maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

make the hsts domain settings actually saveable; add hsts domain settings for customer-panel; refs #1660

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2016-10-07 11:48:13 +02:00
parent 4a3e02c1f0
commit d198729222
4 changed files with 187 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
admin_domains.php
View File

@@ -584,12 +584,23 @@ if ($page == 'domains' || $page == 'overview') {
$ssl_ipandports[] = $ssl_ipandport; $ssl_ipandports[] = $ssl_ipandport;
} }
} }
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
} else { } else {
$ssl_redirect = 0; $ssl_redirect = 0;
$letsencrypt = 0; $letsencrypt = 0;
// we need this for the serialize // we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists // if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1; $ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
} }
} else { } else {
$ssl_redirect = 0; $ssl_redirect = 0;
@@ -597,6 +608,11 @@ if ($page == 'domains' || $page == 'overview') {
// we need this for the serialize // we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists // if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1; $ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
} }
// We can't enable let's encrypt for wildcard - domains // We can't enable let's encrypt for wildcard - domains
@@ -760,7 +776,10 @@ if ($page == 'domains' || $page == 'overview') {
'registration_date' => $registration_date, 'registration_date' => $registration_date,
'termination_date' => $termination_date, 'termination_date' => $termination_date,
'issubof' => $issubof, 'issubof' => $issubof,
'letsencrypt' => $letsencrypt 'letsencrypt' => $letsencrypt,
'hsts' => $hsts_maxage,
'hsts_sub' => $hsts_sub,
'hsts_preload' => $hsts_preload
); );
$security_questions = array( $security_questions = array(
@@ -808,7 +827,10 @@ if ($page == 'domains' || $page == 'overview') {
'mod_fcgid_starter' => $mod_fcgid_starter, 'mod_fcgid_starter' => $mod_fcgid_starter,
'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests, 'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
'ismainbutsubto' => $issubof, 'ismainbutsubto' => $issubof,
'letsencrypt' => $letsencrypt 'letsencrypt' => $letsencrypt,
'hsts' => $hsts_maxage,
'hsts_sub' => $hsts_sub,
'hsts_preload' => $hsts_preload
); );
$ins_stmt = Database::prepare(" $ins_stmt = Database::prepare("
@@ -841,7 +863,10 @@ if ($page == 'domains' || $page == 'overview') {
`mod_fcgid_starter` = :mod_fcgid_starter, `mod_fcgid_starter` = :mod_fcgid_starter,
`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests, `mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
`ismainbutsubto` = :ismainbutsubto, `ismainbutsubto` = :ismainbutsubto,
`letsencrypt` = :letsencrypt `letsencrypt` = :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload
"); ");
Database::pexecute($ins_stmt, $ins_data); Database::pexecute($ins_stmt, $ins_data);
$domainid = Database::lastInsertId(); $domainid = Database::lastInsertId();
@@ -1398,12 +1423,23 @@ if ($page == 'domains' || $page == 'overview') {
$ssl_ipandports[] = $ssl_ipandport; $ssl_ipandports[] = $ssl_ipandport;
} }
} }
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
} else { } else {
$ssl_redirect = 0; $ssl_redirect = 0;
$letsencrypt = 0; $letsencrypt = 0;
// we need this for the serialize // we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists // if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1; $ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
} }
} else { } else {
$ssl_redirect = 0; $ssl_redirect = 0;
@@ -1411,6 +1447,11 @@ if ($page == 'domains' || $page == 'overview') {
// we need this for the serialize // we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists // if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1; $ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
} }
// We can't enable let's encrypt for wildcard domains // We can't enable let's encrypt for wildcard domains
@@ -1548,7 +1589,10 @@ if ($page == 'domains' || $page == 'overview') {
'speciallogverified' => $speciallogverified, 'speciallogverified' => $speciallogverified,
'ipandport' => serialize($ipandports), 'ipandport' => serialize($ipandports),
'ssl_ipandport' => serialize($ssl_ipandports), 'ssl_ipandport' => serialize($ssl_ipandports),
'letsencrypt' => $letsencrypt 'letsencrypt' => $letsencrypt,
'hsts' => $hsts_maxage,
'hsts_sub' => $hsts_sub,
'hsts_preload' => $hsts_preload
); );
$security_questions = array( $security_questions = array(
@@ -1708,6 +1752,9 @@ if ($page == 'domains' || $page == 'overview') {
$update_data['termination_date'] = $termination_date; $update_data['termination_date'] = $termination_date;
$update_data['ismainbutsubto'] = $issubof; $update_data['ismainbutsubto'] = $issubof;
$update_data['letsencrypt'] = $letsencrypt; $update_data['letsencrypt'] = $letsencrypt;
$update_data['hsts'] = $hsts_maxage;
$update_data['hsts_sub'] = $hsts_sub;
$update_data['hsts_preload'] = $hsts_preload;
$update_data['id'] = $id; $update_data['id'] = $id;
$update_stmt = Database::prepare(" $update_stmt = Database::prepare("
@@ -1735,7 +1782,10 @@ if ($page == 'domains' || $page == 'overview') {
`registration_date` = :registration_date, `registration_date` = :registration_date,
`termination_date` = :termination_date, `termination_date` = :termination_date,
`ismainbutsubto` = :ismainbutsubto, `ismainbutsubto` = :ismainbutsubto,
`letsencrypt` = :letsencrypt `letsencrypt` = :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload
WHERE `id` = :id WHERE `id` = :id
"); ");
Database::pexecute($update_stmt, $update_data); Database::pexecute($update_stmt, $update_data);

