Commit 8cb6f8ff authored by Marius Cramer's avatar Marius Cramer

Merge branch 'stable-3.0.5'

Conflicts:
	install/sql/ispconfig3.sql
	install/tpl/config.inc.php.master
	interface/lib/classes/tform.inc.php
	interface/lib/config.inc.php
	interface/web/admin/server_config_edit.php
	interface/web/themes/blue/ispconfig_version
	interface/web/tools/import_plesk.php
	interface/web/tools/resync.php
	interface/web/vm/openvz_action.php
parents e97f841c 4863035e
...@@ -222,6 +222,56 @@ class auth { ...@@ -222,6 +222,56 @@ class auth {
$salt.="$"; $salt.="$";
return crypt($cleartext_password, $salt); return crypt($cleartext_password, $salt);
} }
public function csrf_token_get($form_name) {
/* CSRF PROTECTION */
// generate csrf protection id and key
$_csrf_id = uniqid($form_name . '_'); // form id
$_csrf_key = sha1(uniqid(microtime(true), true)); // the key
if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
$_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
}
public function csrf_token_check() {
global $app;
if(isset($_POST) && is_array($_POST)) {
$_csrf_valid = false;
if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
$_csrf_id = trim($_POST['_csrf_id']);
$_csrf_key = trim($_POST['_csrf_key']);
if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
}
}
if($_csrf_valid !== true) {
$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
$app->error($app->lng('err_csrf_attempt_blocked'));
}
$_SESSION['_csrf'][$_csrf_id] = null;
$_SESSION['_csrf_timeout'][$_csrf_id] = null;
unset($_SESSION['_csrf'][$_csrf_id]);
unset($_SESSION['_csrf_timeout'][$_csrf_id]);
if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
$to_unset = array();
foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
if($timeout < time()) $to_unset[] = $_csrf_id;
}
foreach($to_unset as $_csrf_id) {
$_SESSION['_csrf'][$_csrf_id] = null;
$_SESSION['_csrf_timeout'][$_csrf_id] = null;
unset($_SESSION['_csrf'][$_csrf_id]);
unset($_SESSION['_csrf_timeout'][$_csrf_id]);
}
unset($to_unset);
}
}
}
} }
......
...@@ -416,12 +416,10 @@ class tform_base { ...@@ -416,12 +416,10 @@ class tform_base {
/* CSRF PROTECTION */ /* CSRF PROTECTION */
// generate csrf protection id and key // generate csrf protection id and key
$_csrf_id = uniqid($this->formDef['name'] . '_'); $csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
$_csrf_value = sha1(uniqid(microtime(true), true)); $_csrf_id = $csrf_token['csrf_id'];
if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array(); $_csrf_value = $csrf_token['csrf_key'];
if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
$_SESSION['_csrf'][$_csrf_id] = $_csrf_value;
$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
$this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array( $this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
'datatype' => 'VARCHAR', 'datatype' => 'VARCHAR',
'formtype' => 'TEXT', 'formtype' => 'TEXT',
...@@ -714,10 +712,6 @@ class tform_base { ...@@ -714,10 +712,6 @@ class tform_base {
unset($_POST); unset($_POST);
unset($record); unset($record);
} }
$_SESSION['_csrf'][$_csrf_id] = null;
$_SESSION['_csrf_timeout'][$_csrf_id] = null;
unset($_SESSION['_csrf'][$_csrf_id]);
unset($_SESSION['_csrf_timeout'][$_csrf_id]);
if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) { if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
$to_unset = array(); $to_unset = array();
......
...@@ -43,6 +43,7 @@ $wb['top_menu_dashboard'] = 'Übersicht'; ...@@ -43,6 +43,7 @@ $wb['top_menu_dashboard'] = 'Übersicht';
$wb['latest_news_txt'] = 'Neuigkeiten'; $wb['latest_news_txt'] = 'Neuigkeiten';
$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.'; $wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['top_menu_vm'] = 'vServer'; $wb['top_menu_vm'] = 'vServer';
$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['daynamesmin_su'] = 'So'; $wb['daynamesmin_su'] = 'So';
$wb['daynamesmin_mo'] = 'Mo'; $wb['daynamesmin_mo'] = 'Mo';
$wb['daynamesmin_tu'] = 'Di'; $wb['daynamesmin_tu'] = 'Di';
......
