Compare commits
40 Commits
0.9.38-rc1
...
0.9.38.4
| Author | SHA1 | Date | |
|---|---|---|---|
|
56276a19d1 | ||
|
|
c00abc3b92 | ||
|
|
301dadaa02 | ||
|
|
54200427ab | ||
|
|
f8996ad767 | ||
|
|
9838ff4da5 | ||
|
|
192e00c717 | ||
|
|
43ca4a28e4 | ||
|
|
16e9fd6bd9 | ||
|
|
16f547bce0 | ||
|
|
60a482dce6 | ||
|
|
9540cb158c | ||
|
|
1984aced9d | ||
|
|
ca2949da71 | ||
|
|
eb8449fd79 | ||
|
|
547140bafb | ||
|
d245bca445 | ||
|
|
5f899a5510 | ||
|
|
432645431c | ||
|
|
7e4164da26 | ||
|
|
fad607c6e8 | ||
|
|
d6b56262ce | ||
|
|
c409d8a6ba | ||
|
|
4274b8a737 | ||
|
|
60c1babd93 | ||
|
|
ec6ddd054d | ||
|
|
76c200a56c | ||
|
|
a44be363a6 | ||
|
|
304926260f | ||
|
|
462fca7328 | ||
|
|
884b2ed913 | ||
|
|
af77453bfe | ||
|
|
fa45de6586 | ||
|
|
b4e8458076 | ||
|
|
979b1b0ad8 | ||
|
|
2bee58166b | ||
|
|
3597a89da3 | ||
|
|
f406962dfd | ||
|
|
ce31a0b3fd | ||
|
|
fc2ae594cb |
@@ -234,6 +234,7 @@ return array(
|
||||
'type' => 'option',
|
||||
'default' => '',
|
||||
'option_mode' => 'multiple',
|
||||
'option_emptyallowed' => true,
|
||||
'option_options' => array(
|
||||
'email' => $lng['menue']['email']['email'],
|
||||
'mysql' => $lng['menue']['mysql']['mysql'],
|
||||
|
||||
@@ -39,7 +39,7 @@ return array(
|
||||
'varname' => 'le_froxlor_enabled',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'save_method' => 'storeSettingClearCertificates',
|
||||
'visible' => Settings::Get('system.leenabled')
|
||||
),
|
||||
'system_le_froxlor_redirect' => array(
|
||||
@@ -49,7 +49,36 @@ return array(
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'visible' => Settings::Get('system.leenabled')
|
||||
'visible' => Settings::Get('system.use_ssl')
|
||||
),
|
||||
'system_hsts_maxage' => array(
|
||||
'label' => $lng['admin']['domain_hsts_maxage'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'hsts_maxage',
|
||||
'type' => 'int',
|
||||
'int_min' => 0,
|
||||
'int_max' => 94608000, // 3-years
|
||||
'default' => 0,
|
||||
'save_method' => 'storeSettingField',
|
||||
'visible' => Settings::Get('system.use_ssl')
|
||||
),
|
||||
'system_hsts_incsub' => array(
|
||||
'label' => $lng['admin']['domain_hsts_incsub'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'hsts_incsub',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'visible' => Settings::Get('system.use_ssl')
|
||||
),
|
||||
'system_hsts_preload' => array(
|
||||
'label' => $lng['admin']['domain_hsts_preload'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'hsts_preload',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'visible' => Settings::Get('system.use_ssl')
|
||||
),
|
||||
/**
|
||||
* FCGID
|
||||
|
||||
@@ -179,6 +179,17 @@ return array(
|
||||
'nginx'
|
||||
)
|
||||
),
|
||||
'system_nginx_http2_support' => array(
|
||||
'label' => $lng['serversettings']['nginx_http2_support'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'nginx_http2_support',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'websrv_avail' => array(
|
||||
'nginx'
|
||||
)
|
||||
),
|
||||
'system_nginx_php_backend' => array(
|
||||
'label' => $lng['serversettings']['nginx_php_backend'],
|
||||
'settinggroup' => 'system',
|
||||
@@ -260,11 +271,7 @@ return array(
|
||||
'varname' => 'enabled',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'websrv_avail' => array(
|
||||
'apache2',
|
||||
'lighttpd'
|
||||
)
|
||||
'save_method' => 'storeSettingField'
|
||||
),
|
||||
'customredirect_default' => array(
|
||||
'label' => $lng['serversettings']['customredirect_default'],
|
||||
@@ -274,11 +281,7 @@ return array(
|
||||
'default' => '1',
|
||||
'option_mode' => 'one',
|
||||
'option_options_method' => 'getRedirectCodes',
|
||||
'save_method' => 'storeSettingField',
|
||||
'websrv_avail' => array(
|
||||
'apache2',
|
||||
'lighttpd'
|
||||
)
|
||||
'save_method' => 'storeSettingField'
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
@@ -153,33 +153,7 @@ return array(
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField'
|
||||
),
|
||||
'system_hsts_maxage' => array(
|
||||
'label' => $lng['admin']['domain_hsts_maxage'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'hsts_maxage',
|
||||
'type' => 'int',
|
||||
'int_min' => 0,
|
||||
'int_max' => 94608000, // 3-years
|
||||
'default' => 0,
|
||||
'save_method' => 'storeSettingField'
|
||||
),
|
||||
'system_hsts_incsub' => array(
|
||||
'label' => $lng['admin']['domain_hsts_incsub'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'hsts_incsub',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField'
|
||||
),
|
||||
'system_hsts_preload' => array(
|
||||
'label' => $lng['admin']['domain_hsts_preload'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'hsts_preload',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField'
|
||||
),
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
@@ -210,6 +210,8 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
'id' => $id
|
||||
));
|
||||
|
||||
$deleted_domains = $del_stmt->rowCount();
|
||||
|
||||
$upd_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
|
||||
`subdomains_used` = `subdomains_used` - :domaincount
|
||||
@@ -777,7 +779,7 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
'termination_date' => $termination_date,
|
||||
'issubof' => $issubof,
|
||||
'letsencrypt' => $letsencrypt,
|
||||
'hsts' => $hsts_maxage,
|
||||
'hsts_maxage' => $hsts_maxage,
|
||||
'hsts_sub' => $hsts_sub,
|
||||
'hsts_preload' => $hsts_preload
|
||||
);
|
||||
@@ -1081,8 +1083,12 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
} elseif ($action == 'edit' && $id != 0) {
|
||||
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
|
||||
WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid"));
|
||||
SELECT `d`.*, `c`.`customerid`
|
||||
FROM `" . TABLE_PANEL_DOMAINS . "` `d`
