setting version to 0.9.33.2 for bugfix release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/210.security.php

@@ -45,7 +45,7 @@ return array(
 					'type' => 'option',
 					'default' => 0,
 					'option_mode' => 'one',
-					'option_options' => array(0 => $lng['serversettings']['systemdefault'], 1 => 'MD5', 2 => 'BLOWFISH', 3 => 'SHA-256', 4 => 'SHA-512'),
+					'option_options_method' => 'getAvailablePasswordHashes',
 					'save_method' => 'storeSettingField',
 					),
 				'system_allow_error_report_admin' => array(

admin_admins.php

@@ -202,7 +202,10 @@ if ($page == 'admins'
 			$email = $idna_convert->encode(validate($_POST['email'], 'email'));
 
 			$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
-			$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+			$custom_notes_show = 0;
+			if (isset($_POST['custom_notes_show'])) {
+			    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+			}
 
 			$loginname = validate($_POST['loginname'], 'loginname');
 			$password = validate($_POST['admin_password'], 'password');
@@ -498,7 +501,10 @@ if ($page == 'admins'
 				$email = $idna_convert->encode(validate($_POST['email'], 'email'));
 
 				$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
-				$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				$custom_notes_show = $result['custom_notes_show'];
+				if (isset($_POST['custom_notes_show'])) {
+				    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				}
 
 				if ($result['adminid'] == $userinfo['userid']) {
 

admin_customers.php

@@ -420,7 +420,10 @@ if ($page == 'customers'
 				$gender = intval_ressource($_POST['gender']);
 
 				$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
-				$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				$custom_notes_show = 0;
+				if (isset($_POST['custom_notes_show'])) {
+				    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				}
 
 				$diskspace = intval_ressource($_POST['diskspace']);
 				if (isset($_POST['diskspace_ul'])) {
@@ -889,7 +892,7 @@ if ($page == 'customers'
 							`domain` = :domain,
 							`customerid` = :customerid,
 							`adminid` = :adminid,
-							`parentdomainid` = '-1',
+							`parentdomainid` = '0',
 							`documentroot` = :docroot,
 							`zonefile` = '',
 							`isemaildomain` = '0',
@@ -1037,7 +1040,7 @@ if ($page == 'customers'
 		 */
 		$available_admins_stmt = Database::prepare("
                         SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
-                        WHERE (`customers` = '-1' OR `customers` < `customers_used`)"
+                        WHERE (`customers` = '-1' OR `customers` > `customers_used`)"
 		);
 		Database::pexecute($available_admins_stmt);
 		$admin_select = makeoption("-----", 0, true, true, true);
@@ -1073,7 +1076,10 @@ if ($page == 'customers'
 				$move_to_admin = isset($_POST['move_to_admin']) ? intval_ressource($_POST['move_to_admin']) : 0;
 
 				$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
-				$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				$custom_notes_show = $result['custom_notes_show'];
+				if (isset($_POST['custom_notes_show'])) {
+				    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				}
 
 				$diskspace = intval_ressource($_POST['diskspace']);
 				if (isset($_POST['diskspace_ul'])) {
@@ -1248,7 +1254,7 @@ if ($page == 'customers'
 							`domain` = :domain,
 							`customerid` = :customerid,
 							`adminid` = :adminid,
-							`parentdomainid` = '-1',
+							`parentdomainid` = '0',
 							`documentroot` = :docroot,
 							`zonefile` = '',
 							`isemaildomain` = '0',

index.php

@@ -119,15 +119,23 @@ if ($action == 'login') {
 			redirectTo('index.php', array('showmessage' => '3'));
 			exit;
 		} elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) {
-			// login correct
-			// reset loginfail_counter, set lastlogin_succ
-			$stmt = Database::prepare("UPDATE $table
-				SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
-				WHERE `$uid`= :uid"
-			);
-			Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
-			$userinfo['userid'] = $userinfo[$uid];
-			$userinfo['adminsession'] = $adminsession;
+		    // only show "you're banned" if the login was successfull
+		    // because we don't want to publish that the user does exist
+		    if ($userinfo['deactivated']) {
+		        unset($userinfo);
+		        redirectTo('index.php', array('showmessage' => '5'));
+		        exit;
+		    } else {
+		        // login correct
+		        // reset loginfail_counter, set lastlogin_succ
+		        $stmt = Database::prepare("UPDATE $table
+		              SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
+		              WHERE `$uid`= :uid"
+		        );
+		        Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
+		        $userinfo['userid'] = $userinfo[$uid];
+		        $userinfo['adminsession'] = $adminsession;
+		    }
 		} else {
 			// login incorrect
 			$stmt = Database::prepare("UPDATE $table
@@ -269,6 +277,9 @@ if ($action == 'login') {
 		case 7:
 			$message = $lng['pwdreminder']['wrongcode'];
 			break;
+		case 8:
+		    $message = $lng['pwdreminder']['notallowed'];
+		    break;
 		}
 
