diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index 70bed24d10ae482f7e2c853f081e10cb24eec824..c4beb0dffa6757e0179cb5fa4ed3ede79bf2aaab 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -1076,6 +1076,8 @@ class installer_dist extends installer_base { caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist'; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); //* Make the global language file directory group writable exec("chmod -R 770 $install_dir/interface/lib/lang"); @@ -1149,6 +1151,11 @@ class installer_dist extends installer_base { $command = "chmod +x $install_dir/server/scripts/*.sh"; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') { + $sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';"; + $this->db->query($sql, $conf['interface_password']); + } + if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){ //* Copy the ISPConfig vhost for the controlpanel // TODO: These are missing! should they be "vhost_dist_*_dir" ? diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php index 46bd662535dbdec8a00c940c747001531c4e1f3d..d3a718244ca726a4aa22dd1611ce7fac6ba30993 100644 --- a/install/dist/lib/gentoo.lib.php +++ b/install/dist/lib/gentoo.lib.php @@ -996,7 +996,9 @@ class installer extends installer_base caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); - + $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist'; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + //* Make the global language file directory group writable exec("chmod -R 770 $install_dir/interface/lib/lang"); @@ -1076,6 +1078,11 @@ class installer extends installer_base $command = "chmod +x $install_dir/server/scripts/*.sh"; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') { + $sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';"; + $this->db->query($sql, $conf['interface_password']); + } + if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){ //* Copy the ISPConfig vhost for the controlpanel $content = $this->get_template_file("apache_ispconfig.vhost", true); diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 598f98ec431ab1defc4f9dff524e3ff99cd3a9c5..7df8d1abaeb49156ffa1c211a84ce9ae83898939 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -1094,7 +1094,9 @@ class installer_dist extends installer_base { caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); - + $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist'; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + //* Make the global language file directory group writable exec("chmod -R 770 $install_dir/interface/lib/lang"); @@ -1170,6 +1172,11 @@ class installer_dist extends installer_base { $command = "chmod +x $install_dir/server/scripts/*.sh"; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') { + $sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';"; + $this->db->query($sql, $conf['interface_password']); + } + if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){ //* Copy the ISPConfig vhost for the controlpanel // TODO: These are missing! should they be "vhost_dist_*_dir" ? diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index a504b3b255b85998ed90180269e09716241b0f0b..fbef274d0bb68b54f56905a57b85fe9f9d56739b 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -2499,7 +2499,9 @@ class installer_base { caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); - + $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist'; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + //* Make the global language file directory group writable exec("chmod -R 770 $install_dir/interface/lib/lang"); diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php index 48349aec0f81a0639f82e394857dedf169118fbf..b107ca3624e3f6548bb0b70f37e7da7397e0f282 100755 --- a/interface/lib/app.inc.php +++ b/interface/lib/app.inc.php @@ -299,14 +299,14 @@ class app { $this->tpl->setVar('phpsessid', session_id()); - $this->tpl->setVar('theme', $_SESSION['s']['theme']); + $this->tpl->setVar('theme', $_SESSION['s']['theme'], true); $this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']); $this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation')); //print_r($_SESSION); if(isset($_SESSION['s']['module']['name'])) { - $this->tpl->setVar('app_module', $_SESSION['s']['module']['name']); - $this->tpl->setVar('session_module', $_SESSION['s']['module']['name']); + $this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true); + $this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true); } if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { $this->tpl->setVar('is_admin', 1); @@ -316,7 +316,7 @@ class app { } /* Show username */ if(isset($_SESSION['s']['user'])) { - $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']); + $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true); $this->tpl->setVar('logout_txt', $this->lng('logout_txt')); /* Show search field only for normal users, not mail users */ if(stristr($_SESSION['s']['user']['username'], '@')){ @@ -343,7 +343,7 @@ $app = new app(); // load and enable PHP Intrusion Detection System (PHPIDS) $ids_security_config = $app->getconf->get_security_config('ids'); -if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') { +if(is_dir(ISPC_CLASS_PATH.'