|
||||
LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
|
||||
WHERE `d`.`parentdomainid` = '0'
|
||||
AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid")
|
||||
);
|
||||
$params = array(
|
||||
'id' => $id
|
||||
);
|
||||
@@ -1227,7 +1233,7 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
$adminid = $result['adminid'];
|
||||
}
|
||||
|
||||
$aliasdomain = intval($_POST['alias']);
|
||||
$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
|
||||
$issubof = intval($_POST['issubof']);
|
||||
$subcanemaildomain = intval($_POST['subcanemaildomain']);
|
||||
$caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0;
|
||||
@@ -1398,6 +1404,11 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
$letsencrypt = (int) $_POST['letsencrypt'];
|
||||
}
|
||||
|
||||
// HSTS
|
||||
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
|
||||
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
|
||||
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
|
||||
|
||||
$ssl_ipandports = array();
|
||||
if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
|
||||
$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
|
||||
@@ -1424,11 +1435,6 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
}
|
||||
}
|
||||
|
||||
// HSTS
|
||||
$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
|
||||
$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
|
||||
$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
|
||||
|
||||
} else {
|
||||
$ssl_redirect = 0;
|
||||
$letsencrypt = 0;
|
||||
@@ -1590,7 +1596,7 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
'ipandport' => serialize($ipandports),
|
||||
'ssl_ipandport' => serialize($ssl_ipandports),
|
||||
'letsencrypt' => $letsencrypt,
|
||||
'hsts' => $hsts_maxage,
|
||||
'hsts_maxage' => $hsts_maxage,
|
||||
'hsts_sub' => $hsts_sub,
|
||||
'hsts_preload' => $hsts_preload
|
||||
);
|
||||
@@ -1611,7 +1617,7 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
|
||||
$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';
|
||||
|
||||
if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt']) {
|
||||
if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload']) {
|
||||
inserttask('1');
|
||||
}
|
||||
|
||||
@@ -1640,6 +1646,16 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables");
|
||||
}
|
||||
|
||||
// check whether LE has been disabled, so we remove the certificate
|
||||
if ($letsencrypt == '0' && $result['letsencrypt'] == '1') {
|
||||
$del_stmt = Database::prepare("
|
||||
DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
|
||||
");
|
||||
Database::pexecute($del_stmt, array(
|
||||
'id' => $id
|
||||
));
|
||||
}
|
||||
|
||||
$updatechildren = '';
|
||||
|
||||
if ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {
|
||||
|
||||
@@ -578,7 +578,7 @@ if ($page == 'overview') {
|
||||
$_doredirect = true;
|
||||
}
|
||||
|
||||
$aliasdomain = intval($_POST['alias']);
|
||||
$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
|
||||
|
||||
if (isset($_POST['selectserveralias'])) {
|
||||
$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
|
||||
@@ -681,7 +681,11 @@ if ($page == 'overview') {
|
||||
|| $aliasdomain != $result['aliasdomain']
|
||||
|| $openbasedir_path != $result['openbasedir_path']
|
||||
|| $ssl_redirect != $result['ssl_redirect']
|
||||
|| $letsencrypt != $result['letsencrypt']) {
|
||||
|| $letsencrypt != $result['letsencrypt']
|
||||
|| $hsts_maxage != $result['hsts']
|
||||
|| $hsts_sub != $result['hsts_sub']
|
||||
|| $hsts_preload != $result['hsts_preload']
|
||||
) {
|
||||
$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");
|
||||
|
||||
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
|
||||
@@ -720,11 +724,20 @@ if ($page == 'overview') {
|
||||
// trigger when domain id for alias destination has changed: both for old and new destination
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
} else
|
||||
if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
|
||||
// or when wwwserveralias or letsencrypt was changed
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
}
|
||||
} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
|
||||
// or when wwwserveralias or letsencrypt was changed
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
}
|
||||
|
||||
// check whether LE has been disabled, so we remove the certificate
|
||||
if ($letsencrypt == '0' && $result['letsencrypt'] == '1') {
|
||||
$del_stmt = Database::prepare("
|
||||
DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
|
||||
");
|
||||
Database::pexecute($del_stmt, array(
|
||||
'id' => $id
|
||||
));
|
||||
}
|
||||
|
||||
inserttask('1');
|
||||
|
||||
|
||||
@@ -496,6 +496,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
||||
('system', 'ssl_cert_chainfile', ''),
|
||||
('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
|
||||
('system', 'nginx_php_backend', '127.0.0.1:8888'),
|
||||
('system', 'nginx_http2_support', '0'),
|
||||
('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
|
||||
('system', 'phpreload_command', ''),
|
||||
('system', 'apache24', '0'),
|
||||
@@ -575,8 +576,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
||||
('panel', 'password_numeric', '0'),
|
||||
('panel', 'password_special_char_required', '0'),
|
||||
('panel', 'password_special_char', '!?<>§$%+#=@'),
|
||||
('panel', 'version', '0.9.38-rc1'),
|
||||
('panel', 'db_version', '201610070');
|
||||
('panel', 'customer_hide_options', ''),
|
||||
('panel', 'version', '0.9.38.4'),
|
||||
('panel', 'db_version', '201611180');
|
||||
|
||||
|
||||
DROP TABLE IF EXISTS `panel_tasks`;
|
||||
|
||||
@@ -3507,3 +3507,48 @@ if (isFroxlorVersion('0.9.37')) {
|
||||
showUpdateStep("Updating from 0.9.37 to 0.9.38-rc1", false);
|
