set version to 0.9.38.7 for upcoming bugfix release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

admin_customers.php

@@ -910,7 +910,8 @@ if ($page == 'customers'
 							'customerid' => $customerid,
 							'adminid' => $userinfo['adminid'],
 							'docroot' => $documentroot,
-							'adddate' => date('Y-m-d')
+							'adddate' => date('Y-m-d'),
+							'phpenabled' => $phpenabled
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -928,6 +929,7 @@ if ($page == 'customers'
 							`dkim_id` = '0',
 							`dkim_privkey` = '',
 							`dkim_pubkey` = '',
+							`phpenabled` = :phpenabled,
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);

admin_domains.php

@@ -455,7 +455,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {
 
-                                        $phpenabled  = isset($POST_['phpenabled']) ? intval($_POST['phpenabled']) : 0;
+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;
 
 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -496,7 +496,7 @@ if ($page == 'domains' || $page == 'overview') {
 					}
 				} else {
 
-                                        $phpenabled = '1';
+					$phpenabled = '1';
 					$openbasedir = '1';
 
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
@@ -693,8 +693,8 @@ if ($page == 'domains' || $page == 'overview') {
 				if (count($ipandports) == 0) {
 					standard_error('noipportgiven');
 				}
-				
-				if($phpenabled != '1') {
+
+				if ($phpenabled != '1') {
 					$phpenabled = '0';
 				}
 
@@ -1485,7 +1485,7 @@ if ($page == 'domains' || $page == 'overview') {
 				if (! preg_match('/^https?\:\/\//', $documentroot)) {
 					$documentroot = makeCorrectDir($documentroot);
 				}
-				
+
 				if ($phpenabled != '1') {
 					$phpenabled = '0';
 				}

install/froxlor.sql

@@ -581,7 +581,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
-	('panel', 'version', '0.9.38.6'),
+	('panel', 'version', '0.9.38.7'),
 	('panel', 'db_version', '201612110');
 
 

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3585,3 +3585,9 @@ if (isFroxlorVersion('0.9.38.5')) {
 	showUpdateStep("Updating from 0.9.38.5 to 0.9.38.6", false);
 	updateToVersion('0.9.38.6');
 }
+
+if (isFroxlorVersion('0.9.38.6')) {
+
+	showUpdateStep("Updating from 0.9.38.6 to 0.9.38.7", false);
+	updateToVersion('0.9.38.7');
+}

lib/configfiles/jessie.xml

@@ -4469,9 +4469,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				<!-- libnss-mysql -->
 				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install nscd
-wget http://ftp.us.debian.org/debian/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-5_`dpkg --print-architecture`.deb
-dpkg -i libnss-mysql-bg_1.5-5_`dpkg --print-architecture`.deb
-rm libnss-mysql-bg_1.5-5_`dpkg --print-architecture`.deb
+wget http://debian.froxlor.org/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-3%2Bfrx1_amd64.deb
+dpkg -i libnss-mysql-bg_1.5-3%2Bfrx1_amd64.deb
+rm libnss-mysql-bg_1.5-3%2Bfrx1_amd64.deb
 ]]></install>
 					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
 						backup="true">

lib/version.inc.php

@@ -16,7 +16,7 @@
  */
 
 // Main version variable
-$version = '0.9.38.6';
+$version = '0.9.38.7';
 
 // Database version (YYYYMMDDC where C is a daily counter)
 $dbversion = '201612110';

lng/english.lng.php

@@ -2065,3 +2065,5 @@ $lng['admin']['domain_hsts_preload']['description'] = 'If you would like this do
 
