From ba3d342e2be906ac258c45ada659b328c032b6c6 Mon Sep 17 00:00:00 2001
From: "Florian Aders (EleRas)" <eleras@froxlor.org>
Date: Fri, 3 Jan 2014 11:12:33 +0100
Subject: [PATCH] Fixing executing perl-scripts with apache 2.4 and prevent
 users to access other users docroot, fixes #532

Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>
---
 scripts/jobs/cron_tasks.inc.http.10.apache.php | 4 ++--
 scripts/jobs/cron_tasks.php                    | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index 4dbf0050..b3159e41 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -881,7 +881,7 @@ class apache {
 						&& isset($row_diroptions['options_cgi'])
 						&& $row_diroptions['options_cgi'] == '1'
 					) {
-						$this->diroptions_data[$diroptions_filename] .= ' ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks'."\n";
+						$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks'."\n";
 					} else {
 						$this->diroptions_data[$diroptions_filename] .= "\n";
 					}
@@ -898,7 +898,7 @@ class apache {
 						&& isset($row_diroptions['options_cgi'])
 						&& $row_diroptions['options_cgi'] == '1'
 					) {
-						$this->diroptions_data[$diroptions_filename] .= ' ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks'."\n";
+						$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks'."\n";
 					} else {
 						$this->diroptions_data[$diroptions_filename] .= "\n";
 					}
diff --git a/scripts/jobs/cron_tasks.php b/scripts/jobs/cron_tasks.php
index c85bbab6..7a09d164 100644
--- a/scripts/jobs/cron_tasks.php
+++ b/scripts/jobs/cron_tasks.php
@@ -132,9 +132,9 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$userhomedir = (substr($userhomedir, 0, -1) == '/') ? substr($userhomedir, 0, -1) : $userhomedir;
 			$usermaildir = (substr($usermaildir, 0, -1) == '/') ? substr($usermaildir, 0, -1) : $usermaildir;
 
-			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));
-			safe_exec('chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));
-			// don't allow others to access the directory (webserver will be in the users' group)
+			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$row['data']['uid'] . ':' . Settings::Get('system.httpuser') . ' ' . escapeshellarg($userhomedir));
+			safe_exec('chown -R ' . (int)$row['data']['uid'] . ':' . Settings::Get('system.httpuser') . ' ' . escapeshellarg($userhomedir));
+			// don't allow others to access the directory (webserver will be the group)
 			safe_exec('chmod 0750 ' . escapeshellarg($userhomedir));
 			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
 			safe_exec('chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));