 		$update_in_progress = '';
@@ -326,8 +337,8 @@ if ($action == 'forgotpwd') {
 
 			/* Check whether user is banned */
 			if ($user['deactivated']) {
-				$message = $lng['pwdreminder']['notallowed'];
-				redirectTo('index.php', array('showmessage' => '5'));
+				redirectTo('index.php', array('showmessage' => '8'));
+				exit;
 			}
 
 			if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {

install/froxlor.sql

@@ -538,7 +538,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.33');
+	('panel', 'version', '0.9.33.2');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -2892,3 +2892,19 @@ if (isFroxlorVersion('0.9.33-rc3')) {
         updateToVersion('0.9.33');
 
 }
+
+if (isFroxlorVersion('0.9.33')) {
+
+        showUpdateStep("Updating from 0.9.33 to 0.9.33.1");
+        lastStepStatus(0);
+        updateToVersion('0.9.33.1');
+
+}
+
+if (isFroxlorVersion('0.9.33.1')) {
+
+        showUpdateStep("Updating from 0.9.33.1 to 0.9.33.2");
+        lastStepStatus(0);
+        updateToVersion('0.9.33.2');
+
+}

lib/classes/database/class.Database.php

@@ -224,7 +224,7 @@ class Database {
 				&& isset($sql['root_password'])
 				&& (!isset($sql_root) || !is_array($sql_root))
 		) {
-			$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
+			$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'socket' => (isset($sql['socket']) ? $sql['socket'] : null), 'user' => $sql['root_user'], 'password' => $sql['root_password']));
 			unset($sql['root_user']);
 			unset($sql['root_password']);
 		}
@@ -235,11 +235,15 @@ class Database {
 			$user = $sql_root[self::$_dbserver]['user'];
 			$password = $sql_root[self::$_dbserver]['password'];
 			$host = $sql_root[self::$_dbserver]['host'];
+			$socket = isset($sql_root[self::$_dbserver]['socket']) ? $sql_root[self::$_dbserver]['socket'] : null;
+			$port = isset($sql_root[self::$_dbserver]['port']) ? $sql_root[self::$_dbserver]['port'] : '3306';
 		} else {
 			$caption = 'localhost';
 			$user = $sql["user"];
 			$password = $sql["password"];
 			$host = $sql["host"];
+			$socket = isset($sql['socket']) ? $sql['socket'] : null;
+			$port = isset($sql['port']) ? $sql['port'] : '3306';
 		}
 
 		// save sql-access-data if needed
@@ -248,6 +252,8 @@ class Database {
 					'user' => $user,
 					'passwd' => $password,
 					'host' => $host,
+					'port' => $port,
+					'socket' => $socket,
 					'db' => $sql["db"],
 					'caption' => $caption
 			);
@@ -264,10 +270,11 @@ class Database {
 				'charset' => 'utf8'
 		);
 
-		if (!validateLocalHostname($host) && !validate_ip2($host, true, 'invalidip', true)) {
-			$dbconf["dsn"]['unix_socket'] = makeCorrectFile($host);
+		if ($socket != null) {
+			$dbconf["dsn"]['unix_socket'] = makeCorrectFile($socket);
 		} else {
 			$dbconf["dsn"]['host'] = $host;
+			$dbconf["dsn"]['port'] = $port;
 		}
 
 		self::$_dbname = $sql["db"];
@@ -305,6 +312,32 @@ class Database {
 	private static function _showerror($error, $showerror = true) {
 		global $userinfo, $theme, $linker;
 