...@@ -65,6 +65,10 @@ $app->tpl->setVar('language_option', $language_option); ...@@ -65,6 +65,10 @@ $app->tpl->setVar('language_option', $language_option);
$app->tpl->setVar('error', $error); $app->tpl->setVar('error', $error);
if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') { if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
//* CSRF Check
$app->auth->csrf_token_check();
$lng_new = $_POST['lng_new']; $lng_new = $_POST['lng_new'];
if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.'); if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.');
...@@ -94,6 +98,11 @@ if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') { ...@@ -94,6 +98,11 @@ if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('language_add');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file //* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng'; $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng';
include $lng_file; include $lng_file;
......
...@@ -67,6 +67,9 @@ $app->tpl->setVar('error', $error); ...@@ -67,6 +67,9 @@ $app->tpl->setVar('error', $error);
// Export the language file // Export the language file
if(isset($_POST['lng_select']) && $error == '') { if(isset($_POST['lng_select']) && $error == '') {
//* CSRF Check
$app->auth->csrf_token_check();
// complete the global langauge file // complete the global langauge file
merge_langfile(ISPC_LIB_PATH."/lang/".$selected_language.".lng", ISPC_LIB_PATH."/lang/en.lng"); merge_langfile(ISPC_LIB_PATH."/lang/".$selected_language.".lng", ISPC_LIB_PATH."/lang/en.lng");
...@@ -157,6 +160,11 @@ function merge_langfile($langfile, $masterfile) { ...@@ -157,6 +160,11 @@ function merge_langfile($langfile, $masterfile) {
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('language_merge');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file //* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng'; $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng';
include $lng_file; include $lng_file;
......
...@@ -55,6 +55,10 @@ $msg = ''; ...@@ -55,6 +55,10 @@ $msg = '';
//* Save data //* Save data
if(isset($_POST['records']) && is_array($_POST['records'])) { if(isset($_POST['records']) && is_array($_POST['records'])) {
//* CSRF Check
$app->auth->csrf_token_check();
$file_content = "<?php\n"; $file_content = "<?php\n";
foreach($_POST['records'] as $key => $val) { foreach($_POST['records'] as $key => $val) {
$val = stripslashes($val); $val = stripslashes($val);
...@@ -93,6 +97,11 @@ if(isset($wb) && is_array($wb)) { ...@@ -93,6 +97,11 @@ if(isset($wb) && is_array($wb)) {
unset($wb); unset($wb);
} }
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('language_edit');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file //* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng'; $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';
......
...@@ -129,6 +129,10 @@ $error = ''; ...@@ -129,6 +129,10 @@ $error = '';
// Export the language file // Export the language file
if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) { if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
//* CSRF Check
$app->auth->csrf_token_check();
$lines = file($_FILES['file']['tmp_name']); $lines = file($_FILES['file']['tmp_name']);
// initial check // initial check
$parts = explode('|', $lines[0]); $parts = explode('|', $lines[0]);
...@@ -183,6 +187,11 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name' ...@@ -183,6 +187,11 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error); $app->tpl->setVar('error', $error);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('language_import');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file //* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng'; $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
include $lng_file; include $lng_file;
......
...@@ -66,6 +66,10 @@ $msg = ''; ...@@ -66,6 +66,10 @@ $msg = '';
//* Note: Disabled post action //* Note: Disabled post action
if (1 == 0 && isset($_POST['server_select'])) { if (1 == 0 && isset($_POST['server_select'])) {
//* CSRF Check
$app->auth->csrf_token_check();
$server = $_POST['server_select']; $server = $_POST['server_select'];
$servers = array(); $servers = array();
if ($server == '*') { if ($server == '*') {
...@@ -88,6 +92,11 @@ if (1 == 0 && isset($_POST['server_select'])) { ...@@ -88,6 +92,11 @@ if (1 == 0 && isset($_POST['server_select'])) {
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('ispupdate');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl->setVar($wb); $app->tpl->setVar($wb);
$app->tpl_defaults(); $app->tpl_defaults();
......
...@@ -62,6 +62,10 @@ $msg = ''; ...@@ -62,6 +62,10 @@ $msg = '';
* If the user wants to do the action, write this to our db * If the user wants to do the action, write this to our db
*/ */
if (isset($_POST['server_select'])) { if (isset($_POST['server_select'])) {
//* CSRF Check
$app->auth->csrf_token_check();
$server = $_POST['server_select']; $server = $_POST['server_select'];
$servers = array(); $servers = array();
if ($server == '*') { if ($server == '*') {
...@@ -84,6 +88,11 @@ if (isset($_POST['server_select'])) { ...@@ -84,6 +88,11 @@ if (isset($_POST['server_select'])) {
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('osupdate');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl->setVar($wb); $app->tpl->setVar($wb);
$app->tpl_defaults(); $app->tpl_defaults();
......