||||
updateToVersion('0.9.38-rc1');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38-rc1')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
|
||||
updateToVersion('0.9.38-rc2');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38-rc2')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
|
||||
updateToVersion('0.9.38');
|
||||
}
|
||||
|
||||
if (isDatabaseVersion('201610070')) {
|
||||
|
||||
showUpdateStep("Add Nginx http2 setting");
|
||||
Settings::AddNew("system.nginx_http2_support", 0);
|
||||
lastStepStatus(0);
|
||||
|
||||
updateToDbVersion('201611180');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
|
||||
updateToVersion('0.9.38.1');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38.1')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
|
||||
updateToVersion('0.9.38.2');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38.2')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
|
||||
updateToVersion('0.9.38.3');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38.3')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
|
||||
updateToVersion('0.9.38.4');
|
||||
}
|
||||
|
||||
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
|
||||
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
|
||||
$openbasedir .= $_phpappendopenbasedir;
|
||||
|
||||
$openbasedir = explode(':', $openbasedir);
|
||||
$clean_openbasedir = array();
|
||||
foreach ($openbasedir as $number => $path) {
|
||||
if (trim($path) != '/') {
|
||||
$clean_openbasedir[] = makeCorrectDir($path);
|
||||
}
|
||||
}
|
||||
$openbasedir = implode(':', $clean_openbasedir);
|
||||
|
||||
} else {
|
||||
$openbasedir = 'none';
|
||||
$openbasedirc = ';';
|
||||
|
||||
@@ -267,15 +267,6 @@ class phpinterface_fpm {
|
||||
|
||||
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
|
||||
$openbasedir .= $_phpappendopenbasedir;
|
||||
|
||||
$openbasedir = explode(':', $openbasedir);
|
||||
$clean_openbasedir = array();
|
||||
foreach ($openbasedir as $number => $path) {
|
||||
if (trim($path) != '/') {
|
||||
$clean_openbasedir[] = makeCorrectDir($path);
|
||||
}
|
||||
}
|
||||
$openbasedir = implode(':', $clean_openbasedir);
|
||||
}
|
||||
}
|
||||
$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
|
||||
|
||||
@@ -175,7 +175,7 @@ return array(
|
||||
'int_max' => 94608000, // 3-years
|
||||
'value' => 0
|
||||
),
|
||||
'hsts_incsub' => array(
|
||||
'hsts_sub' => array(
|
||||
'visible' => ($ssl_ipsandports != '' ? true : false),
|
||||
'label' => $lng['admin']['domain_hsts_incsub']['title'],
|
||||
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
|
||||
|
||||
@@ -198,7 +198,7 @@ return array(
|
||||
'int_max' => 94608000, // 3-years
|
||||
'value' => $result['hsts']
|
||||
),
|
||||
'hsts_incsub' => array(
|
||||
'hsts_sub' => array(
|
||||
'visible' => ($ssl_ipsandports != '' ? true : false),
|
||||
'label' => $lng['admin']['domain_hsts_incsub']['title'],
|
||||
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
|
||||
|
||||
@@ -54,7 +54,7 @@ return array(
|
||||
'type' => 'text'
|
||||
),
|
||||
'redirectcode' => array(
|
||||
'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
|
||||
'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
|
||||
'label' => $lng['domains']['redirectifpathisurl'],
|
||||
'desc' => $lng['domains']['redirectifpathisurlinfo'],
|
||||
'type' => 'select',
|
||||
@@ -107,7 +107,7 @@ return array(
|
||||
'int_max' => 94608000, // 3-years
|
||||
'value' => 0
|
||||
),
|
||||
'hsts_incsub' => array(
|
||||
'hsts_sub' => array(
|
||||
'visible' => ($ssl_ipsandports != '' ? true : false),
|
||||
'label' => $lng['admin']['domain_hsts_incsub']['title'],
|
||||
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
|
||||
|
||||
@@ -54,7 +54,7 @@ return array(
|
||||
'value' => $urlvalue
|
||||
),
|
||||
'redirectcode' => array(
|
||||
'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
|
||||
'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
|
||||
'label' => $lng['domains']['redirectifpathisurl'],
|
||||
'desc' => $lng['domains']['redirectifpathisurlinfo'],
|
||||
'type' => 'select',
|
||||
@@ -118,7 +118,7 @@ return array(
|
||||
'int_max' => 94608000, // 3-years
|
||||
'value' => $result['hsts']
|
||||
),
|
||||
'hsts_incsub' => array(
|
||||
'hsts_sub' => array(
|
||||
'visible' => ($ssl_ipsandports != '' ? true : false),
|
||||
'label' => $lng['admin']['domain_hsts_incsub']['title'],
|
||||
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
|
||||
|
||||
@@ -275,13 +275,11 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
|
||||
Database::pexecute($upd_stmt, array('serial' => $domain['bindserial'], 'id' => $domain['id']));
|
||||
}
|
||||
|
||||
$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
|
||||
$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
|
||||
// PowerDNS does not like multi-line-format
|
||||
$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
|
||||
$soa_content .= $domain['bindserial'] . " ";
|
||||
// TODO for now, dummy time-periods
|
||||
$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
|
||||
$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
|
||||
$soa_content .= "604800\t; expire (7 days)" . PHP_EOL;
|
||||
$soa_content .= "1200\t)\t; minimum (20 mins)";
|
||||
$soa_content .= "1800 900 604800 1200";
|
||||
|
||||
$soa_record = new DnsEntry('@', 'SOA', $soa_content);
|
||||
array_unshift($zonerecords, $soa_record);
|
||||
|
||||
@@ -17,27 +17,57 @@
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* Returns an array of found directories
|
||||
*
|
||||
* This function checks every found directory if they match either $uid or $gid, if they do
|
||||
* the found directory is valid. It uses recursive-iterators to find subdirectories.