+		// include userdata.inc.php
+		require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
+
+		// le format
+		if (isset($sql['root_user'])
+		    && isset($sql['root_password'])
+		    && (!isset($sql_root) || !is_array($sql_root))
+		) {
+		    $sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'socket' => (isset($sql['socket']) ? $sql['socket'] : null), 'user' => $sql['root_user'], 'password' => $sql['root_password']));
+		}
+
+		// hide username/password in messages
+		$error_message = $error->getMessage();
+		$error_trace = $error->getTraceAsString();
+		// error-message
+		$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
+		$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
+		// error-trace
+		$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
+		$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
+
+		if ($error->getCode() == 2003) {
+		    $error_message = "Unable to connect to database. Either the mysql-server is not running or your user/password is wrong.";
+		    $error_trace = "";
+		}
+
 		/**
 		 * log to a file, so we can actually ask people for the error
 		 * (no one seems to find the stuff in the syslog)
@@ -313,11 +346,10 @@ class Database {
 		if (!file_exists($sl_dir)) {
 			@mkdir($sl_dir, 0755);
 		}
-		$sl_file = makeCorrectFile($sl_dir."/sql-error.log");
-		$sqllog = @fopen($sl_file, 'a');
-		@fwrite($sqllog, date('d.m.Y H:i', time())." --- ".str_replace("\n", " ", $error->getMessage())."\n");
-		@fwrite($sqllog, date('d.m.Y H:i', time())." --- DEBUG: \n".$error->getTraceAsString()."\n");
-		@fclose($sqllog);
+		openlog("froxlor", LOG_PID | LOG_PERROR, LOG_LOCAL0);
+		syslog(LOG_WARNING, str_replace("\n", " ", $error_message));
+		syslog(LOG_WARNING, str_replace("\n", " ", "--- DEBUG: ".$error_trace));
+		closelog();
 
 		/**
 		 * log error for reporting
@@ -326,38 +358,17 @@ class Database {
 		$err_file = makeCorrectFile($sl_dir."/".$errid."_sql-error.log");
 		$errlog = @fopen($err_file, 'w');
 		@fwrite($errlog, "|CODE ".$error->getCode()."\n");
-		@fwrite($errlog, "|MSG ".$error->getMessage()."\n");
+		@fwrite($errlog, "|MSG ".$error_message."\n");
 		@fwrite($errlog, "|FILE ".$error->getFile()."\n");
 		@fwrite($errlog, "|LINE ".$error->getLine()."\n");
-		@fwrite($errlog, "|TRACE\n".$error->getTraceAsString()."\n");
+		@fwrite($errlog, "|TRACE\n".$error_trace."\n");
 		@fclose($errlog);
 
 		if ($showerror) {
 
-			// include userdata.inc.php
-			require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
-
 			// fallback
 			$theme = 'Sparkle';
 
-			// le format
-			if (isset($sql['root_user'])
-				&& isset($sql['root_password'])
-				&& (!isset($sql_root) || !is_array($sql_root))
-			) {
-				$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
-			}
-
-			// hide username/password in messages
-			$error_message = $error->getMessage();
-			$error_trace = $error->getTraceAsString();
-			// error-message
-			$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
-			$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
-			// error-trace
-			$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
-			$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
-
 			// clean up sensitive data
 			unset($sql);
 			unset($sql_root);
@@ -388,7 +399,8 @@ class Database {
 					die($err_hint);
 				}
 			}
-			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in in the sql-error.log in the logs/ directory");
+			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in the syslog");
 		}
 	}
 }
+

lib/classes/phpinterface/class.phpinterface_fpm.php

@@ -250,7 +250,7 @@ class phpinterface_fpm {
 
 			$php_ini_variables = array(
 					'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
-					'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'),
+					'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
 					'TMP_DIR' => $this->getTempDir(),
 					'CUSTOMER_EMAIL' => $this->_domain['email'],
 					'ADMIN_EMAIL' => $admin['email'],

lib/configfiles/freebsd.inc.php

@@ -403,7 +403,8 @@ return array(
 							'chmod 600 /usr/local/etc/libnss-mysql.cfg /usr/local/etc/libnss-mysql-root.cfg'
 						),
 						'restart' => array(
-							'sh /etc/rc.d/nscd restart'
+							'sh /etc/rc.d/nscd restart',
+                                                        'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/configfiles/gentoo.inc.php