/IDS') && !defined('REMOTE_API_CALL') && ($ids_security_config['ids_anon_enabled'] == 'yes' || $ids_security_config['ids_user_enabled'] == 'yes' || $ids_security_config['ids_admin_enabled'] == 'yes')) { $app->uses('ids'); $app->ids->start(); } diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php index 7433104607d19a8085c67cf900ba837ba1298f25..e3bf695dfcd8cc5b339131ed00f7ea6e5f7341fd 100644 --- a/interface/lib/classes/db_mysql.inc.php +++ b/interface/lib/classes/db_mysql.inc.php @@ -470,7 +470,7 @@ class db { public function escape($sString) { global $app; if(!is_string($sString) && !is_numeric($sString)) { - $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO); + $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_DEBUG); //$sAddMsg = getDebugBacktrace(); $app->log($sAddMsg, LOGLEVEL_DEBUG); $sString = ''; @@ -479,7 +479,7 @@ class db { $cur_encoding = mb_detect_encoding($sString); if($cur_encoding != "UTF-8") { if($cur_encoding != 'ASCII') { - if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO); + if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_DEBUG); if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding); else $sString = mb_convert_encoding($sString, 'UTF-8'); } diff --git a/interface/lib/classes/ids.inc.php b/interface/lib/classes/ids.inc.php index ac5cb1912897f0eb0355715c24985092bc4d386a..abdf32b30251543045b0302158378748eba17d8b 100644 --- a/interface/lib/classes/ids.inc.php +++ b/interface/lib/classes/ids.inc.php @@ -118,7 +118,25 @@ class ids { $impact = $ids_result->getImpact(); - if($impact >= $security_config['ids_log_level']) { + // Choose level from security config + if($app->auth->is_admin()) { + // User is admin + $ids_log_level = $security_config['ids_admin_log_level']; + $ids_warn_level = $security_config['ids_admin_warn_level']; + $ids_block_level = $security_config['ids_admin_block_level']; + } elseif(is_array($_SESSION['s']['user']) && $_SESSION['s']['user']['userid'] > 0) { + // User is Client or Reseller + $ids_log_level = $security_config['ids_user_log_level']; + $ids_warn_level = $security_config['ids_user_warn_level']; + $ids_block_level = $security_config['ids_user_block_level']; + } else { + // Not logged in + $ids_log_level = $security_config['ids_anon_log_level']; + $ids_warn_level = $security_config['ids_anon_warn_level']; + $ids_block_level = $security_config['ids_anon_block_level']; + } + + if($impact >= $ids_log_level) { $ids_log = ISPC_ROOT_PATH.'/temp/ids.log'; if(!is_file($ids_log)) touch($ids_log); @@ -132,11 +150,11 @@ class ids { } - if($impact >= $security_config['ids_warn_level']) { + if($impact >= $ids_warn_level) { $app->log("PHP IDS Alert.".$ids_result, 2); } - if($impact >= $security_config['ids_block_level']) { + if($impact >= $ids_block_level) { $app->error("Possible attack detected. This action has been logged.",'', true, 2); } diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php index bc764caefe0dbb144b53d6c87826bad5edb0a637..c9d8340e02e290de97bedba9a4edb530aca6a7b4 100644 --- a/interface/lib/classes/plugin_listview.inc.php +++ b/interface/lib/classes/plugin_listview.inc.php @@ -56,7 +56,7 @@ class plugin_listview extends plugin_base { // $app->listform->listDef["page_params"] = "&id=".$app->tform_actions->id."&next_tab=".$_SESSION["s"]["form"]["tab"]; $app->listform->listDef["page_params"] = "&id=".$this->form->id."&next_tab=".$_SESSION["s"]["form"]["tab"]; $listTpl->setVar('parent_id', $this->form->id); - $listTpl->setVar('theme', $_SESSION['s']['theme']); + $listTpl->setVar('theme', $_SESSION['s']['theme'], true); // Generate the SQL for searching $sql_where = ""; @@ -193,13 +193,13 @@ class plugin_listview extends plugin_base { $listTpl->setVar('phpsessid', session_id()); - $listTpl->setVar('theme', $_SESSION['s']['theme']); + $listTpl->setVar('theme', $_SESSION['s']['theme'], true); $listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']); $listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation')); //print_r($_SESSION); if(isset($_SESSION['s']['module']['name'])) { - $listTpl->setVar('app_module', $_SESSION['s']['module']['name']); + $listTpl->setVar('app_module', $_SESSION['s']['module']['name'], true); } if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { $listTpl->setVar('is_admin', 1); @@ -209,7 +209,7 @@ class plugin_listview extends plugin_base { } /* Show username */ if(isset($_SESSION['s']['user'])) { - $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']); + $listTpl->setVar('cpuser', $_SESSION['s']['user']['username'], true); $listTpl->setVar('logout_txt', $app->lng('logout_txt')); /* Show search field only for normal users, not mail users */ if(stristr($_SESSION['s']['user']['username'], '@')){ diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 503bd24eb83db64554010944519b9c79898b6bb1..b28e50322454c93df811dc94a70549d0a23931a2 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -115,11 +115,18 @@ class tform extends tform_base { // Show the same tab again in case of an error $active_tab = $_SESSION["s"]["form"]["tab"]; } + + if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$active_tab)) { + die('Invalid next tab name.'); + } return $active_tab; } function getCurrentTab() { + if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$_SESSION["s"]["form"]["tab"])) { + die('Invalid current tab name.'); + } return $_SESSION["s"]["form"]["tab"]; } diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index e0ff25145575407e09e062b40f57e462e99c5c2d..f277c51274f3e8e4f9c5f03814f07367c7a8fcf2 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -287,7 +287,7 @@ class tform_actions { global $app, $conf; $app->tpl->setVar("error", "
  • ".$app->tform->errorMessage."
