change default path of custom-ssl-certificates as too many people can't read. Also, don't let updaters specify '/' (result of an empty value) as custom-ssl path and let the cron only clean the custom-ssl-path of ssl is enabled (just in case), refs #1279

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2013-10-15 14:49:53 +02:00
parent e38e4532b3
commit e40c7289c4
5 changed files with 22 additions and 13 deletions
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -100,7 +100,7 @@ return array(
 					'varname' => 'customer_ssl_path',
 					'type' => 'string',
 					'string_type' => 'dir',
-					'default' => '/etc/apache2/ssl/',
+					'default' => '/etc/ssl/froxlor-custom/',
 					'save_method' => 'storeSettingField',
 					),
 				'system_phpappendopenbasedir' => array(
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -510,7 +510,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '1'),
 	('system', 'axfrservers', ''),
-	('system', 'customer_ssl_path', '/etc/apache2/ssl/'),
+	('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -2126,7 +2126,11 @@ if (isFroxlorVersion('0.9.29-dev3')) {
 	) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;");
 	lastStepStatus(0);

-	$system_customersslpath = isset($_POST['system_customersslpath']) ? makeCorrectDir($_POST['system_customersslpath']) : '/etc/apache2/ssl/';
+	$system_customersslpath = isset($_POST['system_customersslpath']) ? makeCorrectDir($_POST['system_customersslpath']) : '/etc/ssl/froxlor-custom/';
+	if (trim($system_customersslpath) == '/') {
+		// prevent users from specifying nonsense here
+		$system_customersslpath = '/etc/ssl/froxlor-custom/';
+	}
 	$db->query("INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'customer_ssl_path', '".$db->escape($system_customersslpath)."');");
 	updateToVersion('0.9.29-dev4');
 }
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -538,7 +538,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 		$has_preconfig = true;
 		$description  = 'As customers can now specify ssl-certificate data for their domains, you need to specify where the generated files are stored<br />';
 		$question = '<strong>Specify the directory for customer ssl-certificates:</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="system_customersslpath" value="/etc/apache2/ssl/" />';
+		$question.= '<input type="text" class="text" name="system_customersslpath" value="/etc/ssl/froxlor-custom/" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -70,6 +70,10 @@ class ConfigIO {
 	 */
 	private function _cleanCustomerSslCerts() {

+		/*
+		 * only clean up if we're actually using SSL
+		 */
+		if ($this->_settings['system']['use_ssl'] == '1') {
 			// get correct directory
 			$configdir = $this->_getFile('system', 'customer_ssl_path');
 			if ($configdir !== false) {
@@ -84,6 +88,7 @@ class ConfigIO {
 				}
 			}
 		}
+	}

 	/**
 	 * remove webserver related configuration files before regeneration