@@ -410,7 +410,8 @@ milter_default_action = accept" >> /etc/postfix/main.cf',
 							'rc-update add nscd default'
 						),
 						'restart' => array(
-							'/etc/init.d/nscd restart'
+							'/etc/init.d/nscd restart',
+							'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/configfiles/lucid.inc.php

@@ -393,7 +393,8 @@ return array(
 							'etc_nsswitch.conf' => '/etc/nsswitch.conf',
 						),
 						'restart' => array(
-							'/etc/init.d/nscd restart'
+							'/etc/init.d/nscd restart',
+                                                        'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/configfiles/precise.inc.php

@@ -395,7 +395,8 @@ return array(
 							'etc_nsswitch.conf' => '/etc/nsswitch.conf',
 						),
 						'restart' => array(
-							'/etc/init.d/nscd restart'
+							'/etc/init.d/nscd restart',
+                                                        'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/configfiles/squeeze.inc.php

@@ -392,7 +392,8 @@ return array(
 							'etc_nsswitch.conf' => '/etc/nsswitch.conf',
 						),
 						'restart' => array(
-							'/etc/init.d/nscd restart'
+							'/etc/init.d/nscd restart',
+                                                        'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/configfiles/trusty.inc.php

@@ -390,7 +390,8 @@ return array(
 							'etc_nsswitch.conf' => '/etc/nsswitch.conf',
 						),
 						'restart' => array(
-							'service nscd restart'
+							'service nscd restart',
+                                                        'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/configfiles/wheezy.inc.php

@@ -397,7 +397,8 @@ return array(
 							'etc_nsswitch.conf' => '/etc/nsswitch.conf',
 						),
 						'restart' => array(
-							'/etc/init.d/nscd restart'
+							'/etc/init.d/nscd restart',
+                                                        'nscd --invalidate=group'
 						)
 					),
 					'logrotate' => array(

lib/functions/formfields/string/function.validateFormFieldString.php

@@ -107,8 +107,14 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
 			}
 		}
 		elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'validate_ip') {
-			$newfieldvalue = validate_ip2($newfieldvalue);
-			$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
+		    // check for empty value (it might be allowed)
+		    if (trim($newfieldvalue) == '') {
+		        $newfieldvalue = '';
+		        $returnvalue = 'stringmustntbeempty';
+		    } else {
+		        $newfieldvalue = validate_ip2($newfieldvalue, true);
+		        $returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
+		    }
 		}
 		elseif (preg_match('/^[^\r\n\t\f\0]*$/D', $newfieldvalue)) {
 			$returnvalue = true;

lib/functions/froxlor/function.moveCustomerToAdmin.php

@@ -10,6 +10,9 @@
  * @return true on sucess, error-message on failure
  */
 function moveCustomerToAdmin($id = 0, $adminid = 0) {
+
+    global $log;
+
 	if ($id <= 0 || $adminid <= 0) {
 		return "no valid id's given";
 	}
@@ -23,12 +26,14 @@ function moveCustomerToAdmin($id = 0, $adminid = 0) {
 			'cid' => $id
 	) );
 
+	$log->logAction(ADM_ACTION, LOG_INFO, "moved user #" . $id . " from admin/reseller #".$cAdmin['adminid']." to admin/reseller #".$adminid);
+
 	// Update customer entry
 	$updCustomer_stmt = Database::prepare ( "
 		UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
 	" );
 	Database::pexecute ( $updCustomer_stmt, array (
-			'adminid' => $cAdmin ['adminid'],
+			'adminid' => $adminid,
 			'cid' => $id
 	) );
 
@@ -37,7 +42,7 @@ function moveCustomerToAdmin($id = 0, $adminid = 0) {
 		UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
 	" );
 	Database::pexecute ( $updDomains_stmt, array (
-			'adminid' => $cAdmin ['adminid'],
+			'adminid' => $adminid,
 			'cid' => $id
 	) );
 
