maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

make the hsts domain settings actually saveable; add hsts domain settings for customer-panel; refs #1660

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2016-10-07 11:48:13 +02:00
parent 4a3e02c1f0
commit d198729222
4 changed files with 187 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
admin_domains.php
View File

@@ -584,12 +584,23 @@ if ($page == 'domains' || $page == 'overview') {
$ssl_ipandports[] = $ssl_ipandport;
}
}
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
} else {
$ssl_redirect = 0;
$letsencrypt = 0;
// we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
}
} else {
$ssl_redirect = 0;
@@ -597,6 +608,11 @@ if ($page == 'domains' || $page == 'overview') {
// we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
}
// We can't enable let's encrypt for wildcard - domains
@@ -760,7 +776,10 @@ if ($page == 'domains' || $page == 'overview') {
'registration_date' => $registration_date,
'termination_date' => $termination_date,
'issubof' => $issubof,
'letsencrypt' => $letsencrypt
'letsencrypt' => $letsencrypt,
'hsts' => $hsts_maxage,
'hsts_sub' => $hsts_sub,
'hsts_preload' => $hsts_preload
);
$security_questions = array(
@@ -808,7 +827,10 @@ if ($page == 'domains' || $page == 'overview') {
'mod_fcgid_starter' => $mod_fcgid_starter,
'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
'ismainbutsubto' => $issubof,
'letsencrypt' => $letsencrypt
'letsencrypt' => $letsencrypt,
'hsts' => $hsts_maxage,
'hsts_sub' => $hsts_sub,
'hsts_preload' => $hsts_preload
);
$ins_stmt = Database::prepare("
@@ -841,7 +863,10 @@ if ($page == 'domains' || $page == 'overview') {
`mod_fcgid_starter` = :mod_fcgid_starter,
`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
`ismainbutsubto` = :ismainbutsubto,
`letsencrypt` = :letsencrypt
`letsencrypt` = :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload
");
Database::pexecute($ins_stmt, $ins_data);
$domainid = Database::lastInsertId();
@@ -1398,12 +1423,23 @@ if ($page == 'domains' || $page == 'overview') {
$ssl_ipandports[] = $ssl_ipandport;
}
}
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
} else {
$ssl_redirect = 0;
$letsencrypt = 0;
// we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
}
} else {
$ssl_redirect = 0;
@@ -1411,6 +1447,11 @@ if ($page == 'domains' || $page == 'overview') {
// we need this for the serialize
// if ssl is disabled or no ssl-ip/port exists
$ssl_ipandports[] = - 1;
// HSTS
$hsts_maxage = 0;
$hsts_sub = 0;
$hsts_preload = 0;
}
// We can't enable let's encrypt for wildcard domains
@@ -1548,7 +1589,10 @@ if ($page == 'domains' || $page == 'overview') {
'speciallogverified' => $speciallogverified,
'ipandport' => serialize($ipandports),
'ssl_ipandport' => serialize($ssl_ipandports),
'letsencrypt' => $letsencrypt
'letsencrypt' => $letsencrypt,
'hsts' => $hsts_maxage,
'hsts_sub' => $hsts_sub,
'hsts_preload' => $hsts_preload
);
$security_questions = array(
@@ -1708,6 +1752,9 @@ if ($page == 'domains' || $page == 'overview') {
$update_data['termination_date'] = $termination_date;
$update_data['ismainbutsubto'] = $issubof;
$update_data['letsencrypt'] = $letsencrypt;
$update_data['hsts'] = $hsts_maxage;
$update_data['hsts_sub'] = $hsts_sub;
$update_data['hsts_preload'] = $hsts_preload;
$update_data['id'] = $id;
$update_stmt = Database::prepare("
@@ -1735,7 +1782,10 @@ if ($page == 'domains' || $page == 'overview') {
`registration_date` = :registration_date,
`termination_date` = :termination_date,
`ismainbutsubto` = :ismainbutsubto,
`letsencrypt` = :letsencrypt
`letsencrypt` = :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload
WHERE `id` = :id
");
Database::pexecute($update_stmt, $update_data);

