last time....0.9.38.3....what a day

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/130.webserver.php

@@ -179,6 +179,17 @@ return array(
 						'nginx'
 					)
 				),
+				'system_nginx_http2_support' => array(
+					'label' => $lng['serversettings']['nginx_http2_support'],
+					'settinggroup' => 'system',
+					'varname' => 'nginx_http2_support',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'system_nginx_php_backend' => array(
 					'label' => $lng['serversettings']['nginx_php_backend'],
 					'settinggroup' => 'system',

install/froxlor.sql

@@ -496,6 +496,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'ssl_cert_chainfile', ''),
 	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
+	('system', 'nginx_http2_support', '0'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
 	('system', 'apache24', '0'),
@@ -576,8 +577,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
-	('panel', 'version', '0.9.38-rc2'),
-	('panel', 'db_version', '201610070');
+	('panel', 'version', '0.9.38.3'),
+	('panel', 'db_version', '201611180');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3513,3 +3513,36 @@ if (isFroxlorVersion('0.9.38-rc1')) {
 	showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
 	updateToVersion('0.9.38-rc2');
 }
+
+if (isFroxlorVersion('0.9.38-rc2')) {
+
+	showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
+	updateToVersion('0.9.38');
+}
+
+if (isDatabaseVersion('201610070')) {
+
+	showUpdateStep("Add Nginx http2 setting");
+	Settings::AddNew("system.nginx_http2_support", 0);
+	lastStepStatus(0);
+
+	updateToDbVersion('201611180');
+}
+
+if (isFroxlorVersion('0.9.38')) {
+
+	showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
+	updateToVersion('0.9.38.1');
+}
+
+if (isFroxlorVersion('0.9.38.1')) {
+
+	showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
+	updateToVersion('0.9.38.2');
+}
+
+if (isFroxlorVersion('0.9.38.2')) {
+
+	showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
+	updateToVersion('0.9.38.3');
+}

lib/classes/phpinterface/class.phpinterface_fcgid.php

@@ -135,15 +135,6 @@ class phpinterface_fcgid {
 			$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 			$openbasedir .= $_phpappendopenbasedir;
 
-			$openbasedir = explode(':', $openbasedir);
-			$clean_openbasedir = array();
-			foreach ($openbasedir as $number => $path) {
-				if (trim($path) != '/') {
-					$clean_openbasedir[] = makeCorrectDir($path);
-				}
-			}
-			$openbasedir = implode(':', $clean_openbasedir);
-
 		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';

lib/classes/phpinterface/class.phpinterface_fpm.php

@@ -267,15 +267,6 @@ class phpinterface_fpm {
 
 					$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 					$openbasedir .= $_phpappendopenbasedir;
-
-					$openbasedir = explode(':', $openbasedir);
-					$clean_openbasedir = array();
-					foreach ($openbasedir as $number => $path) {
-						if (trim($path) != '/') {
-							$clean_openbasedir[] = makeCorrectDir($path);
-						}
-					}
-					$openbasedir = implode(':', $clean_openbasedir);
 				}
 			}
 			$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";

lib/formfields/admin/domains/formfield.domains_add.php

@@ -175,7 +175,7 @@ return array(
 						'int_max' => 94608000, // 3-years
 						'value' => 0
 					),
-					'hsts_incsub' => array(
+					'hsts_sub' => array(
 						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_incsub']['title'],
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -198,7 +198,7 @@ return array(
 						'int_max' => 94608000, // 3-years
 						'value' => $result['hsts']
 					),
-					'hsts_incsub' => array(
+					'hsts_sub' => array(
 						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_incsub']['title'],
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],

lib/formfields/customer/domains/formfield.domains_add.php

@@ -107,7 +107,7 @@ return array(
 						'int_max' => 94608000, // 3-years
 						'value' => 0
 					),
-					'hsts_incsub' => array(
+					'hsts_sub' => array(
 						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_incsub']['title'],
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -118,7 +118,7 @@ return array(
 						'int_max' => 94608000, // 3-years
 						'value' => $result['hsts']
 					),
-					'hsts_incsub' => array(
+					'hsts_sub' => array(
 						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_incsub']['title'],
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],

lib/functions/formfields/string/function.validateFormFieldString.php

@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
                         $newfieldvalue = '';
                         $returnvalue = 'stringmustntbeempty';
                     } else {
-                        $newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
+                        $newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
                         $returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
                     }
                 }