@@ -46,7 +51,7 @@ function moveCustomerToAdmin($id = 0, $adminid = 0) {
 		UPDATE `" . TABLE_PANEL_TICKETS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
 	" );
 	Database::pexecute ( $updTickets_stmt, array (
-			'adminid' => $cAdmin ['adminid'],
+			'adminid' => $adminid,
 			'cid' => $id
 	) );
 

lib/functions/system/function.getAvailablePasswordHashes.php

@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2015 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2014-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Functions
+ *
+ * @since      0.9.33.1
+ */
+
+/**
+ * return an array of available hashes for the crypt() function
+ *
+ * @return array
+ */
+function getAvailablePasswordHashes()
+{
+    global $lng;
+    
+    // get available pwd-hases
+    $available_pwdhashes = array(
+        0 => $lng['serversettings']['systemdefault']
+    );
+    if (defined('CRYPT_MD5') && CRYPT_MD5 == 1) {
+        $available_pwdhashes[1] = 'MD5';
+    }
+    if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) {
+        $available_pwdhashes[2] = 'BLOWFISH';
+    }
+    if (defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) {
+        $available_pwdhashes[3] = 'SHA-256';
+    }
+    if (defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
+        $available_pwdhashes[4] = 'SHA-512';
+    }
+    
+    return $available_pwdhashes;
+}

lib/functions/validate/function.checkMysqlAccessHost.php

@@ -23,7 +23,7 @@ function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfie
 
 	foreach ($mysql_access_host_array as $host_entry) {
 
-		if (validate_ip2($host_entry, true, 'invalidip', true) == false
+		if (validate_ip2($host_entry, true, 'invalidip', true, true) == false
 		   && validateDomain($host_entry) == false
 		   && validateLocalHostname($host_entry) == false
 		   && $host_entry != '%'

lib/functions/validate/function.validate_ip.php

@@ -44,13 +44,21 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
 /**
  * Checks whether it is a valid ip
  *
- * @return mixed 	ip address on success, false on failure
+ * @param string $ip ip-address to check
+ * @param bool $return_bool whether to return bool or call standard_error()
+ * @param string $lng index for error-message (if $return_bool is false)
+ * @param bool $allow_localhost whether to allow 127.0.0.1
+ * @param bool $allow_priv whether to allow private network addresses
+ *
+ * @return string|bool ip address on success, false on failure
  */
-function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false) {
+function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
+
+    $filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
 
 	if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
 			|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
-			&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)
+			&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
 	) {
 		return $ip;
 	}

lib/tables.inc.php

@@ -51,6 +51,6 @@ define('TABLE_PANEL_DOMAIN_SSL_SETTINGS', 'domain_ssl_settings');
 define('TABLE_DOMAINTOIP', 'panel_domaintoip');
 
 // VERSION INFO
-$version = '0.9.33';
+$version = '0.9.33.2';
 $dbversion = '2';
 $branding = '';

scripts/froxlor_master_cronjob.php

@@ -47,6 +47,8 @@ for ($x = 1; $x < count($argv); $x++) {
 			// really force re-generating of config-files by
 			// inserting task 1
 			inserttask('1');
+			// bind (if enabled, inserttask() checks this)
+			inserttask('4');
 			// also regenerate cron.d-file
 			inserttask('99');
 			addToQueue($jobs_to_run, $crontasks);

scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php

@@ -58,7 +58,12 @@ class apache_fcgid extends apache
 					$php_options_text.= '    </FilesMatch>' . "\n";
 					// >=apache-2.4 enabled?
 					if (Settings::Get('system.apache24') == '1') {
-						$php_options_text.= '    Require all granted' . "\n";
+					    $mypath_dir = new frxDirectory($domain['documentroot']);
+					    // only create the require all granted if there is not active directory-protection
+					    // for this path, as this would be the first require and therefore grant all access
+					    if ($mypath_dir->isUserProtected() == false) {
+						    $php_options_text.= '    Require all granted' . "\n";
+					    }
 					} else {
 						$php_options_text.= '    Order allow,deny' . "\n";
 						$php_options_text.= '    allow from all' . "\n";
@@ -90,7 +95,12 @@ class apache_fcgid extends apache
 					$php_options_text.= '    </FilesMatch>' . "\n";
 					// >=apache-2.4 enabled?
 					if (Settings::Get('system.apache24') == '1') {
-						$php_options_text.= '    Require all granted' . "\n";
+					    $mypath_dir = new frxDirectory($domain['documentroot']);
+					    // only create the require all granted if there is not active directory-protection
+					    // for this path, as this would be the first require and therefore grant all access
+					    if ($mypath_dir->isUserProtected() == false) {
+						    $php_options_text.= '    Require all granted' . "\n";
+					    }
 					} else {
 						$php_options_text.= '    Order allow,deny' . "\n";
 						$php_options_text.= '    allow from all' . "\n";