|
||||
*
|
||||
* @param string $path the path to start searching in
|
||||
* @param int $uid the uid which must match the found directories
|
||||
* @param int $gid the gid which must match the found direcotries
|
||||
* @param string $path
|
||||
* the path to start searching in
|
||||
* @param int $uid
|
||||
* the uid which must match the found directories
|
||||
* @param int $gid
|
||||
* the gid which must match the found direcotries
|
||||
*
|
||||
* @return array Array of found valid paths
|
||||
*/
|
||||
function findDirs($path, $uid, $gid) {
|
||||
|
||||
$_fileList = array ();
|
||||
function findDirs($path, $uid, $gid)
|
||||
{
|
||||
$_fileList = array();
|
||||
$path = makeCorrectDir($path);
|
||||
|
||||
// valid directory?
|
||||
if (is_dir($path)) {
|
||||
|
||||
// Will exclude everything under these directories
|
||||
$exclude = array(
|
||||
'awstats',
|
||||
'webalizer'
|
||||
);
|
||||
|
||||
/**
|
||||
*
|
||||
* @param SplFileInfo $file
|
||||
* @param mixed $key
|
||||
* @param RecursiveCallbackFilterIterator $iterator
|
||||
* @return bool True if you need to recurse or if the item is acceptable
|
||||
*/
|
||||
$filter = function ($file, $key, $iterator) use ($exclude) {
|
||||
if (in_array($file->getFilename(), $exclude)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
};
|
||||
|
||||
// create RecursiveIteratorIterator
|
||||
$its = new RecursiveIteratorIterator(new IgnorantRecursiveDirectoryIterator($path));
|
||||
$its = new RecursiveIteratorIterator(
|
||||
new RecursiveCallbackFilterIterator(
|
||||
new IgnorantRecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
|
||||
$filter
|
||||
)
|
||||
);
|
||||
// we can limit the recursion-depth, but will it be helpful or
|
||||
// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
|
||||
// let's keep this in mind and see whether it will be useful
|
||||
@@ -50,24 +80,27 @@ function findDirs($path, $uid, $gid) {
|
||||
$_fileList[] = makeCorrectDir(dirname($fullFileName));
|
||||
}
|
||||
}
|
||||
$_fileList[] = $path;
|
||||
}
|
||||
|
||||
return array_unique($_fileList);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
|
||||
* into UnexpectedValueException you may use this little hack to ignore those
|
||||
* directories, such as lost+found on linux.
|
||||
* (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
|
||||
**/
|
||||
class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator {
|
||||
function getChildren() {
|
||||
try {
|
||||
return new IgnorantRecursiveDirectoryIterator($this->getPathname());
|
||||
} catch(UnexpectedValueException $e) {
|
||||
return new RecursiveArrayIterator(array());
|
||||
}
|
||||
}
|
||||
* If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
|
||||
* into UnexpectedValueException you may use this little hack to ignore those
|
||||
* directories, such as lost+found on linux.
|
||||
* (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
|
||||
*/
|
||||
class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator
|
||||
{
|
||||
|
||||
function getChildren()
|
||||
{
|
||||
try {
|
||||
return new IgnorantRecursiveDirectoryIterator($this->getPathname());
|
||||
} catch (UnexpectedValueException $e) {
|
||||
return new RecursiveArrayIterator(array());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,7 +26,11 @@
|
||||
*/
|
||||
function makeCorrectDir($dir) {
|
||||
|
||||
assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
|
||||
if (version_compare("5.4.6", PHP_VERSION, ">")) {
|
||||
assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
|
||||
} else {
|
||||
assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
|
||||
}
|
||||
|
||||
$dir = trim($dir);
|
||||
|
||||
|
||||
@@ -64,7 +64,12 @@ function makePathfield($path, $uid, $gid, $value = '', $dom = false) {
|
||||
$_field = '';
|
||||
foreach ($dirList as $key => $dir) {
|
||||
if (strpos($dir, $path) === 0) {
|
||||
$dir = makeCorrectDir(substr($dir, strlen($path)));
|
||||
$dir = substr($dir, strlen($path));
|
||||
// docroot cut off of current directory == empty -> directory is the docroot
|
||||
if (empty($dir)) {
|
||||
$dir = '/';
|
||||
}
|
||||
$dir = makeCorrectDir($dir);
|
||||
}
|
||||
$_field.= makeoption($dir, $dir, $value);
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
|
||||
{
|
||||
$returnvalue = true;
|
||||
|
||||
|
||||
if(isset($fielddata['option_mode']) && $fielddata['option_mode'] == 'multiple')
|
||||
{
|
||||
$options = explode(',', $newfieldvalue);
|
||||
@@ -33,13 +33,16 @@ function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
|
||||
{
|
||||
$returnvalue = isset($fielddata['option_options'][$newfieldvalue]);
|
||||
}
|
||||
|
||||
|
||||
if($returnvalue === true)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {
|
||||
return true;
|
||||
}
|
||||
return 'not in option';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
|
||||
$newfieldvalue = '';
|
||||
$returnvalue = 'stringmustntbeempty';
|
||||
} else {
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
|
||||
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,11 +16,11 @@
|
||||
|
||||
/**
|
||||
* return an array of all enabled redirect-codes
|
||||
*
|
||||
*
|
||||
* @return array array of enabled redirect-codes
|
||||
*/
|
||||
function getRedirectCodesArray() {
|
||||
|
||||
|
||||
$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
|
||||
$result_stmt = Database::query($sql);
|
||||
|
||||
@@ -35,13 +35,13 @@ function getRedirectCodesArray() {
|
||||
/**
|
||||
* return an array of all enabled redirect-codes
|
||||
* for the settings form
|
||||
*
|
||||
*
|
||||
* @return array array of enabled redirect-codes
|
||||
*/
|
||||
function getRedirectCodes() {
|
||||
|
||||
global $lng;
|
||||
|
||||
|
||||
$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
|
||||
$result_stmt = Database::query($sql);
|
||||
|
||||
@@ -54,16 +54,17 @@ function getRedirectCodes() {
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the redirect-code for a given
|
||||
* returns the redirect-code for a given
|
||||
* domain-id
|
||||
*
|
||||
*
|
||||
* @param integer $domainid id of the domain
|
||||
*
|
||||
* @param string $default
|
||||
*
|
||||
* @return string redirect-code
|
||||
*/
|
||||
function getDomainRedirectCode($domainid = 0) {
|
||||
function getDomainRedirectCode($domainid = 0, $default = '') {
|
||||
|
||||
$code = '';
|
||||
$code = $default;
|
||||
if ($domainid > 0) {
|
||||
|
||||
$result_stmt = Database::prepare("
|
||||
@@ -83,11 +84,11 @@ function getDomainRedirectCode($domainid = 0) {