...@@ -93,10 +93,14 @@ class page_action extends tform_actions { ...@@ -93,10 +93,14 @@ class page_action extends tform_actions {
} }
} }
$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section); if($app->tform->errorMessage == '') {
$server_config_str = $app->ini_parser->get_ini_string($server_config_array); $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
$app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id); $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
} else {
$app->error('Security breach!');
}
} }
} }
......
...@@ -51,7 +51,10 @@ $error = ''; ...@@ -51,7 +51,10 @@ $error = '';
//* Save data //* Save data
if(isset($_POST) && count($_POST) > 1) { if(isset($_POST) && count($_POST) > 1) {
//* CSRF Check
$app->auth->csrf_token_check();
//* Check values //* Check values
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />'; if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />'; if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
...@@ -161,6 +164,11 @@ if(!empty($field_names) && is_array($field_names)){ ...@@ -161,6 +164,11 @@ if(!empty($field_names) && is_array($field_names)){
} }
$app->tpl->setVar('message_variables', trim($message_variables)); $app->tpl->setVar('message_variables', trim($message_variables));
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('client_message');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl->setVar('okmsg', $msg); $app->tpl->setVar('okmsg', $msg);
$app->tpl->setVar('error', $error); $app->tpl->setVar('error', $error);
......
...@@ -197,7 +197,10 @@ if ($domains_settings['use_domain_module'] == 'y') { ...@@ -197,7 +197,10 @@ if ($domains_settings['use_domain_module'] == 'y') {
} }
if($_POST['create'] == 1) { if($_POST['create'] == 1) {
//* CSRF Check
$app->auth->csrf_token_check();
$error = ''; $error = '';
if ($post_server_id) if ($post_server_id)
...@@ -430,6 +433,11 @@ if($_POST['create'] == 1) { ...@@ -430,6 +433,11 @@ if($_POST['create'] == 1) {
$app->tpl->setVar("title", 'DNS Wizard'); $app->tpl->setVar("title", 'DNS Wizard');
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('dns_wizard');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng'; $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
include $lng_file; include $lng_file;
$app->tpl->setVar($wb); $app->tpl->setVar($wb);
......
<?php <?php
$wb['shell_txt'] = 'Shell'; $wb['shell_txt'] = 'Shell';
$wb['dir_txt'] = 'Dir'; $wb['dir_txt'] = 'Base Dir';
$wb['server_id_txt'] = 'Server'; $wb['server_id_txt'] = 'Server';
$wb['parent_domain_id_txt'] = 'Site'; $wb['parent_domain_id_txt'] = 'Site';
$wb['username_txt'] = 'Username'; $wb['username_txt'] = 'Username';
......
<?php <?php
$wb['shell_txt'] = 'Shell'; $wb['shell_txt'] = 'Shell';
$wb['dir_txt'] = 'Verzeichnis'; $wb['dir_txt'] = 'Basis Verzeichnis';
$wb['server_id_txt'] = 'Server'; $wb['server_id_txt'] = 'Server';
$wb['parent_domain_id_txt'] = 'Webseite'; $wb['parent_domain_id_txt'] = 'Webseite';
$wb['username_txt'] = 'Benutzername'; $wb['username_txt'] = 'Benutzername';
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
$wb['puser_txt'] = "Web Username"; $wb['puser_txt'] = "Web Username";
$wb['pgroup_txt'] = "Web Group"; $wb['pgroup_txt'] = "Web Group";
$wb['shell_txt'] = "Shell"; $wb['shell_txt'] = "Shell";
$wb['dir_txt'] = "Dir"; $wb['dir_txt'] = "Base Dir";
$wb['server_id_txt'] = "Server"; $wb['server_id_txt'] = "Server";
$wb['parent_domain_id_txt'] = "Site"; $wb['parent_domain_id_txt'] = "Site";
$wb['username_txt'] = "Username"; $wb['username_txt'] = "Username";
......
<tmpl_dyninclude name="content_tpl"> <tmpl_dyninclude name="content_tpl">
\ No newline at end of file <input type="hidden" name="_csrf_id" value="{tmpl_var name='_csrf_id'}" />
<input type="hidden" name="_csrf_key" value="{tmpl_var name='_csrf_key'}" />
\ No newline at end of file
...@@ -45,6 +45,9 @@ $error = ''; ...@@ -45,6 +45,9 @@ $error = '';
// Resyncing dns zones // Resyncing dns zones
if(isset($_POST['start']) && $_POST['start'] == 1) { if(isset($_POST['start']) && $_POST['start'] == 1) {
//* CSRF Check
$app->auth->csrf_token_check();
//* Set variable sin template //* Set variable sin template
$app->tpl->setVar('dbhost', $_POST['dbhost']); $app->tpl->setVar('dbhost', $_POST['dbhost']);
...@@ -181,6 +184,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) { ...@@ -181,6 +184,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error); $app->tpl->setVar('error', $error);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('dns_import');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults(); $app->tpl_defaults();
$app->tpl->pparse(); $app->tpl->pparse();
......
