From 95da4e9eaba792656e2045834726ab2cf01ccf54 Mon Sep 17 00:00:00 2001 From: Andreas Grundler Date: Mon, 21 Oct 2013 07:14:46 +0200 Subject: [PATCH 1/4] Bufix for "chown -R [User]:[User] /" --- lib/classes/aps/class.ApsInstaller.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/classes/aps/class.ApsInstaller.php b/lib/classes/aps/class.ApsInstaller.php index c237ed82..41642d8b 100644 --- a/lib/classes/aps/class.ApsInstaller.php +++ b/lib/classes/aps/class.ApsInstaller.php @@ -335,7 +335,13 @@ class ApsInstaller extends ApsParser $mapping_path = $Xml->mapping['path']; $mapping_url = $Xml->mapping['url']; } - + + if($this->DomainPath == '') + { + $this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID'])); + return false; + } + if($Task == TASK_INSTALL) { //FIXME truncate customer directory From 4a61df8ae7a42242094dee6557f2efc6778f99f2 Mon Sep 17 00:00:00 2001 From: Andreas Grundler Date: Mon, 21 Oct 2013 07:27:38 +0200 Subject: [PATCH 2/4] typo --- lib/classes/aps/class.ApsInstaller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/classes/aps/class.ApsInstaller.php b/lib/classes/aps/class.ApsInstaller.php index 41642d8b..4529ab7e 100644 --- a/lib/classes/aps/class.ApsInstaller.php +++ b/lib/classes/aps/class.ApsInstaller.php @@ -336,7 +336,7 @@ class ApsInstaller extends ApsParser $mapping_url = $Xml->mapping['url']; } - if($this->DomainPath == '') + if (($this->DomainPath == '') || ($this->DomainPath == '/')) { $this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID'])); return false; From 3c76594abb4a31636453cf3d2bbb82c72d136ef7 Mon Sep 17 00:00:00 2001 From: Andreas Grundler Date: Mon, 21 Oct 2013 16:35:32 +0200 Subject: [PATCH 3/4] Fixed CleanupData to prevent recursive delete of all data --- lib/classes/aps/class.ApsInstaller.php | 29 +++++++++++++++----------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/lib/classes/aps/class.ApsInstaller.php b/lib/classes/aps/class.ApsInstaller.php index 4529ab7e..2f882449 100644 --- a/lib/classes/aps/class.ApsInstaller.php +++ b/lib/classes/aps/class.ApsInstaller.php @@ -269,18 +269,23 @@ class ApsInstaller extends ApsParser $this->db->query('DELETE FROM `' . TABLE_APS_INSTANCES . '` WHERE `ID` = ' . $this->db->escape($Row['InstanceID'])); $this->db->query('DELETE FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID'])); - //remove data, #273 - if($this->DomainPath != '' && $this->DomainPath != '/') { - self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/'); - } else { - // save awstats/webalizer folder if it's the docroot - self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/', true); - // place standard-index file - $loginname = getLoginNameByUid($Row['CustomerID']); - if($loginname !== false) - { - storeDefaultIndex($loginname, $this->RealPath . $this->DomainPath . '/'); - } + if($this->DomainPath != '' && checkDisallowedPaths($this->DomainPath)) + { + $documentroot = getCustomerDetail($Row['CustomerID'],'documentroot'); + + //remove data, #273 + if($this->DomainPath != $documentroot) { + self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/'); + } else { + // save awstats/webalizer folder if it's the docroot + self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/', true); + // place standard-index file + $loginname = getLoginNameByUid($Row['CustomerID']); + if($loginname !== false) + { + storeDefaultIndex($loginname, $this->RealPath . $this->DomainPath . '/'); + } + } } } } From d0315b7ed3d2dfc8731ec3604b3d7450e683c348 Mon Sep 17 00:00:00 2001 From: Andreas Grundler Date: Mon, 21 Oct 2013 17:36:44 +0200 Subject: [PATCH 4/4] RealPath nicht DomainPath --- lib/classes/aps/class.ApsInstaller.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/classes/aps/class.ApsInstaller.php b/lib/classes/aps/class.ApsInstaller.php index 2f882449..686a640d 100644 --- a/lib/classes/aps/class.ApsInstaller.php +++ b/lib/classes/aps/class.ApsInstaller.php @@ -269,12 +269,10 @@ class ApsInstaller extends ApsParser $this->db->query('DELETE FROM `' . TABLE_APS_INSTANCES . '` WHERE `ID` = ' . $this->db->escape($Row['InstanceID'])); $this->db->query('DELETE FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID'])); - if($this->DomainPath != '' && checkDisallowedPaths($this->DomainPath)) + if($this->RealPath != '' && checkDisallowedPaths($this->RealPath)) { - $documentroot = getCustomerDetail($Row['CustomerID'],'documentroot'); - //remove data, #273 - if($this->DomainPath != $documentroot) { + if($this->DomainPath != '' && $this->DomainPath != '/') { self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/'); } else { // save awstats/webalizer folder if it's the docroot @@ -341,7 +339,7 @@ class ApsInstaller extends ApsParser $mapping_url = $Xml->mapping['url']; } - if (($this->DomainPath == '') || ($this->DomainPath == '/')) + if ($this->RealPath == '' || !checkDisallowedPaths($this->RealPath)) { $this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID'])); return false;