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the redirect-id for a given
|
||||
* returns the redirect-id for a given
|
||||
* domain-id
|
||||
*
|
||||
*
|
||||
* @param integer $domainid id of the domain
|
||||
*
|
||||
*
|
||||
* @return integer redirect-code-id
|
||||
*/
|
||||
function getDomainRedirectId($domainid = 0) {
|
||||
@@ -112,10 +113,10 @@ function getDomainRedirectId($domainid = 0) {
|
||||
|
||||
/**
|
||||
* adds a redirectcode for a domain
|
||||
*
|
||||
*
|
||||
* @param integer $domainid id of the domain to add the code for
|
||||
* @param integer $redirect selected redirect-id
|
||||
*
|
||||
* @param integer $redirect selected redirect-id
|
||||
*
|
||||
* @return null
|
||||
*/
|
||||
function addRedirectToDomain($domainid = 0, $redirect = 1) {
|
||||
@@ -130,10 +131,10 @@ function addRedirectToDomain($domainid = 0, $redirect = 1) {
|
||||
/**
|
||||
* updates the redirectcode of a domain
|
||||
* if redirect-code is false, nothing happens
|
||||
*
|
||||
*
|
||||
* @param integer $domainid id of the domain to update
|
||||
* @param integer $redirect selected redirect-id or false
|
||||
*
|
||||
*
|
||||
* @return null
|
||||
*/
|
||||
function updateRedirectOfDomain($domainid = 0, $redirect = false) {
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2003-2009 the SysCP Team (see authors).
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Froxlor team <team@froxlor.org> (2010-)
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Functions
|
||||
*
|
||||
*/
|
||||
|
||||
function storeSettingClearCertificates($fieldname, $fielddata, $newfieldvalue) {
|
||||
|
||||
$returnvalue = storeSettingField($fieldname, $fielddata, $newfieldvalue);
|
||||
|
||||
if ($returnvalue !== false
|
||||
&& is_array($fielddata)
|
||||
&& isset($fielddata['settinggroup'])
|
||||
&& $fielddata['settinggroup'] == 'system'
|
||||
&& isset($fielddata['varname'])
|
||||
&& $fielddata['varname'] == 'le_froxlor_enabled'
|
||||
&& $newfieldvalue == '0'
|
||||
) {
|
||||
Database::query("
|
||||
DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
|
||||
");
|
||||
}
|
||||
|
||||
return $returnvalue;
|
||||
}
|
||||
@@ -21,40 +21,43 @@
|
||||
* to a line for a open_basedir directive
|
||||
*
|
||||
* @param string $path
|
||||
* the path to check and append
|
||||
* the path to check and append
|
||||
* @param boolean $first
|
||||
* if true, no ':' will be prefixed to the path
|
||||
*
|
||||
* if true, no ':' will be prefixed to the path
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function appendOpenBasedirPath($path = '', $first = false)
|
||||
{
|
||||
if ($path != '' && $path != '/'
|
||||
&& (! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
|
||||
&& ! preg_match("#^/proc#i", $path)
|
||||
&& ! preg_match("#^/etc#i", $path)
|
||||
&& ! preg_match("#^/sys#i", $path)
|
||||
&& ! preg_match("#:#", $path)
|
||||
) {
|
||||
|
||||
$path = makeCorrectDir($path);
|
||||
|
||||
// check for php-version that requires the trailing
|
||||
// slash to be removed as it does not allow the usage
|
||||
// of the subfolders within the given folder, fixes #797
|
||||
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
|
||||
// check trailing slash
|
||||
if (substr($path, - 1, 1) == '/') {
|
||||
// remove it
|
||||
$path = substr($path, 0, - 1);
|
||||
}
|
||||
}
|
||||
|
||||
if ($first) {
|
||||
return $path;
|
||||
}
|
||||
|
||||
return ':' . $path;
|
||||
}
|
||||
return '';
|
||||
if ($path != '' && $path != '/' &&
|
||||
(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
|
||||
&& ! preg_match("#^/proc#i", $path)
|
||||
&& ! preg_match("#^/etc#i", $path)
|
||||
&& ! preg_match("#^/sys#i", $path)
|
||||
&& ! preg_match("#:#", $path)) {
|
||||
|
||||
if (preg_match("#^/dev/urandom#i", $path)) {
|
||||
$path = makeCorrectFile($path);
|
||||
} else {
|
||||
$path = makeCorrectDir($path);
|
||||
}
|
||||
|
||||
// check for php-version that requires the trailing
|
||||
// slash to be removed as it does not allow the usage
|
||||
// of the subfolders within the given folder, fixes #797
|
||||
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
|
||||
// check trailing slash
|
||||
if (substr($path, - 1, 1) == '/') {
|
||||
// remove it
|
||||
$path = substr($path, 0, - 1);
|
||||
}
|
||||
}
|
||||
|
||||
if ($first) {
|
||||
return $path;
|
||||
}
|
||||
|
||||
return ':' . $path;
|
||||
}
|
||||
return '';
|
||||
}
|
||||
|
||||
@@ -37,7 +37,11 @@ function validateUrl($url) {
|
||||
}
|
||||
|
||||
// needs converting
|
||||
$url = $idna_convert->encode($url);
|
||||
try {
|
||||
$url = $idna_convert->encode($url);
|
||||
} catch (Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$pattern = "/^https?:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,4}(\:[0-9]+)?\/?(.+)?$/i";
|
||||
if (preg_match($pattern, $url)) {
|
||||
|
||||
@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
|
||||
* @param string $lng index for error-message (if $return_bool is false)
|
||||
* @param bool $allow_localhost whether to allow 127.0.0.1
|
||||
* @param bool $allow_priv whether to allow private network addresses
|
||||
* @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
|
||||
*
|
||||
* @return string|bool ip address on success, false on failure
|
||||
*/
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
$cidr = "";
|
||||
if ($allow_cidr) {
|
||||
$org_ip = $ip;
|
||||
$ip_cidr = explode("/", $ip);
|
||||
if (count($ip_cidr) == 2) {
|
||||
$ip = $ip_cidr[0];
|
||||
$cidr = "/".$ip_cidr[1];
|
||||
} else {
|
||||
$ip = $org_ip;
|
||||
}
|
||||
} elseif (strpos($ip, "/") !== false) {
|
||||
if ($return_bool) {
|
||||
return false;
|
||||
} else {
|
||||
standard_error($lng, $ip);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
|
||||
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|
||||
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
|
||||
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
|
||||
) {
|
||||
return $ip;
|
||||
return $ip.$cidr;
|
||||
}
|
||||
|
||||
// special case where localhost ip is allowed (mysql-access-hosts for example)
|
||||
if ($allow_localhost && $ip == '127.0.0.1') {
|
||||
return $ip;
|
||||
return $ip.$cidr;
|
||||
}
|
||||
|
||||
if ($return_bool) {
|
||||
|
||||
@@ -16,10 +16,10 @@
|
||||
*/
|
||||
|
||||
// Main version variable
|
||||
$version = '0.9.38-rc1';
|
||||
$version = '0.9.38.4';
|
||||
|
||||
// Database version (YYYYMMDDC where C is a daily counter)
|
||||
$dbversion = '201610070';
|
||||
$dbversion = '201611180';
|
||||
|
||||
// Distribution branding-tag (used for Debian etc.)
