From d198729222b36bf0d82efed605376675f4e1c769 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Fri, 7 Oct 2016 11:48:13 +0200 Subject: [PATCH] make the hsts domain settings actually saveable; add hsts domain settings for customer-panel; refs #1660 Signed-off-by: Michael Kaufmann (d00p) --- admin_domains.php | 62 +++++++++++++-- customer_domains.php | 33 ++++++-- .../domains/formfield.domains_add.php | 78 ++++++++++++++----- .../domains/formfield.domains_edit.php | 58 +++++++++++--- 4 files changed, 187 insertions(+), 44 deletions(-) diff --git a/admin_domains.php b/admin_domains.php index abb66e6b..99dc415d 100644 --- a/admin_domains.php +++ b/admin_domains.php @@ -584,12 +584,23 @@ if ($page == 'domains' || $page == 'overview') { $ssl_ipandports[] = $ssl_ipandport; } } + + // HSTS + $hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0; + $hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0; + $hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0; + } else { $ssl_redirect = 0; $letsencrypt = 0; // we need this for the serialize // if ssl is disabled or no ssl-ip/port exists $ssl_ipandports[] = - 1; + + // HSTS + $hsts_maxage = 0; + $hsts_sub = 0; + $hsts_preload = 0; } } else { $ssl_redirect = 0; @@ -597,6 +608,11 @@ if ($page == 'domains' || $page == 'overview') { // we need this for the serialize // if ssl is disabled or no ssl-ip/port exists $ssl_ipandports[] = - 1; + + // HSTS + $hsts_maxage = 0; + $hsts_sub = 0; + $hsts_preload = 0; } // We can't enable let's encrypt for wildcard - domains @@ -760,7 +776,10 @@ if ($page == 'domains' || $page == 'overview') { 'registration_date' => $registration_date, 'termination_date' => $termination_date, 'issubof' => $issubof, - 'letsencrypt' => $letsencrypt + 'letsencrypt' => $letsencrypt, + 'hsts' => $hsts_maxage, + 'hsts_sub' => $hsts_sub, + 'hsts_preload' => $hsts_preload ); $security_questions = array( @@ -808,7 +827,10 @@ if ($page == 'domains' || $page == 'overview') { 'mod_fcgid_starter' => $mod_fcgid_starter, 'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests, 'ismainbutsubto' => $issubof, - 'letsencrypt' => $letsencrypt + 'letsencrypt' => $letsencrypt, + 'hsts' => $hsts_maxage, + 'hsts_sub' => $hsts_sub, + 'hsts_preload' => $hsts_preload ); $ins_stmt = Database::prepare(" @@ -836,12 +858,15 @@ if ($page == 'domains' || $page == 'overview') { `ssl_redirect` = :ssl_redirect, `add_date` = :add_date, `registration_date` = :registration_date, - `termination_date` = :termination_date, + `termination_date` = :termination_date, `phpsettingid` = :phpsettingid, `mod_fcgid_starter` = :mod_fcgid_starter, `mod_fcgid_maxrequests` = :mod_fcgid_maxrequests, `ismainbutsubto` = :ismainbutsubto, - `letsencrypt` = :letsencrypt + `letsencrypt` = :letsencrypt, + `hsts` = :hsts, + `hsts_sub` = :hsts_sub, + `hsts_preload` = :hsts_preload "); Database::pexecute($ins_stmt, $ins_data); $domainid = Database::lastInsertId(); @@ -1398,12 +1423,23 @@ if ($page == 'domains' || $page == 'overview') { $ssl_ipandports[] = $ssl_ipandport; } } + + // HSTS + $hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0; + $hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0; + $hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0; + } else { $ssl_redirect = 0; $letsencrypt = 0; // we need this for the serialize // if ssl is disabled or no ssl-ip/port exists $ssl_ipandports[] = - 1; + + // HSTS + $hsts_maxage = 0; + $hsts_sub = 0; + $hsts_preload = 0; } } else { $ssl_redirect = 0; @@ -1411,6 +1447,11 @@ if ($page == 'domains' || $page == 'overview') { // we need this for the serialize // if ssl is disabled or no ssl-ip/port exists $ssl_ipandports[] = - 1; + + // HSTS + $hsts_maxage = 0; + $hsts_sub = 0; + $hsts_preload = 0; } // We can't enable let's encrypt for wildcard domains @@ -1548,7 +1589,10 @@ if ($page == 'domains' || $page == 'overview') { 'speciallogverified' => $speciallogverified, 'ipandport' => serialize($ipandports), 'ssl_ipandport' => serialize($ssl_ipandports), - 'letsencrypt' => $letsencrypt + 'letsencrypt' => $letsencrypt, + 'hsts' => $hsts_maxage, + 'hsts_sub' => $hsts_sub, + 'hsts_preload' => $hsts_preload ); $security_questions = array( @@ -1708,6 +1752,9 @@ if ($page == 'domains' || $page == 'overview') { $update_data['termination_date'] = $termination_date; $update_data['ismainbutsubto'] = $issubof; $update_data['letsencrypt'] = $letsencrypt; + $update_data['hsts'] = $hsts_maxage; + $update_data['hsts_sub'] = $hsts_sub; + $update_data['hsts_preload'] = $hsts_preload; $update_data['id'] = $id; $update_stmt = Database::prepare(" @@ -1735,7 +1782,10 @@ if ($page == 'domains' || $page == 'overview') { `registration_date` = :registration_date, `termination_date` = :termination_date, `ismainbutsubto` = :ismainbutsubto, - `letsencrypt` = :letsencrypt + `letsencrypt` = :letsencrypt, + `hsts` = :hsts, + `hsts_sub` = :hsts_sub, + `hsts_preload` = :hsts_preload WHERE `id` = :id "); Database::pexecute($update_stmt, $update_data); diff --git a/customer_domains.php b/customer_domains.php index 2aa9bbab..e79af357 100644 --- a/customer_domains.php +++ b/customer_domains.php @@ -374,6 +374,11 @@ if ($page == 'overview') { $ssl_redirect = 2; } + // HSTS + $hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0; + $hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0; + $hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0; + if ($path == '') { standard_error('patherror'); } elseif ($subdomain == '') { @@ -416,7 +421,10 @@ if ($page == 'overview') { `specialsettings` = :specialsettings, `ssl_redirect` = :ssl_redirect, `phpsettingid` = :phpsettingid, - `letsencrypt` = :letsencrypt" + `letsencrypt` = :letsencrypt, + `hsts` = :hsts, + `hsts_sub` = :hsts_sub, + `hsts_preload` = :hsts_preload" ); $params = array( "customerid" => $userinfo['customerid'], @@ -433,7 +441,10 @@ if ($page == 'overview') { "specialsettings" => $domain_check['specialsettings'], "ssl_redirect" => $ssl_redirect, "phpsettingid" => $phpsid_result['phpsettingid'], - "letsencrypt" => $letsencrypt + "letsencrypt" => $letsencrypt, + "hsts" => $hsts_maxage, + "hsts_sub" => $hsts_sub, + "hsts_preload" => $hsts_preload ); Database::pexecute($stmt, $params); @@ -527,8 +538,7 @@ if ($page == 'overview') { } } elseif ($action == 'edit' && $id != 0) { - $stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`, - `d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain` + $stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd` WHERE `d`.`customerid` = :customerid AND `d`.`id` = :id @@ -634,7 +644,7 @@ if ($page == 'overview') { // We can't enable let's encrypt for wildcard - domains if ($iswildcarddomain == '1' && $letsencrypt == '1') { - standard_error('nowildcardwithletsencrypt'); + standard_error('nowildcardwithletsencrypt'); } // Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated @@ -642,6 +652,11 @@ if ($page == 'overview') { $ssl_redirect = 2; } + // HSTS + $hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0; + $hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0; + $hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0; + if ($path == '') { standard_error('patherror'); } else { @@ -677,7 +692,10 @@ if ($page == 'overview') { `aliasdomain`= :aliasdomain, `openbasedir_path`= :openbasedir_path, `ssl_redirect`= :ssl_redirect, - `letsencrypt`= :letsencrypt + `letsencrypt`= :letsencrypt, + `hsts` = :hsts, + `hsts_sub` = :hsts_sub, + `hsts_preload` = :hsts_preload, WHERE `customerid`= :customerid AND `id`= :id" ); @@ -690,6 +708,9 @@ if ($page == 'overview') { "openbasedir_path" => $openbasedir_path, "ssl_redirect" => $ssl_redirect, "letsencrypt" => $letsencrypt, + "hsts" => $hsts_maxage, + "hsts_sub" => $hsts_sub, + "hsts_preload" => $hsts_preload, "customerid" => $userinfo['customerid'], "id" => $id ); diff --git a/lib/formfields/customer/domains/formfield.domains_add.php b/lib/formfields/customer/domains/formfield.domains_add.php index 2f24fcae..e25302b0 100644 --- a/lib/formfields/customer/domains/formfield.domains_add.php +++ b/lib/formfields/customer/domains/formfield.domains_add.php @@ -66,33 +66,69 @@ return array( 'type' => 'label', 'value' => $lng['customer']['selectserveralias_addinfo'] ), - 'ssl_redirect' => array( - 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false), - 'label' => $lng['domains']['ssl_redirect']['title'], - 'desc' => $lng['domains']['ssl_redirect']['description'], - 'type' => 'checkbox', - 'values' => array( - array ('label' => $lng['panel']['yes'], 'value' => '1') - ), - 'value' => array() - ), - 'letsencrypt' => array( - 'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false), - 'label' => $lng['customer']['letsencrypt']['title'], - 'desc' => $lng['customer']['letsencrypt']['description'], - 'type' => 'checkbox', - 'values' => array( - array ('label' => $lng['panel']['yes'], 'value' => '1') - ), - 'value' => array() - ), 'openbasedir_path' => array( 'label' => $lng['domain']['openbasedirpath'], 'type' => 'select', 