 $lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
 $lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';
+
+$lng['error']['noipportgiven'] = 'No IP/port given';

lng/german.lng.php

@@ -1713,3 +1713,8 @@ $lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdom
 $lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
 $lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
 $lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="https://hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';
+
+$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Unterstützung';
+$lng['serversettings']['nginx_http2_support']['description'] = 'Aktiviere http2 Unterstützung für SSL. NUR AKTIVIEREN, WENN nginx DIESE FUNKTION UNTERSTÜTZT (version 1.9.5+)';
+
+$lng['error']['noipportgiven'] = 'Keine IP/Port angegeben';

scripts/jobs/cron_tasks.inc.http.10.apache.php

@@ -422,6 +422,9 @@ class apache extends HttpConfigBase
 
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
+							if (Settings::Get('system.apache24') == '1') {
+								$this->virtualhosts_data[$vhosts_filename] .= ' SSLCompression Off' . "\n";
+							}
 							// this makes it more secure, thx to Marcel (08/2013)
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
@@ -499,7 +502,9 @@ class apache extends HttpConfigBase
 
 		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			// This vHost has PHP enabled and we are using the regular mod_php
-
+			$cmail = getCustomerDetail($domain['customerid'], 'email');
+			$php_options_text .= '  php_admin_value sendmail_path "/usr/sbin/sendmail -t -f '.$cmail.'"' . PHP_EOL;
+			
 			if ($domain['openbasedir'] == '1') {
 				if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) {
 					$_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true);
@@ -592,6 +597,16 @@ class apache extends HttpConfigBase
 		if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
 			$webroot_text .= '  # Using docroot for deactivated users...' . "\n";
 			$webroot_text .= '  DocumentRoot "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n";
+			$webroot_text .= '  <Directory "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . '">' . "\n";
+			// >=apache-2.4 enabled?
+			if (Settings::Get('system.apache24') == '1') {
+				$webroot_text .= '    Require all granted' . "\n";
+				$webroot_text .= '    AllowOverride All' . "\n";
+			} else {
+				$webroot_text .= '    Order allow,deny' . "\n";
+				$webroot_text .= '    allow from all' . "\n";
+			}
+			$webroot_text .= '  </Directory>' . "\n";
 			$this->_deactivated = true;
 		} else {
 			$webroot_text .= '  DocumentRoot "' . $domain['documentroot'] . "\"\n";
@@ -795,6 +810,7 @@ class apache extends HttpConfigBase
 		$vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n";
 		$vhost_content .= $this->getServerNames($domain);
 
+		$domain['documentroot_norewrite'] = $domain['documentroot'];
 		if (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) {
 			// We must not check if our port differs from port 443,
 			// but if there is a destination-port != 443
@@ -818,6 +834,7 @@ class apache extends HttpConfigBase
 			}
 
 			$domain['documentroot'] = 'https://%{HTTP_HOST}' . $_sslport . '/';
+			$domain['documentroot_norewrite'] = 'https://' . $domain['domain'] . $_sslport . '/';
 		}
 
 		if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
@@ -840,6 +857,9 @@ class apache extends HttpConfigBase
 			if ($domain['ssl_cert_file'] != '') {
 				$vhost_content .= '  SSLEngine On' . "\n";
 				$vhost_content .= '  SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
+				if (Settings::Get('system.apache24') == '1') {
+					$vhost_content .= ' SSLCompression Off' . "\n";
+				}
 				// this makes it more secure, thx to Marcel (08/2013)
 				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
 				$vhost_content .= '  SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
@@ -903,7 +923,7 @@ class apache extends HttpConfigBase
 			$vhost_content .= '    RewriteRule ^/(.*) ' . $corrected_docroot . '$1' . $modrew_red . "\n";
 			$vhost_content .= '  </IfModule>' . "\n";
 			$vhost_content .= '  <IfModule !mod_rewrite.c>' . "\n";
-			$vhost_content .= '    Redirect ' . $code . ' / ' . $corrected_docroot . "\n";
+			$vhost_content .= '    Redirect ' . $code . ' / ' . $domain['documentroot_norewrite'] . "\n";
 			$vhost_content .= '  </IfModule>' . "\n";
 		} else {