Merge branch 'master' of http://git.ispconfig.org/ispconfig/ispconfig3

dadfb45a · Florian Schaal · 0deff130 · 1fa1bcea · dadfb45a · dadfb45a
Commit dadfb45a authored Jun 05, 2015 by Florian Schaal
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -144,7 +144,7 @@ ALTER TABLE `directive_snippets` ADD `required_php_snippets` VARCHAR(255) NOT NU
 ALTER TABLE `dns_rr` CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
 ALTER TABLE `dns_soa` CHANGE `minimum` `minimum` INT(11) UNSIGNED NOT NULL DEFAULT '3600', CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
 ALTER TABLE `client` CHANGE `web_php_options` `web_php_options` VARCHAR(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm';
-ALTER TABLE `web_domain` ADD COLUMN `enable_pagespeed` ENUM('y','n') NULL DEFAULT 'n' AFTER `directive_snippets_id`;
+ALTER TABLE `web_domain` ADD COLUMN `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n' AFTER `directive_snippets_id`;

 ALTER TABLE openvz_template ADD COLUMN `features` varchar(255) DEFAULT NULL AFTER `capability`;
 ALTER TABLE openvz_vm ADD COLUMN `features` TEXT DEFAULT NULL AFTER `capability`;
@@ -165,3 +165,4 @@ CREATE TABLE `server_ip_map` (
  PRIMARY KEY (`server_ip_map_id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

+ALTER TABLE `web_domain` ADD COLUMN `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n' AFTER `seo_redirect`;
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1884,6 +1884,7 @@ CREATE TABLE `web_domain` (
  `redirect_type` varchar(255) default NULL,
  `redirect_path` varchar(255) default NULL,
  `seo_redirect` varchar(255) default NULL,
+  `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n',
  `ssl` enum('n','y') NOT NULL default 'n',
  `ssl_state` varchar(255) NULL,
  `ssl_locality` varchar(255) NULL,
@@ -1924,7 +1925,7 @@ CREATE TABLE `web_domain` (
  `added_date` date NOT NULL DEFAULT '0000-00-00',
  `added_by` varchar(255) DEFAULT NULL,
  `directive_snippets_id` int(11) unsigned NOT NULL default '0',
-  `enable_pagespeed` ENUM('y','n') NULL DEFAULT 'n',
+  `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n',
  `http_port` int(11) unsigned NOT NULL DEFAULT '80',
  `https_port` int(11) unsigned NOT NULL DEFAULT '443',
  PRIMARY KEY  (`domain_id`),

--- a/install/tpl/authmysqlrc.master
+++ b/install/tpl/authmysqlrc.master
@@ -16,4 +16,4 @@ MYSQL_QUOTA_FIELD quota
 #MYSQL_QUOTA_FIELD concat(quota,'S')
 #MYSQL_WHERE_CLAUSE      access='y'
 #MYSQL_AUXOPTIONS_FIELD concat('disableimap=',disableimap,',disablepop3=',disablepop3)
-MYSQL_AUXOPTIONS_FIELD concat('disableimap=',(replace(disableimap,'y',1)),',','disablepop3=',(replace(disablepop3,'y',1)))
+MYSQL_AUXOPTIONS_FIELD concat('disableimap=', if(disableimap = 'y', 1, 0), ',', 'disablepop3=', if(disablepop3 = 'y', 1, 0))
\ No newline at end of file
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -222,6 +222,56 @@ class auth {
 		$salt.="$";
 		return crypt($cleartext_password, $salt);
 	}
+	
+	public function csrf_token_get($form_name) {
+		/* CSRF PROTECTION */
+		// generate csrf protection id and key
+		$_csrf_id = uniqid($form_name . '_'); // form id
+		$_csrf_key = sha1(uniqid(microtime(true), true)); // the key
+		if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
+		if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
+		$_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
+		$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+		
+		return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
+	}
+	
+	public function csrf_token_check() {
+		global $app;
+		
+		if(isset($_POST) && is_array($_POST)) {
+			$_csrf_valid = false;
+			if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
+				$_csrf_id = trim($_POST['_csrf_id']);
+				$_csrf_key = trim($_POST['_csrf_key']);
+				if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
+					if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
+				}
+			}
+			if($_csrf_valid !== true) {
+				$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+				$app->error($app->lng('err_csrf_attempt_blocked'));
+			}
+			$_SESSION['_csrf'][$_csrf_id] = null;
+			$_SESSION['_csrf_timeout'][$_csrf_id] = null;
+			unset($_SESSION['_csrf'][$_csrf_id]);
+			unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+			
+			if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
+				$to_unset = array();
+				foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
+					if($timeout < time()) $to_unset[] = $_csrf_id;
+				}
+				foreach($to_unset as $_csrf_id) {
+					$_SESSION['_csrf'][$_csrf_id] = null;
+					$_SESSION['_csrf_timeout'][$_csrf_id] = null;
+					unset($_SESSION['_csrf'][$_csrf_id]);
+					unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+				}
+				unset($to_unset);
+			}
+		}
+	}