lib/functions/validate/function.appendOpenbasedirPath.php

@@ -21,40 +21,43 @@
  * to a line for a open_basedir directive
  *
  * @param string $path
- *            the path to check and append
+ *        	the path to check and append
  * @param boolean $first
- *            if true, no ':' will be prefixed to the path
- *            
+ *        	if true, no ':' will be prefixed to the path
+ *
  * @return string
  */
 function appendOpenBasedirPath($path = '', $first = false)
 {
-    if ($path != '' && $path != '/'
-        && (! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
-        && ! preg_match("#^/proc#i", $path)
-        && ! preg_match("#^/etc#i", $path)
-        && ! preg_match("#^/sys#i", $path)
-        && ! preg_match("#:#", $path)
-    ) {
-        
-        $path = makeCorrectDir($path);
-        
-        // check for php-version that requires the trailing
-        // slash to be removed as it does not allow the usage
-        // of the subfolders within the given folder, fixes #797
-        if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
-            // check trailing slash
-            if (substr($path, - 1, 1) == '/') {
-                // remove it
-                $path = substr($path, 0, - 1);
-            }
-        }
-        
-        if ($first) {
-            return $path;
-        }
-        
-        return ':' . $path;
-    }
-    return '';
+	if ($path != '' && $path != '/' &&
+		(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
+		&& ! preg_match("#^/proc#i", $path)
+		&& ! preg_match("#^/etc#i", $path)
+		&& ! preg_match("#^/sys#i", $path)
+		&& ! preg_match("#:#", $path)) {
+
+		if (preg_match("#^/dev/urandom#i", $path)) {
+			$path = makeCorrectFile($path);
+		} else {
+			$path = makeCorrectDir($path);
+		}
+
+		// check for php-version that requires the trailing
+		// slash to be removed as it does not allow the usage
+		// of the subfolders within the given folder, fixes #797
+		if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
+			// check trailing slash
+			if (substr($path, - 1, 1) == '/') {
+				// remove it
+				$path = substr($path, 0, - 1);
+			}
+		}
+
+		if ($first) {
+			return $path;
+		}
+
+		return ':' . $path;
+	}
+	return '';
 }

lib/functions/validate/function.validate_ip.php

@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
  * @param string $lng index for error-message (if $return_bool is false)
  * @param bool $allow_localhost whether to allow 127.0.0.1
  * @param bool $allow_priv whether to allow private network addresses
+ * @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
  *
  * @return string|bool ip address on success, false on failure
  */
-function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
+function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {
 
-    $filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
+	$cidr = "";
+	if ($allow_cidr) {
+		$org_ip = $ip;
+		$ip_cidr = explode("/", $ip);
+		if (count($ip_cidr) == 2) {
+			$ip = $ip_cidr[0];
+			$cidr = "/".$ip_cidr[1];
+		} else {
+			$ip = $org_ip;
+		}
+	} elseif (strpos($ip, "/") !== false) {
+		if ($return_bool) {
+			return false;
+		} else {
+			standard_error($lng, $ip);
+			exit();
+		}
+	}
+
+	$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
 
 	if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
 			|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
 			&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
 	) {
-		return $ip;
+		return $ip.$cidr;
 	}
 
 	// special case where localhost ip is allowed (mysql-access-hosts for example)
 	if ($allow_localhost && $ip == '127.0.0.1') {
-		return $ip;
+		return $ip.$cidr;
 	}
 
 	if ($return_bool) {

lib/version.inc.php

@@ -16,10 +16,10 @@
  */
 
 // Main version variable
-$version = '0.9.38-rc2';
+$version = '0.9.38.3';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201610070';
+$dbversion = '201611180';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

lng/english.lng.php

@@ -2062,3 +2062,6 @@ $lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
 $lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
 $lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
 $lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
+
+$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
+$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';

scripts/jobs/cron_tasks.inc.dns.10.bind.php

@@ -129,9 +129,7 @@ class bind extends DnsBase
 			// AXFR server #100
 			if (count($this->_axfr) > 0) {
 				foreach ($this->_axfr as $axfrserver) {
-					if (validate_ip($axfrserver, true) !== false) {
-						$bindconf_file .= '		' . $axfrserver . ';' . "\n";
-					}
+					$bindconf_file .= '		' . $axfrserver . ';' . "\n";
 				}
 			}
 			// close allow-transfer

scripts/jobs/cron_tasks.inc.dns.20.pdns.php

@@ -194,10 +194,8 @@ class pdns extends DnsBase
 			// AXFR server #100
 			if (count($this->_axfr) > 0) {
 				foreach ($this->_axfr as $axfrserver) {
-					if (validate_ip($axfrserver, true) !== false) {
-						$ins_data['value'] = $axfrserver;
-						$ins_stmt->execute($ins_data);
-					}
+					$ins_data['value'] = $axfrserver;
+					$ins_stmt->execute($ins_data);
 				}
 			}
 		}

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -196,10 +196,12 @@ class nginx extends HttpConfigBase
 					}
 				}
 
+                $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
+                
 				/**
 				 * this HAS to be set for the default host in nginx or else no vhost will work
 				 */
-				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+                $this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
 
 				$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
 				$this->nginx_data[$vhost_filename] .= "\t" . 'server_name    ' . Settings::Get('system.hostname') . ';' . "\n";
@@ -411,7 +413,9 @@ class nginx extends HttpConfigBase
 				$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 			}
 
-			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+            $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
+
+            $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
 		}
 
 		// get all server-names