...@@ -49,6 +49,10 @@ include $lng_file; ...@@ -49,6 +49,10 @@ include $lng_file;
$app->tpl->setVar($wb); $app->tpl->setVar($wb);
if(isset($_POST['connected'])) { if(isset($_POST['connected'])) {
//* CSRF Check
$app->auth->csrf_token_check();
$connected = $app->functions->intval($_POST['connected']); $connected = $app->functions->intval($_POST['connected']);
if($connected == 0) { if($connected == 0) {
...@@ -133,6 +137,11 @@ $app->tpl->setVar('remote_session_id', $remote_session_id); ...@@ -133,6 +137,11 @@ $app->tpl->setVar('remote_session_id', $remote_session_id);
$app->tpl->setVar('msg', $msg); $app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error); $app->tpl->setVar('error', $error);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('ispconfig_import');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults(); $app->tpl_defaults();
$app->tpl->pparse(); $app->tpl->pparse();
......
...@@ -368,6 +368,10 @@ class page_action extends tform_actions { ...@@ -368,6 +368,10 @@ class page_action extends tform_actions {
} }
} }
$csrf_token = $app->auth->csrf_token_get('tools_resync');
$app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
parent::onShowEnd(); parent::onShowEnd();
} }
...@@ -418,7 +422,12 @@ class page_action extends tform_actions { ...@@ -418,7 +422,12 @@ class page_action extends tform_actions {
function onSubmit() { function onSubmit() {
global $app; global $app;
if(isset($_POST) && count($_POST) > 1) {
//* CSRF Check
$app->auth->csrf_token_check();
}
//* all services //* all services
if($this->dataRecord['resync_all'] == 1) { if($this->dataRecord['resync_all'] == 1) {
$this->dataRecord['resync_sites'] = 1; $this->dataRecord['resync_sites'] = 1;
......
...@@ -17,6 +17,10 @@ $notify_msg = ''; ...@@ -17,6 +17,10 @@ $notify_msg = '';
if($vm_id == 0) die('Invalid VM ID'); if($vm_id == 0) die('Invalid VM ID');
if(isset($_POST) && count($_POST) > 1) {
//* CSRF Check
$app->auth->csrf_token_check();
}
$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id); $vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
$veid = $app->functions->intval($vm['veid']); $veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']); $server_id = $app->functions->intval($vm['server_id']);
...@@ -112,6 +116,11 @@ if($action == 'show') { ...@@ -112,6 +116,11 @@ if($action == 'show') {
$app->tpl->setVar($options); $app->tpl->setVar($options);
$app->tpl->setVar('error', $error_msg); $app->tpl->setVar('error', $error_msg);
//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('openvz_action');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults(); $app->tpl_defaults();
$app->tpl->pparse(); $app->tpl->pparse();
......
...@@ -237,7 +237,7 @@ class shelluser_base_plugin { ...@@ -237,7 +237,7 @@ class shelluser_base_plugin {
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup'])); $app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
} }
$app->file->mkdirs(escapeshellcmd($homedir), '0750'); $app->file->mkdirs(escapeshellcmd($homedir), '0750');
$app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['username'])); $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup'])); $app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
$app->system->web_folder_protection($web['document_root'], true); $app->system->web_folder_protection($web['document_root'], true);
} else { } else {
...@@ -407,6 +407,12 @@ class shelluser_base_plugin { ...@@ -407,6 +407,12 @@ class shelluser_base_plugin {
} }
$sshrsa = trim($sshrsa); $sshrsa = trim($sshrsa);
$usrdir = escapeshellcmd($this->data['new']['dir']); $usrdir = escapeshellcmd($this->data['new']['dir']);
//* Home directory of the new shell user
if($this->data['new']['chroot'] == 'jailkit') {
$usrdir = escapeshellcmd($this->data['new']['dir']);
} else {
$usrdir = escapeshellcmd($this->data['new']['dir'].'/home/'.$this->data['new']['username']);
}
$sshdir = $usrdir.'/.ssh'; $sshdir = $usrdir.'/.ssh';
$sshkeys= $usrdir.'/.ssh/authorized_keys'; $sshkeys= $usrdir.'/.ssh/authorized_keys';
......
Markdown is supported