31
customer_domains.php
View File

@@ -374,6 +374,11 @@ if ($page == 'overview') {
$ssl_redirect = 2; $ssl_redirect = 2;
} }
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
if ($path == '') { if ($path == '') {
standard_error('patherror'); standard_error('patherror');
} elseif ($subdomain == '') { } elseif ($subdomain == '') {
@@ -416,7 +421,10 @@ if ($page == 'overview') {
`specialsettings` = :specialsettings, `specialsettings` = :specialsettings,
`ssl_redirect` = :ssl_redirect, `ssl_redirect` = :ssl_redirect,
`phpsettingid` = :phpsettingid, `phpsettingid` = :phpsettingid,
`letsencrypt` = :letsencrypt" `letsencrypt` = :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload"
); );
$params = array( $params = array(
"customerid" => $userinfo['customerid'], "customerid" => $userinfo['customerid'],
@@ -433,7 +441,10 @@ if ($page == 'overview') {
"specialsettings" => $domain_check['specialsettings'], "specialsettings" => $domain_check['specialsettings'],
"ssl_redirect" => $ssl_redirect, "ssl_redirect" => $ssl_redirect,
"phpsettingid" => $phpsid_result['phpsettingid'], "phpsettingid" => $phpsid_result['phpsettingid'],
"letsencrypt" => $letsencrypt "letsencrypt" => $letsencrypt,
"hsts" => $hsts_maxage,
"hsts_sub" => $hsts_sub,
"hsts_preload" => $hsts_preload
); );
Database::pexecute($stmt, $params); Database::pexecute($stmt, $params);
@@ -527,8 +538,7 @@ if ($page == 'overview') {
} }
} elseif ($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`, $stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
WHERE `d`.`customerid` = :customerid WHERE `d`.`customerid` = :customerid
AND `d`.`id` = :id AND `d`.`id` = :id
@@ -642,6 +652,11 @@ if ($page == 'overview') {
$ssl_redirect = 2; $ssl_redirect = 2;
} }
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
if ($path == '') { if ($path == '') {
standard_error('patherror'); standard_error('patherror');
} else { } else {
@@ -677,7 +692,10 @@ if ($page == 'overview') {
`aliasdomain`= :aliasdomain, `aliasdomain`= :aliasdomain,
`openbasedir_path`= :openbasedir_path, `openbasedir_path`= :openbasedir_path,
`ssl_redirect`= :ssl_redirect, `ssl_redirect`= :ssl_redirect,
`letsencrypt`= :letsencrypt `letsencrypt`= :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload,
WHERE `customerid`= :customerid WHERE `customerid`= :customerid
AND `id`= :id" AND `id`= :id"
); );
@@ -690,6 +708,9 @@ if ($page == 'overview') {
"openbasedir_path" => $openbasedir_path, "openbasedir_path" => $openbasedir_path,
"ssl_redirect" => $ssl_redirect, "ssl_redirect" => $ssl_redirect,
"letsencrypt" => $letsencrypt, "letsencrypt" => $letsencrypt,
"hsts" => $hsts_maxage,
"hsts_sub" => $hsts_sub,
"hsts_preload" => $hsts_preload,
"customerid" => $userinfo['customerid'], "customerid" => $userinfo['customerid'],
"id" => $id "id" => $id
); );

