Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
547140bafb | ||
|
|
432645431c | ||
|
|
7e4164da26 |
@@ -576,7 +576,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
||||
('panel', 'password_special_char_required', '0'),
|
||||
('panel', 'password_special_char', '!?<>§$%+#=@'),
|
||||
('panel', 'customer_hide_options', ''),
|
||||
('panel', 'version', '0.9.38-rc2'),
|
||||
('panel', 'version', '0.9.38'),
|
||||
('panel', 'db_version', '201610070');
|
||||
|
||||
|
||||
|
||||
@@ -3513,3 +3513,9 @@ if (isFroxlorVersion('0.9.38-rc1')) {
|
||||
showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
|
||||
updateToVersion('0.9.38-rc2');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38-rc2')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
|
||||
updateToVersion('0.9.38');
|
||||
}
|
||||
|
||||
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
|
||||
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
|
||||
$openbasedir .= $_phpappendopenbasedir;
|
||||
|
||||
$openbasedir = explode(':', $openbasedir);
|
||||
$clean_openbasedir = array();
|
||||
foreach ($openbasedir as $number => $path) {
|
||||
if (trim($path) != '/') {
|
||||
$clean_openbasedir[] = makeCorrectDir($path);
|
||||
}
|
||||
}
|
||||
$openbasedir = implode(':', $clean_openbasedir);
|
||||
|
||||
} else {
|
||||
$openbasedir = 'none';
|
||||
$openbasedirc = ';';
|
||||
|
||||
@@ -267,15 +267,6 @@ class phpinterface_fpm {
|
||||
|
||||
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
|
||||
$openbasedir .= $_phpappendopenbasedir;
|
||||
|
||||
$openbasedir = explode(':', $openbasedir);
|
||||
$clean_openbasedir = array();
|
||||
foreach ($openbasedir as $number => $path) {
|
||||
if (trim($path) != '/') {
|
||||
$clean_openbasedir[] = makeCorrectDir($path);
|
||||
}
|
||||
}
|
||||
$openbasedir = implode(':', $clean_openbasedir);
|
||||
}
|
||||
}
|
||||
$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
|
||||
|
||||
@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
|
||||
$newfieldvalue = '';
|
||||
$returnvalue = 'stringmustntbeempty';
|
||||
} else {
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
|
||||
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,40 +21,43 @@
|
||||
* to a line for a open_basedir directive
|
||||
*
|
||||
* @param string $path
|
||||
* the path to check and append
|
||||
* the path to check and append
|
||||
* @param boolean $first
|
||||
* if true, no ':' will be prefixed to the path
|
||||
*
|
||||
* if true, no ':' will be prefixed to the path
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function appendOpenBasedirPath($path = '', $first = false)
|
||||
{
|
||||
if ($path != '' && $path != '/'
|
||||
&& (! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
|
||||
&& ! preg_match("#^/proc#i", $path)
|
||||
&& ! preg_match("#^/etc#i", $path)
|
||||
&& ! preg_match("#^/sys#i", $path)
|
||||
&& ! preg_match("#:#", $path)
|
||||
) {
|
||||
|
||||
$path = makeCorrectDir($path);
|
||||
|
||||
// check for php-version that requires the trailing
|
||||
// slash to be removed as it does not allow the usage
|
||||
// of the subfolders within the given folder, fixes #797
|
||||
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
|
||||
// check trailing slash
|
||||
if (substr($path, - 1, 1) == '/') {
|
||||
// remove it
|
||||
$path = substr($path, 0, - 1);
|
||||
}
|
||||
}
|
||||
|
||||
if ($first) {
|
||||
return $path;
|
||||
}
|
||||
|
||||
return ':' . $path;
|
||||
}
|
||||
return '';
|
||||
if ($path != '' && $path != '/' &&
|
||||
(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
|
||||
&& ! preg_match("#^/proc#i", $path)
|
||||
&& ! preg_match("#^/etc#i", $path)
|
||||
&& ! preg_match("#^/sys#i", $path)
|
||||
&& ! preg_match("#:#", $path)) {
|
||||
|
||||
if (preg_match("#^/dev/urandom#i", $path)) {
|
||||
$path = makeCorrectFile($path);
|
||||
} else {
|
||||
$path = makeCorrectDir($path);
|
||||
}
|
||||
|
||||
// check for php-version that requires the trailing
|
||||
// slash to be removed as it does not allow the usage
|
||||
// of the subfolders within the given folder, fixes #797
|
||||
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
|
||||
// check trailing slash
|
||||
if (substr($path, - 1, 1) == '/') {
|
||||
// remove it
|
||||
$path = substr($path, 0, - 1);
|
||||
}
|
||||
}
|
||||
|
||||
if ($first) {
|
||||
return $path;
|
||||
}
|
||||
|
||||
return ':' . $path;
|
||||
}
|
||||
return '';
|
||||
}
|
||||
|
||||
@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
|
||||
* @param string $lng index for error-message (if $return_bool is false)
|
||||
* @param bool $allow_localhost whether to allow 127.0.0.1
|
||||
* @param bool $allow_priv whether to allow private network addresses
|
||||
* @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
|
||||
*
|
||||
* @return string|bool ip address on success, false on failure
|
||||
*/
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
$cidr = "";
|
||||
if ($allow_cidr) {
|
||||
$org_ip = $ip;
|
||||
$ip_cidr = explode("/", $ip);
|
||||
if (count($ip_cidr) == 2) {
|
||||
$ip = $ip_cidr[0];
|
||||
$cidr = "/".$ip_cidr[1];
|
||||
} else {
|
||||
$ip = $org_ip;
|
||||
}
|
||||
} elseif (strpos($ip, "/") !== false) {
|
||||
if ($return_bool) {
|
||||
return false;
|
||||
} else {
|
||||
standard_error($lng, $ip);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
|
||||
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|
||||
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
|
||||
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
|
||||
) {
|
||||
return $ip;
|
||||
return $ip.$cidr;
|
||||
}
|
||||
|
||||
// special case where localhost ip is allowed (mysql-access-hosts for example)
|
||||
if ($allow_localhost && $ip == '127.0.0.1') {
|
||||
return $ip;
|
||||
return $ip.$cidr;
|
||||
}
|
||||
|
||||
if ($return_bool) {
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*/
|
||||
|
||||
// Main version variable
|
||||
$version = '0.9.38-rc2';
|
||||
$version = '0.9.38';
|
||||
|
||||
// Database version (YYYYMMDDC where C is a daily counter)
|
||||
$dbversion = '201610070';
|
||||
|
||||
@@ -129,9 +129,7 @@ class bind extends DnsBase
|
||||
// AXFR server #100
|
||||
if (count($this->_axfr) > 0) {
|
||||
foreach ($this->_axfr as $axfrserver) {
|
||||
if (validate_ip($axfrserver, true) !== false) {
|
||||
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
|
||||
}
|
||||
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
|
||||
}
|
||||
}
|
||||
// close allow-transfer
|
||||
|
||||
@@ -194,10 +194,8 @@ class pdns extends DnsBase
|
||||
// AXFR server #100
|
||||
if (count($this->_axfr) > 0) {
|
||||
foreach ($this->_axfr as $axfrserver) {
|
||||
if (validate_ip($axfrserver, true) !== false) {
|
||||
$ins_data['value'] = $axfrserver;
|
||||
$ins_stmt->execute($ins_data);
|
||||
}
|
||||
$ins_data['value'] = $axfrserver;
|
||||
$ins_stmt->execute($ins_data);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user