|
||||
$branding = '';
|
||||
|
||||
@@ -2062,3 +2062,6 @@ $lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
|
||||
$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
|
||||
$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
|
||||
$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
|
||||
|
||||
$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
|
||||
$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';
|
||||
|
||||
@@ -1710,6 +1710,6 @@ $lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
|
||||
$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
|
||||
$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header<br>Der Wert <i>0</i> deaktiviert HSTS für diese Domain. Meist wird der Wert <i>31536000</i> gerne genutzt (ein Jahr).';
|
||||
$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
|
||||
$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
|
||||
$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
|
||||
$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
|
||||
$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';
|
||||
|
||||
@@ -141,8 +141,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
|
||||
if ($insert_or_update_required) {
|
||||
$domains = array(
|
||||
$certrow['domain'],
|
||||
'www.' . $certrow['domain']
|
||||
$certrow['domain']
|
||||
);
|
||||
|
||||
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
||||
|
||||
@@ -129,9 +129,7 @@ class bind extends DnsBase
|
||||
// AXFR server #100
|
||||
if (count($this->_axfr) > 0) {
|
||||
foreach ($this->_axfr as $axfrserver) {
|
||||
if (validate_ip($axfrserver, true) !== false) {
|
||||
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
|
||||
}
|
||||
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
|
||||
}
|
||||
}
|
||||
// close allow-transfer
|
||||
|
||||
@@ -194,10 +194,8 @@ class pdns extends DnsBase
|
||||
// AXFR server #100
|
||||
if (count($this->_axfr) > 0) {
|
||||
foreach ($this->_axfr as $axfrserver) {
|
||||
if (validate_ip($axfrserver, true) !== false) {
|
||||
$ins_data['value'] = $axfrserver;
|
||||
$ins_stmt->execute($ins_data);
|
||||
}
|
||||
$ins_data['value'] = $axfrserver;
|
||||
$ins_stmt->execute($ins_data);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
<?php
|
||||
|
||||
if (! defined('MASTER_CRONJOB'))
|
||||
die('You cannot access this file directly!');
|
||||
|
||||
@@ -183,6 +182,10 @@ class apache extends HttpConfigBase
|
||||
}
|
||||
|
||||
if ($row_ipsandports['vhostcontainer'] == '1') {
|
||||
|
||||
$without_vhost = $this->virtualhosts_data[$vhosts_filename];
|
||||
$close_vhost = true;
|
||||
|
||||
$this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
|
||||
|
||||
$mypath = $this->getMyPath($row_ipsandports);
|
||||
@@ -224,7 +227,7 @@ class apache extends HttpConfigBase
|
||||
}
|
||||
}
|
||||
|
||||
if (!$is_redirect) {
|
||||
if (! $is_redirect) {
|
||||
// create fcgid <Directory>-Part (starter is created in apache_fcgid)
|
||||
if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
|
||||
$configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
|
||||
@@ -274,13 +277,14 @@ class apache extends HttpConfigBase
|
||||
}
|
||||
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
|
||||
}
|
||||
} // create php-fpm <Directory>-Part (config is created in apache_fcgid)
|
||||
}
|
||||
elseif (Settings::Get('phpfpm.enabled') == '1') {
|
||||
// create php-fpm <Directory>-Part (config is created in apache_fcgid)
|
||||
$domain = array(
|
||||
'id' => 'none',
|
||||
'domain' => Settings::Get('system.hostname'),
|
||||
'adminid' => 1, /* first admin-user (superadmin) */
|
||||
'mod_fcgid_starter' => - 1,
|
||||
'mod_fcgid_starter' => - 1,
|
||||
'mod_fcgid_maxrequests' => - 1,
|
||||
'guid' => Settings::Get('phpfpm.vhost_httpuser'),
|
||||
'openbasedir' => 0,
|
||||
@@ -332,7 +336,7 @@ class apache extends HttpConfigBase
|
||||
'id' => 'none',
|
||||
'domain' => Settings::Get('system.hostname'),
|
||||
'adminid' => 1, /* first admin-user (superadmin) */
|
||||
'guid' => Settings::Get('system.httpuser'),
|
||||
'guid' => Settings::Get('system.httpuser'),
|
||||
'openbasedir' => 0,
|
||||
'email' => Settings::Get('panel.adminmail'),
|
||||
'loginname' => 'froxlor.panel',
|
||||
@@ -408,7 +412,7 @@ class apache extends HttpConfigBase
|
||||
} else {
|
||||
|
||||
$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
|
||||
$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
|
||||
$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
|
||||
// this makes it more secure, thx to Marcel (08/2013)
|
||||
$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
|
||||
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
|
||||
@@ -443,10 +447,19 @@ class apache extends HttpConfigBase
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// if there is no cert-file specified but we are generating a ssl-vhost,
|
||||
// we should return an empty string because this vhost would suck dick, ref #1583
|
||||
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain['domain'] . ' :: empty certificate file! Cannot create ssl-directives');
|
||||
$this->virtualhosts_data[$vhosts_filename] = $without_vhost;
|
||||
$this->virtualhosts_data[$vhosts_filename] .= '# no ssl-certificate was specified for this domain, therefore no explicit vhost-container is being generated';
|
||||
$close_vhost = false;
|
||||
}
|
||||
}
|
||||
|
||||
$this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
|
||||
if ($close_vhost) {
|
||||
$this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
|
||||
}
|
||||
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
|
||||
}
|
||||
unset($vhosts_filename);
|
||||
@@ -602,10 +615,10 @@ class apache extends HttpConfigBase
|
||||
} else {
|
||||
$stats_text .= ' Alias /webalizer "' . makeCorrectFile($domain['customerroot'] . '/webalizer') . '"' . "\n";
|
||||
}
|
||||
} // if the docroots are equal, we still have to set an alias for awstats
|
||||
// because the stats are in /awstats/[domain], not just /awstats/
|
||||
// also, the awstats-icons are someplace else too!
