Get('system.use_ssl') == "1" && ! empty($p_ssl_ipandports)) {
$p_ssl_ipandports = unserialize($p_ssl_ipandports); $ssl_ipandports = $this->validateIpAddresses($p_ssl_ipandports, true);
} }
if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
// Verify SSL-Ports
if (! empty($p_ssl_ipandports) && is_array($p_ssl_ipandports)) {
foreach ($p_ssl_ipandports as $ssl_ipandport) {
if (trim($ssl_ipandport) == "") {
continue;
}
// fix if no ssl-ip/port is checked
if (trim($ssl_ipandport) < 1) {
continue;
}
$ssl_ipandport = intval($ssl_ipandport);
$ssl_ipandport_check_stmt = Database::prepare("
SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
WHERE `id` = :id " . $additional_ip_condition);
$ip_params = null;
$ip_params = array_merge(array(
'id' => $ssl_ipandport
), $aip_param);
$ssl_ipandport_check = Database::pexecute_first($ssl_ipandport_check_stmt, $ip_params, true, true);
if (! isset($ssl_ipandport_check['id']) || $ssl_ipandport_check['id'] == '0' || $ssl_ipandport_check['id'] != $ssl_ipandport) {
standard_error('ipportdoesntexist', '', true);
} else {
$ssl_ipandports[] = $ssl_ipandport;
}
}
} else {
$ssl_redirect = 0;
$letsencrypt = 0;
$http2 = 0;
// we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
// OCSP stapling
$ocsp_stapling = 0;
}
} else {
$ssl_redirect = 0; $ssl_redirect = 0;
$letsencrypt = 0; $letsencrypt = 0;
$http2 = 0; $http2 = 0;
@@ -966,7 +875,7 @@ class Domains extends ApiCommand implements ResourceEntity
// when moving customer and no path is specified, update would normally reuse the current document-root // when moving customer and no path is specified, update would normally reuse the current document-root
// which would point to the wrong customer, therefore we will re-create that directory // which would point to the wrong customer, therefore we will re-create that directory
if (!empty($documentroot) && $customerid > 0 && $customerid != $result['customerid'] && Settings::Get('panel.allow_domain_change_customer') == '1') { if (! empty($documentroot) && $customerid > 0 && $customerid != $result['customerid'] && Settings::Get('panel.allow_domain_change_customer') == '1') {
if (Settings::Get('system.documentroot_use_default_value') == 1) { if (Settings::Get('system.documentroot_use_default_value') == 1) {
$_documentroot = makeCorrectDir($customer['documentroot'] . '/' . $result['domain']); $_documentroot = makeCorrectDir($customer['documentroot'] . '/' . $result['domain']);
} else { } else {
@@ -1041,89 +950,14 @@ class Domains extends ApiCommand implements ResourceEntity
$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests']; $mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
} }
$ipandports = array(); // check non-ssl IP
if (! empty($p_ipandports) && is_numeric($p_ipandports)) { $ipandports = $this->validateIpAddresses($p_ipandports, false, $result['id']);
$p_ipandports = array($p_ipandports); // check ssl IP
}
if (! empty($p_ipandports) && ! is_array($p_ipandports)) {
$p_ipandports = unserialize($p_ipandports);
}
if (! empty($p_ipandports) && is_array($p_ipandports)) {
$ipandport_check_stmt = Database::prepare("
SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :ipandport
");
foreach ($p_ipandports as $ipandport) {
if (trim($ipandport) == "") {
continue;
}
$ipandport = intval($ipandport);
$ipandport_check = Database::pexecute_first($ipandport_check_stmt, array(
'ipandport' => $ipandport
), true, true);
if (! isset($ipandport_check['id']) || $ipandport_check['id'] == '0' || $ipandport_check['id'] != $ipandport) {
standard_error('ipportdoesntexist', '', true);
} else {
$ipandports[] = $ipandport;
}
}
} else {
// set currently used ip's
$ipsresult_stmt = Database::prepare("
SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id
");
Database::pexecute($ipsresult_stmt, array(
'id' => $result['id']
));
while ($ipsresultrow = $ipsresult_stmt->fetch(PDO::FETCH_ASSOC)) {
$ipandports[] = $ipsresultrow['id_ipandports'];
}
}