31
customer_domains.php
View File

@@ -374,6 +374,11 @@ if ($page == 'overview') {
$ssl_redirect = 2;
}
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
if ($path == '') {
standard_error('patherror');
} elseif ($subdomain == '') {
@@ -416,7 +421,10 @@ if ($page == 'overview') {
`specialsettings` = :specialsettings,
`ssl_redirect` = :ssl_redirect,
`phpsettingid` = :phpsettingid,
`letsencrypt` = :letsencrypt"
`letsencrypt` = :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload"
);
$params = array(
"customerid" => $userinfo['customerid'],
@@ -433,7 +441,10 @@ if ($page == 'overview') {
"specialsettings" => $domain_check['specialsettings'],
"ssl_redirect" => $ssl_redirect,
"phpsettingid" => $phpsid_result['phpsettingid'],
"letsencrypt" => $letsencrypt
"letsencrypt" => $letsencrypt,
"hsts" => $hsts_maxage,
"hsts_sub" => $hsts_sub,
"hsts_preload" => $hsts_preload
);
Database::pexecute($stmt, $params);
@@ -527,8 +538,7 @@ if ($page == 'overview') {
}
} elseif ($action == 'edit' && $id != 0) {
$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
WHERE `d`.`customerid` = :customerid
AND `d`.`id` = :id
@@ -642,6 +652,11 @@ if ($page == 'overview') {
$ssl_redirect = 2;
}
// HSTS
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
if ($path == '') {
standard_error('patherror');
} else {
@@ -677,7 +692,10 @@ if ($page == 'overview') {
`aliasdomain`= :aliasdomain,
`openbasedir_path`= :openbasedir_path,
`ssl_redirect`= :ssl_redirect,
`letsencrypt`= :letsencrypt
`letsencrypt`= :letsencrypt,
`hsts` = :hsts,
`hsts_sub` = :hsts_sub,
`hsts_preload` = :hsts_preload,
WHERE `customerid`= :customerid
AND `id`= :id"
);
@@ -690,6 +708,9 @@ if ($page == 'overview') {
"openbasedir_path" => $openbasedir_path,
"ssl_redirect" => $ssl_redirect,
"letsencrypt" => $letsencrypt,
"hsts" => $hsts_maxage,
"hsts_sub" => $hsts_sub,
"hsts_preload" => $hsts_preload,
"customerid" => $userinfo['customerid'],
"id" => $id
);

54
lib/formfields/customer/domains/formfield.domains_add.php
View File

@@ -66,8 +66,20 @@ return array(
'type' => 'label',
'value' => $lng['customer']['selectserveralias_addinfo']
),
'openbasedir_path' => array(
'label' => $lng['domain']['openbasedirpath'],
'type' => 'select',
'select_var' => $openbasedir
)
)
),
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_add.png',
'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
'fields' => array(
'ssl_redirect' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['domains']['ssl_redirect']['title'],
'desc' => $lng['domains']['ssl_redirect']['description'],
'type' => 'checkbox',
@@ -77,7 +89,7 @@ return array(
'value' => array()
),
'letsencrypt' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
'label' => $lng['customer']['letsencrypt']['title'],
'desc' => $lng['customer']['letsencrypt']['description'],
'type' => 'checkbox',
@@ -86,13 +98,37 @@ return array(
),
'value' => array()
),
'openbasedir_path' => array(
'label' => $lng['domain']['openbasedirpath'],
'type' => 'select',
'select_var' => $openbasedir
)
)
)
'hsts_maxage' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'type' => 'int',
'int_min' => 0,
'int_max' => 94608000, // 3-years
'value' => 0
),
'hsts_incsub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array()
),
'hsts_preload' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array()
),
),
),
)
)
);

50
lib/formfields/customer/domains/formfield.domains_edit.php
View File

@@ -76,6 +76,19 @@ return array(
),
'value' => array($result['isemaildomain'])
),
'openbasedir_path' => array(
'visible' => ($result['openbasedir'] == '1') ? true : false,
'label' => $lng['domain']['openbasedirpath'],
'type' => 'select',
'select_var' => $openbasedir
)
)
),
'section_bssl' => array(
'title' => $lng['admin']['webserversettings_ssl'],
'image' => 'icons/domain_edit.png',
'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
'fields' => array(
'ssl_redirect' => array(
'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
'label' => $lng['domains']['ssl_redirect']['title'],
@@ -96,14 +109,37 @@ return array(
),
'value' => array($result['letsencrypt'])
),
'openbasedir_path' => array(
'visible' => ($result['openbasedir'] == '1') ? true : false,
'label' => $lng['domain']['openbasedirpath'],
'type' => 'select',
'select_var' => $openbasedir
)
)
'hsts_maxage' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
'type' => 'int',
'int_min' => 0,
'int_max' => 94608000, // 3-years
'value' => $result['hsts']
),
'hsts_incsub' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_incsub']['title'],
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array($result['hsts_sub'])
),
'hsts_preload' => array(
'visible' => ($ssl_ipsandports != '' ? true : false),
'label' => $lng['admin']['domain_hsts_preload']['title'],
'desc' => $lng['admin']['domain_hsts_preload']['description'],
'type' => 'checkbox',
'values' => array(
array ('label' => $lng['panel']['yes'], 'value' => '1')
),
'value' => array($result['hsts_preload'])
),
)
),
)
)
);