|
||||
// -> webalizer does not need this!
|
||||
} // if the docroots are equal, we still have to set an alias for awstats
|
||||
// because the stats are in /awstats/[domain], not just /awstats/
|
||||
// also, the awstats-icons are someplace else too!
|
||||
// -> webalizer does not need this!
|
||||
elseif (Settings::Get('system.awstats_enabled') == '1') {
|
||||
$stats_text .= ' Alias /awstats "' . makeCorrectFile($domain['documentroot'] . '/awstats/' . $domain['domain']) . '"' . "\n";
|
||||
$stats_text .= ' Alias /awstats-icon "' . makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n";
|
||||
@@ -817,7 +830,7 @@ class apache extends HttpConfigBase
|
||||
|
||||
if ($domain['ssl_cert_file'] != '') {
|
||||
$vhost_content .= ' SSLEngine On' . "\n";
|
||||
$vhost_content .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
|
||||
$vhost_content .= ' SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
|
||||
// this makes it more secure, thx to Marcel (08/2013)
|
||||
$vhost_content .= ' SSLHonorCipherOrder On' . "\n";
|
||||
$vhost_content .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
|
||||
@@ -860,10 +873,10 @@ class apache extends HttpConfigBase
|
||||
$domain['documentroot'] = trim($domain['documentroot']);
|
||||
|
||||
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
|
||||
$corrected_docroot = $this->idnaConvert->encode_uri($domain['documentroot']);
|
||||
$corrected_docroot = $domain['documentroot'];
|
||||
|
||||
// Get domain's redirect code
|
||||
$code = getDomainRedirectCode($domain['id']);
|
||||
$code = getDomainRedirectCode($domain['id'], '301');
|
||||
$modrew_red = '';
|
||||
if ($code != '') {
|
||||
$modrew_red = ' [R=' . $code . ';L,NE]';
|
||||
|
||||
@@ -210,7 +210,9 @@ class lighttpd extends HttpConfigBase
|
||||
echo $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n";
|
||||
} else {
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.use-compression = "disable"' . "\n";
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv2 = "disable"' . "\n";
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv3 = "disable"' . "\n";
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.honor-cipher-order = "enable"' . "\n";
|
||||
$this->lighttpd_data[$vhost_filename] .= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
|
||||
@@ -429,8 +431,14 @@ class lighttpd extends HttpConfigBase
|
||||
$domain['documentroot'] = trim($domain['documentroot']);
|
||||
|
||||
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
|
||||
$uri = $domain['documentroot'];
|
||||
|
||||
// Get domain's redirect code
|
||||
$code = getDomainRedirectCode($domain['id'], '301');
|
||||
|
||||
$vhost_content .= ' url.redirect-code = ' . $code. "\n";
|
||||
$vhost_content .= ' url.redirect = (' . "\n";
|
||||
$vhost_content .= ' "^/(.*)$" => "' . $this->idnaConvert->encode_uri($domain['documentroot']) . '$1"' . "\n";
|
||||
$vhost_content .= ' "^/(.*)$" => "' . $uri . '$1"' . "\n";
|
||||
$vhost_content .= ' )' . "\n";
|
||||
} else {
|
||||
|
||||
@@ -510,7 +518,9 @@ class lighttpd extends HttpConfigBase
|
||||
if ($domain['ssl_cert_file'] != '') {
|
||||
|
||||
$ssl_settings .= 'ssl.engine = "enable"' . "\n";
|
||||
$ssl_settings .= 'ssl.use-compression = "disable"' . "\n";
|
||||
$ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
|
||||
$ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";
|
||||
$ssl_settings .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
|
||||
$ssl_settings .= 'ssl.honor-cipher-order = "enable"' . "\n";
|
||||
$ssl_settings .= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
|
||||
@@ -521,14 +531,14 @@ class lighttpd extends HttpConfigBase
|
||||
|
||||
if ($domain['hsts'] >= 0) {
|
||||
|
||||
$vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
|
||||
$ssl_settings .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
|
||||
if ($domain['hsts_sub'] == 1) {
|
||||
$vhost_content .= '; includeSubDomains';
|
||||
$ssl_settings .= '; includeSubDomains';
|
||||
}
|
||||
if ($domain['hsts_preload'] == 1) {
|
||||
$vhost_content .= '; preload';
|
||||
$ssl_settings .= '; preload';
|
||||
}
|
||||
$vhost_content .= '") }' . "\n";
|
||||
$ssl_settings .= '") }' . "\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -196,15 +196,22 @@ class nginx extends HttpConfigBase
|
||||
}
|
||||
}
|
||||
|
||||
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
|
||||
|
||||
/**
|
||||
* this HAS to be set for the default host in nginx or else no vhost will work
|
||||
*/
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
|
||||
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
|
||||
|
||||
if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n";
|
||||
}
|
||||
|
||||
$is_redirect = false;
|
||||
// check for SSL redirect
|
||||
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
|
||||
@@ -217,7 +224,7 @@ class nginx extends HttpConfigBase
|
||||
} else {
|
||||
$_sslport = $this->checkAlternativeSslPort();
|
||||
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
|
||||
}
|
||||
@@ -411,7 +418,9 @@ class nginx extends HttpConfigBase