 }


--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -416,12 +416,10 @@ class tform_base {

 		/* CSRF PROTECTION */
 		// generate csrf protection id and key
-		$_csrf_id = uniqid($this->formDef['name'] . '_');
-		$_csrf_value = sha1(uniqid(microtime(true), true));
-		if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
-		if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
-		$_SESSION['_csrf'][$_csrf_id] = $_csrf_value;
-		$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+		$csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
+		$_csrf_id = $csrf_token['csrf_id'];
+		$_csrf_value = $csrf_token['csrf_key'];
+		
 		$this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
 			'datatype' => 'VARCHAR',
 			'formtype' => 'TEXT',
@@ -714,10 +712,6 @@ class tform_base {
 					unset($_POST);
 					unset($record);
 				}
-				$_SESSION['_csrf'][$_csrf_id] = null;
-				$_SESSION['_csrf_timeout'][$_csrf_id] = null;
-				unset($_SESSION['_csrf'][$_csrf_id]);
-				unset($_SESSION['_csrf_timeout'][$_csrf_id]);
 				
 				if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
 					$to_unset = array();

--- a/interface/lib/lang/de.lng
+++ b/interface/lib/lang/de.lng
@@ -43,6 +43,7 @@ $wb['top_menu_dashboard'] = 'Übersicht';
 $wb['latest_news_txt'] = 'Neuigkeiten';
 $wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
 $wb['top_menu_vm'] = 'vServer';
+$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
 $wb['daynamesmin_su'] = 'So';
 $wb['daynamesmin_mo'] = 'Mo';
 $wb['daynamesmin_tu'] = 'Di';

--- a/interface/web/admin/language_add.php
+++ b/interface/web/admin/language_add.php
@@ -65,6 +65,10 @@ $app->tpl->setVar('language_option', $language_option);
 $app->tpl->setVar('error', $error);

 if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$lng_new = $_POST['lng_new'];
 	if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.');

@@ -94,6 +98,11 @@ if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {

 $app->tpl->setVar('msg', $msg);

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_add');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 //* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng';
 include $lng_file;

--- a/interface/web/admin/language_complete.php
+++ b/interface/web/admin/language_complete.php
@@ -67,6 +67,9 @@ $app->tpl->setVar('error', $error);
 // Export the language file
 if(isset($_POST['lng_select']) && $error == '') {

+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	// complete the global langauge file
 	merge_langfile(ISPC_LIB_PATH."/lang/".$selected_language.".lng", ISPC_LIB_PATH."/lang/en.lng");

@@ -157,6 +160,11 @@ function merge_langfile($langfile, $masterfile) {

 $app->tpl->setVar('msg', $msg);

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_merge');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 //* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng';
 include $lng_file;

--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -55,6 +55,10 @@ $msg = '';

 //* Save data
 if(isset($_POST['records']) && is_array($_POST['records'])) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$file_content = "<?php\n";
 	foreach($_POST['records'] as $key => $val) {
 		$val = stripslashes($val);
@@ -93,6 +97,11 @@ if(isset($wb) && is_array($wb)) {
 	unset($wb);
 }

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_edit');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+

 //* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';

--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -129,6 +129,10 @@ $error = '';

 // Export the language file
 if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$lines = file($_FILES['file']['tmp_name']);
 	// initial check
 	$parts = explode('|', $lines[0]);
@@ -183,6 +187,11 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
 $app->tpl->setVar('msg', $msg);
 $app->tpl->setVar('error', $error);

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 //* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
 include $lng_file;

--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -66,6 +66,10 @@ $msg = '';

 //* Note: Disabled post action
 if (1 == 0 && isset($_POST['server_select'])) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$server = $_POST['server_select'];
 	$servers = array();
 	if ($server == '*') {
@@ -88,6 +92,11 @@ if (1 == 0 && isset($_POST['server_select'])) {

 $app->tpl->setVar('msg', $msg);

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $app->tpl->setVar($wb);

 $app->tpl_defaults();