'select_var' => $openbasedir ) ) - ) + ), + 'section_bssl' => array( + 'title' => $lng['admin']['webserversettings_ssl'], + 'image' => 'icons/domain_add.png', + 'visible' => Settings::Get('system.use_ssl') == '1' ? true : false, + 'fields' => array( + 'ssl_redirect' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['domains']['ssl_redirect']['title'], + 'desc' => $lng['domains']['ssl_redirect']['description'], + 'type' => 'checkbox', + 'values' => array( + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), + 'value' => array() + ), + 'letsencrypt' => array( + 'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false), + 'label' => $lng['customer']['letsencrypt']['title'], + 'desc' => $lng['customer']['letsencrypt']['description'], + 'type' => 'checkbox', + 'values' => array( + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), + 'value' => array() + ), + 'hsts_maxage' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['admin']['domain_hsts_maxage']['title'], + 'desc' => $lng['admin']['domain_hsts_maxage']['description'], + 'type' => 'int', + 'int_min' => 0, + 'int_max' => 94608000, // 3-years + 'value' => 0 + ), + 'hsts_incsub' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['admin']['domain_hsts_incsub']['title'], + 'desc' => $lng['admin']['domain_hsts_incsub']['description'], + 'type' => 'checkbox', + 'values' => array( + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), + 'value' => array() + ), + 'hsts_preload' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['admin']['domain_hsts_preload']['title'], + 'desc' => $lng['admin']['domain_hsts_preload']['description'], + 'type' => 'checkbox', + 'values' => array( + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), + 'value' => array() + ), + ), + ), ) ) ); diff --git a/lib/formfields/customer/domains/formfield.domains_edit.php b/lib/formfields/customer/domains/formfield.domains_edit.php index 0b319248..2e753e21 100644 --- a/lib/formfields/customer/domains/formfield.domains_edit.php +++ b/lib/formfields/customer/domains/formfield.domains_edit.php @@ -76,14 +76,27 @@ return array( ), 'value' => array($result['isemaildomain']) ), + 'openbasedir_path' => array( + 'visible' => ($result['openbasedir'] == '1') ? true : false, + 'label' => $lng['domain']['openbasedirpath'], + 'type' => 'select', + 'select_var' => $openbasedir + ) + ) + ), + 'section_bssl' => array( + 'title' => $lng['admin']['webserversettings_ssl'], + 'image' => 'icons/domain_edit.png', + 'visible' => Settings::Get('system.use_ssl') == '1' ? true : false, + 'fields' => array( 'ssl_redirect' => array( 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false), 'label' => $lng['domains']['ssl_redirect']['title'], 'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''), 'type' => 'checkbox', 'values' => array( - array ('label' => $lng['panel']['yes'], 'value' => '1') - ), + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), 'value' => array($result['ssl_redirect']) ), 'letsencrypt' => array( @@ -92,18 +105,41 @@ return array( 'desc' => $lng['customer']['letsencrypt']['description'], 'type' => 'checkbox', 'values' => array( - array ('label' => $lng['panel']['yes'], 'value' => '1') - ), + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), 'value' => array($result['letsencrypt']) ), - 'openbasedir_path' => array( - 'visible' => ($result['openbasedir'] == '1') ? true : false, - 'label' => $lng['domain']['openbasedirpath'], - 'type' => 'select', - 'select_var' => $openbasedir - ) + 'hsts_maxage' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['admin']['domain_hsts_maxage']['title'], + 'desc' => $lng['admin']['domain_hsts_maxage']['description'], + 'type' => 'int', + 'int_min' => 0, + 'int_max' => 94608000, // 3-years + 'value' => $result['hsts'] + ), + 'hsts_incsub' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['admin']['domain_hsts_incsub']['title'], + 'desc' => $lng['admin']['domain_hsts_incsub']['description'], + 'type' => 'checkbox', + 'values' => array( + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), + 'value' => array($result['hsts_sub']) + ), + 'hsts_preload' => array( + 'visible' => ($ssl_ipsandports != '' ? true : false), + 'label' => $lng['admin']['domain_hsts_preload']['title'], + 'desc' => $lng['admin']['domain_hsts_preload']['description'], + 'type' => 'checkbox', + 'values' => array( + array ('label' => $lng['panel']['yes'], 'value' => '1') + ), + 'value' => array($result['hsts_preload']) + ), ) - ) + ), ) ) );