54
lib/formfields/customer/domains/formfield.domains_add.php
View File

@@ -66,8 +66,20 @@ return array(
'type' => 'label', 'type' => 'label',
'value' => $lng['customer']['selectserveralias_addinfo'] 'value' => $lng['customer']['selectserveralias_addinfo']
), ),
'openbasedir_path' => array(
'label' => $lng['domain']['openbasedirpath'],
'type' => 'select',
'select_var' => $openbasedir
)
)
),
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_add.png',
'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
'fields' => array(
'ssl_redirect' => array( 'ssl_redirect' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false), 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['domains']['ssl_redirect']['title'], 'label' => $lng['domains']['ssl_redirect']['title'],
'desc' => $lng['domains']['ssl_redirect']['description'], 'desc' => $lng['domains']['ssl_redirect']['description'],
'type' => 'checkbox', 'type' => 'checkbox',
@@ -77,7 +89,7 @@ return array(
'value' => array() 'value' => array()
), ),
'letsencrypt' => array( 'letsencrypt' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false), 'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
'label' => $lng['customer']['letsencrypt']['title'], 'label' => $lng['customer']['letsencrypt']['title'],
'desc' => $lng['customer']['letsencrypt']['description'], 'desc' => $lng['customer']['letsencrypt']['description'],
'type' => 'checkbox', 'type' => 'checkbox',
@@ -86,13 +98,37 @@ return array(
), ),
'value' => array() 'value' => array()
), ),
'openbasedir_path' => array( 'hsts_maxage' => array(
'label' => $lng['domain']['openbasedirpath'], 'visible' => ($ssl_ipsandports != '' ? true : false),
'type' => 'select', 'label' => $lng['admin']['domain_hsts_maxage']['title'],
'select_var' => $openbasedir 'desc' => $lng['admin']['domain_hsts_maxage']['description'],
) 'type' => 'int',
) 'int_min' => 0,
) 'int_max' => 94608000, // 3-years
'value' => 0
),
'hsts_incsub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array()
),
'hsts_preload' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array()
),
),
),
) )
) )
); );

50
lib/formfields/customer/domains/formfield.domains_edit.php
View File

@@ -76,6 +76,19 @@ return array(
), ),
'value' => array($result['isemaildomain']) 'value' => array($result['isemaildomain'])
), ),
'openbasedir_path' => array(
'visible' => ($result['openbasedir'] == '1') ? true : false,
'label' => $lng['domain']['openbasedirpath'],
'type' => 'select',
'select_var' => $openbasedir
)
)
),
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_edit.png',
'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
'fields' => array(
'ssl_redirect' => array( 'ssl_redirect' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false), 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
'label' => $lng['domains']['ssl_redirect']['title'], 'label' => $lng['domains']['ssl_redirect']['title'],
@@ -96,14 +109,37 @@ return array(
), ),
'value' => array($result['letsencrypt']) 'value' => array($result['letsencrypt'])
), ),
'openbasedir_path' => array( 'hsts_maxage' => array(
'visible' => ($result['openbasedir'] == '1') ? true : false, 'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['domain']['openbasedirpath'], 'label' => $lng['admin']['domain_hsts_maxage']['title'],
'type' => 'select', 'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'select_var' => $openbasedir 'type' => 'int',
) 'int_min' => 0,
) 'int_max' => 94608000, // 3-years
'value' => $result['hsts']
),
'hsts_incsub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array($result['hsts_sub'])
),
'hsts_preload' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array($result['hsts_preload'])
),
) )
),
) )
) )
); );