--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -62,6 +62,10 @@ $msg = '';
 * If the user wants to do the action, write this to our db
 */
 if (isset($_POST['server_select'])) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$server = $_POST['server_select'];
 	$servers = array();
 	if ($server == '*') {
@@ -84,6 +88,11 @@ if (isset($_POST['server_select'])) {

 $app->tpl->setVar('msg', $msg);

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('osupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $app->tpl->setVar($wb);

 $app->tpl_defaults();

--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -93,10 +93,14 @@ class page_action extends tform_actions {
 				}
 			}

-			$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
-			$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+			if($app->tform->errorMessage == '') {
+				$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
+				$server_config_str = $app->ini_parser->get_ini_string($server_config_array);

-			$app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+				$app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+			} else {
+				$app->error('Security breach!');
+			}
 		}
 	}


--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -51,7 +51,10 @@ $error = '';

 //* Save data
 if(isset($_POST) && count($_POST) > 1) {
-
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	//* Check values
 	if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
 	if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
@@ -161,6 +164,11 @@ if(!empty($field_names) && is_array($field_names)){
 }
 $app->tpl->setVar('message_variables', trim($message_variables));

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $app->tpl->setVar('okmsg', $msg);
 $app->tpl->setVar('error', $error);


--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -197,7 +197,10 @@ if ($domains_settings['use_domain_module'] == 'y') {
 }

 if($_POST['create'] == 1) {
-
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$error = '';

 	if ($post_server_id)
@@ -430,6 +433,11 @@ if($_POST['create'] == 1) {

 $app->tpl->setVar("title", 'DNS Wizard');

+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
 include $lng_file;
 $app->tpl->setVar($wb);

--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -400,6 +400,15 @@ $form["tabs"]['redirect'] = array (
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		'rewrite_to_https' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default'  => 'n',
+			'value' => array (
+				0 => 'n',
+				1 => 'y'
+			)
+		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################

--- a/interface/web/sites/lib/lang/ar_shell_user.lng
+++ b/interface/web/sites/lib/lang/ar_shell_user.lng
 <?php
 $wb['shell_txt'] = 'Shell';
-$wb['dir_txt'] = 'Dir';
+$wb['dir_txt'] = 'Base Dir';
 $wb['server_id_txt'] = 'Server';
 $wb['parent_domain_id_txt'] = 'Site';
 $wb['username_txt'] = 'Username';

--- a/interface/web/sites/lib/lang/de_shell_user.lng
+++ b/interface/web/sites/lib/lang/de_shell_user.lng
 <?php
 $wb['shell_txt'] = 'Shell';
-$wb['dir_txt'] = 'Verzeichnis';
+$wb['dir_txt'] = 'Basis Verzeichnis';
 $wb['server_id_txt'] = 'Server';
 $wb['parent_domain_id_txt'] = 'Webseite';
 $wb['username_txt'] = 'Benutzername';

--- a/interface/web/sites/lib/lang/en_shell_user.lng
+++ b/interface/web/sites/lib/lang/en_shell_user.lng
@@ -2,7 +2,7 @@
 $wb['puser_txt'] = "Web Username";
 $wb['pgroup_txt'] = "Web Group";
 $wb['shell_txt'] = "Shell";
-$wb['dir_txt'] = "Dir";
+$wb['dir_txt'] = "Base Dir";
 $wb['server_id_txt'] = "Server";
 $wb['parent_domain_id_txt'] = "Site";
 $wb['username_txt'] = "Username";

--- a/interface/web/sites/templates/web_vhost_domain_redirect.htm
+++ b/interface/web/sites/templates/web_vhost_domain_redirect.htm
@@ -33,6 +33,12 @@
                <label for="rewrite_rules" class="col-sm-3 control-label">{tmpl_var name='rewrite_rules_txt'}</label>
                <div class="col-sm-9"><textarea class="form-control" name="rewrite_rules" id="rewrite_rules" rows='10' cols='50'>{tmpl_var name='rewrite_rules'}</textarea></div>&nbsp;<b>{tmpl_var name="allowed_rewrite_rule_directives_txt"}</b><br><br>&nbsp;break<br>&nbsp;if<br>&nbsp;return<br>&nbsp;rewrite<br>&nbsp;set<br><br>&nbsp;<a href="http://wiki.nginx.org/HttpRewriteModule" target="_blank">http://wiki.nginx.org/HttpRewriteModule</a>
            </div>
+			<div class="form-group">
+				<label class="col-sm-3 control-label">{tmpl_var name='rewrite_to_https_txt'}</label>
+				<div class="col-sm-9">
+					{tmpl_var name="rewrite_to_https"}
+				</div>
+			</div>
        

        <input type="hidden" name="id" value="{tmpl_var name='id'}">