if (Settings::Get('system.use_ssl') == '1' && ! empty($p_ssl_ipandports)) {
$ssl_ipandports = array(); $ssl_ipandports = array();
if (! empty($p_ssl_ipandports) && ! is_array($p_ssl_ipandports)) { if (Settings::Get('system.use_ssl') == "1" && ! empty($p_ssl_ipandports)) {
$p_ssl_ipandports = unserialize($p_ssl_ipandports); $ssl_ipandports = $this->validateIpAddresses($p_ssl_ipandports, true, $result['id']);
} }
if (! empty($p_ssl_ipandports) && is_array($p_ssl_ipandports)) { if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
$ssl_ipandport_check_stmt = Database::prepare("
SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :ipandport
");
foreach ($p_ssl_ipandports as $ssl_ipandport) {
if (trim($ssl_ipandport) == "") {
continue;
}
// fix if ip/port got de-checked and it was the last one
if (trim($ssl_ipandport) < 1) {
continue;
}
$ssl_ipandport = intval($ssl_ipandport);
$ssl_ipandport_check = Database::pexecute_first($ssl_ipandport_check_stmt, array(
'ipandport' => $ssl_ipandport
), true, true);
if (! isset($ssl_ipandport_check['id']) || $ssl_ipandport_check['id'] == '0' || $ssl_ipandport_check['id'] != $ssl_ipandport) {
standard_error('ipportdoesntexist', '', true);
} else {
$ssl_ipandports[] = $ssl_ipandport;
}
}
} else {
$ssl_redirect = 0;
$letsencrypt = 0;
$http2 = 0;
// we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
// OCSP stapling
$ocsp_stapling = 0;
}
} else {
$ssl_redirect = 0; $ssl_redirect = 0;
$letsencrypt = 0; $letsencrypt = 0;
$http2 = 0; $http2 = 0;
@@ -1788,4 +1622,86 @@ class Domains extends ApiCommand implements ResourceEntity
} }
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);
} }
/**
* validate given ips
*
* @param int|string|array $p_ipsandports
* @param boolean $edit
* default false
* @param boolean $ssl
* default false
*
* @throws Exception
* @return array
*/
private function validateIpAddresses($p_ipandports = null, $ssl = false, $edit_id = 0)
{
// when adding a new domain and no ip is given, we try to use the
// system-default, check here if there is none
// this is not required for ssl-enabled ip's
if ($edit_id <= 0 && ! $ssl && empty($p_ipandports)) {
throw new Exception("No IPs given, unable to add domain (no default IPs set?)", 406);
}
// convert given value(s) correctly
$ipandports = array();
if (! empty($p_ipandports) && is_numeric($p_ipandports)) {
$p_ipandports = array(
$p_ipandports
);
}
if (! empty($p_ipandports) && ! is_array($p_ipandports)) {
$p_ipandports = unserialize($p_ipandports);
}
// check whether there are ip usage restrictions
$additional_ip_condition = '';
$aip_param = array();
if ($this->getUserDetail('ip') != "-1") {
// handle multiple-ip-array
$additional_ip_condition = " AND `ip` IN (:adminips) ";
$aip_param = array(
'adminips' => implode(",", json_decode($this->getUserDetail('ip'), true))
);
}
if (! empty($p_ipandports) && is_array($p_ipandports)) {
$ipandport_check_stmt = Database::prepare("
SELECT `id`, `ip`, `port`
FROM `" . TABLE_PANEL_IPSANDPORTS . "`
WHERE `id` = :ipandport " . ($ssl ? " AND `ssl` = '1'" : "") . $additional_ip_condition);
foreach ($p_ipandports as $ipandport) {
if (trim($ipandport) == "") {
continue;
}
// fix if no ip/port is checked
if (trim($ipandport) < 1) {
continue;
}
$ipandport = intval($ipandport);
$ip_params = array_merge(array(
'ipandport' => $ipandport
), $aip_param);
$ipandport_check = Database::pexecute_first($ipandport_check_stmt, $ip_params, true, true);
if (! isset($ipandport_check['id']) || $ipandport_check['id'] == '0' || $ipandport_check['id'] != $ipandport) {
standard_error('ipportdoesntexist', '', true);
} else {
$ipandports[] = $ipandport;
}
}
} elseif ($edit_id > 0) {
// set currently used ip's
$ipsresult_stmt = Database::prepare("
SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id
");
Database::pexecute($ipsresult_stmt, array(
'id' => $edit_id
), true, true);
while ($ipsresultrow = $ipsresult_stmt->fetch(PDO::FETCH_ASSOC)) {
$ipandports[] = $ipsresultrow['id_ipandports'];
}
}
return $ipandports;
}
} }