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -449,7 +449,7 @@ class nginx {
 
 		// Clean user defined settings
 		$vhost_usr = str_replace("\r", "\n", $vhost_usr); // Remove windows linebreaks
-		$vhost_usr = str_replace(array("{", "}"), array("{\n", "\n}"), $vhost_usr); // Break blocks into lines
+		$vhost_usr = str_replace(array("{ ", " }"), array("{\n", "\n}"), $vhost_usr); // Break blocks into lines
 		$vhost_usr = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_usr)))); // Break into array items
 		$vhost_usr = array_filter($vhost_usr, create_function('$a','return preg_match("#\S#", $a);')); // Remove empty lines
 

templates/Sparkle/webftp/webftp_navigation_element.tpl

@@ -0,0 +1,13 @@
+<div class="menuelement">
+        <h4>
+                {if $navurl != '#'}
+                        <a href="{$navurl}" {$target} class="menu">{$navlabel}</a>
+                {else}
+                        {$navlabel}
+                {/if}
+        </h4>
+        <ul>
+                {$navigation_links}
+        </ul>
+</div>
+

templates/misc/configfiles/debian_wheezy/dovecot/etc_dovecot_conf.d_10-master.conf

@@ -102,6 +102,7 @@ service auth {
   unix_listener auth-client {
     mode = 0660
     user = mail
+    group = Debian-exim
   }
 
   # Auth process is run as this user.

templates/misc/configfiles/rhel7/postfix/etc_postfix_master.cf

@@ -1,3 +1,3 @@
 
 # added for Froxlor
-dovecot			unix	-	n	n	-	-	pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
+dovecot			unix	-	n	n	-	-	pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

webftp.php

@@ -664,15 +664,24 @@ if (isset($_GET['logoff']) || isset($_POST['logoff'])) {
 				$body .= $smarty->fetch('webftp/webftp_main_multiple.tpl');
 			}
 		}
-		$smarty->assign('completeLink', '<a href="webftp.php?logoff=true">' . _('Logout') . '</a>');
-		$navlinks = $smarty->fetch('navigation_link.tpl');
-		$smarty->assign('completeLink', '<a href="webftp.php?webftp.php?action=mode&amp;mode=FTP_BINARY&amp;currentDir=' . $currentDir . '">' . _('Switch to BINARY mode') . '</a>');
-		$navlinks .= $smarty->fetch('navigation_link.tpl');
-		$smarty->assign('completeLink', '<a href="webftp.php?webftp.php?action=mode&amp;mode=FTP_ASCII&amp;currentDir=' . $currentDir . '">' . _('Switch to ASCII mode') . '</a>');
-		$navlinks .= $smarty->fetch('navigation_link.tpl');
-		$smarty->assign('completeLink', _('Main'));
-		$smarty->assign('navigation_links', $navlinks);
-		$smarty->assign('navigation', $smarty->fetch('navigation_element.tpl'));
+
+                $smarty->assign('target', '');
+                $smarty->assign('active', '');
+
+                $smarty->assign('navurl', 'webftp.php?logoff=true');
+                $smarty->assign('navlabel', _('Logout'));
+                $navlinks = $smarty->fetch('navigation_link.tpl');
+                $smarty->assign('navurl', 'webftp.php?webftp.php?action=mode&amp;mode=FTP_BINARY&amp;currentDir=' . $currentDir);
+                $smarty->assign('navlabel', _('Switch to BINARY mode'));
+                $navlinks .= $smarty->fetch('navigation_link.tpl');
+                $smarty->assign('navurl', 'webftp.php?webftp.php?action=mode&amp;mode=FTP_ASCII&amp;currentDir=' . $currentDir);
+                $smarty->assign('navlabel', _('Switch to ASCII mode'));
+                $navlinks .= $smarty->fetch('navigation_link.tpl');
+                $smarty->assign('navlabel', _('Main'));
+                $smarty->assign('navurl', "#");
+                $smarty->assign('navigation_links', $navlinks);
+                $smarty->assign('navigation', $smarty->fetch('webftp/webftp_navigation_element.tpl'));
+
 	}
 	else {
 		$smarty->assign('errormessage', _('Login failed, please try again') . "\n");