|
||||
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
|
||||
}
|
||||
|
||||
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
|
||||
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
|
||||
|
||||
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
|
||||
}
|
||||
|
||||
// get all server-names
|
||||
@@ -456,12 +465,16 @@ class nginx extends HttpConfigBase
|
||||
|
||||
// if the documentroot is an URL we just redirect
|
||||
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
|
||||
$uri = $this->idnaConvert->encode_uri($domain['documentroot']);
|
||||
$uri = $domain['documentroot'];
|
||||
if (substr($uri, - 1) == '/') {
|
||||
$uri = substr($uri, 0, - 1);
|
||||
}
|
||||
$vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
|
||||
$vhost_content .= "\t\t" . 'return 301 ' . $uri . '$request_uri;' . "\n";
|
||||
|
||||
// Get domain's redirect code
|
||||
$code = getDomainRedirectCode($domain['id'], '301');
|
||||
|
||||
$vhost_content .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
|
||||
$vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n";
|
||||
$vhost_content .= "\t" . '}' . "\n";
|
||||
} else {
|
||||
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);
|
||||
@@ -596,7 +609,7 @@ class nginx extends HttpConfigBase
|
||||
} else {
|
||||
// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
|
||||
// $sslsettings .= "\t" . 'ssl on;' . "\n";
|
||||
$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n";
|
||||
$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.2;' . "\n";
|
||||
$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
|
||||
$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
|
||||
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
|
||||
|
||||
@@ -86,6 +86,13 @@ if (count($all_certs) == 0) {
|
||||
foreach ($all_certs as $idx => $cert) {
|
||||
if ($paging->checkDisplay($idx)) {
|
||||
|
||||
// respect froxlor-hostname
|
||||
if ($cert['domainid'] == 0) {
|
||||
$cert['domain'] = Settings::Get('system.hostname');
|
||||
$cert['letsencrypt'] = Settings::Get('system.le_froxlor_enabled');
|
||||
$cert['loginname'] = 'froxlor.panel';
|
||||
}
|
||||
|
||||
if (empty($cert['domain']) || empty($cert['ssl_cert_file'])) {
|
||||
// no domain found to the entry or empty entry - safely delete it from the DB
|
||||
Database::pexecute($del_stmt, array(
|
||||
@@ -96,10 +103,10 @@ if (count($all_certs) == 0) {
|
||||
|
||||
$cert_data = openssl_x509_parse($cert['ssl_cert_file']);
|
||||
|
||||
$cert['domain'] = $idna_convert->encode($cert['domain']);
|
||||
$cert['domain'] = $idna_convert->decode($cert['domain']);
|
||||
|
||||
$adminCustomerLink = "";
|
||||
if (AREA == 'admin') {
|
||||
if (AREA == 'admin' && $cert['domainid'] > 0) {
|
||||
if (! empty($cert['loginname'])) {
|
||||
$adminCustomerLink = ' (<a href="' . $linker->getLink(array(
|
||||
'section' => 'customers',
|
||||
@@ -119,6 +126,18 @@ if (count($all_certs) == 0) {
|
||||
$isValid = false;
|
||||
}
|
||||
|
||||
$san_list = "";
|
||||
if (isset($cert_data['extensions']['subjectAltName']) && !empty($cert_data['extensions']['subjectAltName'])) {
|
||||
$SANs = explode(",", $cert_data['extensions']['subjectAltName']);
|
||||
$SANs = array_map('trim', $SANs);
|
||||
foreach ($SANs as $san) {
|
||||
$san = str_replace("DNS:", "", $san);
|
||||
if ($san != $cert_data['subject']['CN'] && strpos($san, "othername:") === false) {
|
||||
$san_list .= $san."<br>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$row = htmlentities_array($cert);
|
||||
eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_cert", true) . "\";");
|
||||
} else {
|
||||
|
||||
@@ -27,7 +27,7 @@ $header
|
||||
<th>{$lng['admin']['ipsandports']['ip']} {$arrowcode['ip']}</th>
|
||||
<th>{$lng['admin']['ipsandports']['port']} {$arrowcode['port']}</th>
|
||||
<if !$is_nginx><th>Listen</th></if>
|
||||
<if $is_apache><th>NameVirtualHost</th></if>
|
||||
<if $is_apache && !$is_apache24><th>NameVirtualHost</th></if>
|
||||
<th>vHost-Container</th>
|
||||
<th>Specialsettings</th>
|
||||
<if $is_apache><th>ServerName</th></if>
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<td>{$row['ip']}</td>
|
||||
<td>{$row['port']}</td>
|
||||
<if !$is_nginx><td><if $row['listen_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
|
||||
<if $is_apache><td><if $row['namevirtualhost_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
|
||||
<if $is_apache && !$is_apache24><td><if $row['namevirtualhost_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
|
||||
<td><if $row['vhostcontainer']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td>
|
||||
<td><if $row['specialsettings']!=''>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td>
|
||||
<if $is_apache><td><if $row['vhostcontainer_servername_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
</td>
|
||||
<td>
|
||||
{$cert_data['subject']['CN']}
|
||||
<if !empty($san_list)><br>SAN: {$san_list}</if>
|
||||
</td>
|
||||
<td>
|
||||
{$cert_data['issuer']['O']}
|
||||
|
||||
Reference in New Issue
Block a user