    • "); - $app->tpl->setVar($this->dataRecord); + $app->tpl->setVar($this->dataRecord, null, true); $this->onShow(); } diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php index a0e196571cb29883654eff680d0e454699dd84ae..12583e210dbf951a0b659f99ac68293e9d29b623 100644 --- a/interface/lib/classes/tform_base.inc.php +++ b/interface/lib/classes/tform_base.inc.php @@ -245,7 +245,7 @@ class tform_base { */ function decode($record, $tab) { global $conf, $app; - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: ".$app->functions->htmlentities($tab).")."); return $this->_decode($record, $tab, false); } @@ -416,7 +416,7 @@ class tform_base { $this->action = $action; if(!is_array($this->formDef)) $app->error("No form definition found."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).")."); /* CSRF PROTECTION */ // generate csrf protection id and key @@ -868,7 +868,7 @@ class tform_base { function encode($record, $tab, $dbencode = true) { global $app; - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).")."); return $this->_encode($record, $tab, $dbencode, false); } @@ -1446,7 +1446,7 @@ class tform_base { } if(!is_array($this->formDef)) $app->error("Form definition not found."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).")."); return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false); } diff --git a/interface/lib/classes/tpl.inc.php b/interface/lib/classes/tpl.inc.php index 2104cf61a5f50ea4dbd3e2bd52eb19c496158496..efaf4c072a8ceac226b9fb5d243fdadb4fa0d9f7 100644 --- a/interface/lib/classes/tpl.inc.php +++ b/interface/lib/classes/tpl.inc.php @@ -226,21 +226,26 @@ if (!defined('vlibTemplateClassLoaded')) { * using the keys as variable names and the values as variable values. * @param mixed $k key to define variable name * @param mixed $v variable to assign to $k + * @param bool $encode if set to true use htmlentities on values * @return boolean true/false * @access public */ - public function setVar($k, $v = null) + public function setVar($k, $v = null, $encode = false) { + global $app; + if (is_array($k)) { foreach($k as $key => $value){ $key = ($this->OPTIONS['CASELESS']) ? strtolower(trim($key)) : trim($key); if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $key) && $value !== null ) { + if($encode == true) $value = $app->functions->htmlentities($value); $this->_vars[$key] = $value; } } } else { if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $k) && $v !== null) { if ($this->OPTIONS['CASELESS']) $k = strtolower($k); + if($encode == true) $v = $app->functions->htmlentities($v); $this->_vars[trim($k)] = $v; } else { return false; diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php index e59cd4e30b6ac671c6694e33e63c766067c29f0c..9a2af803663f84f1b93734890b1da9edf2ee1cb2 100644 --- a/interface/lib/classes/validate_cron.inc.php +++ b/interface/lib/classes/validate_cron.inc.php @@ -52,7 +52,7 @@ class validate_cron { if($parsed["scheme"] != "http" && $parsed["scheme"] != "https") return $this->get_error($validator['errmsg']); - if(preg_match("'^([a-z0-9][a-z0-9\-]{0,62}\.)+([A-Za-z0-9\-]{2,30})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']); + if(preg_match("'^([a-z0-9][a-z0-9_\-]{0,62}\.)+([A-Za-z0-9\-]{2,30})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']); } if(strpos($field_value, "\n") !== false || strpos($field_value, "\r") !== false || strpos($field_value, chr(0)) !== false) { return $this->get_error($validator['errmsg']); diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php index b572467fe08fbdeeb434a3b9ae81241f932f0991..01293abd6dee259d722f64417c4bc311129bf935 100644 --- a/interface/lib/classes/validate_domain.inc.php +++ b/interface/lib/classes/validate_domain.inc.php @@ -51,6 +51,9 @@ class validate_domain { $result = $this->_check_unique($field_value); if(!$result) return $this->get_error('domain_error_unique'); + + $pattern = '/\.acme\.invalid$/'; + if(preg_match($pattern, $field_value)) return $this->get_error('domain_error_acme_invalid'); } /* Validator function for sub domain */ @@ -65,6 +68,9 @@ class validate_domain { $result = $this->_check_unique($field_value); if(!$result) return $this->get_error('domain_error_unique'); + + $pattern = '/\.acme\.invalid$/'; + if(preg_match($pattern, $field_value)) return $this->get_error('domain_error_acme_invalid'); } /* Validator function for alias domain */ @@ -77,6 +83,9 @@ class validate_domain { $result = $this->_check_unique($field_value); if(!$result) return $this->get_error('domain_error_unique'); + + $pattern = '/\.acme\.invalid$/'; + if(preg_match($pattern, $field_value)) return $this->get_error('domain_error_acme_invalid'); } /* Validator function for checking the auto subdomain of a web/aliasdomain */ @@ -141,6 +150,44 @@ class validate_domain { } } + /* Check nginx directives */ + function web_nginx_directives($field_name, $field_value, $validator) { + global $app; + + if(trim($field_value) != '') { + $security_config = $app->getconf->get_security_config('ids'); + + if($security_config['nginx_directives_scan_enabled'] == 'yes') { + + // Get blacklist + $blacklist_path = '/usr/local/ispconfig/security/nginx_directives.blacklist'; + if(is_file('/usr/local/ispconfig/security/nginx_directives.blacklist.custom')) $blacklist_path = '/usr/local/ispconfig/security/nginx_directives.blacklist.custom'; + if(!is_file($blacklist_path)) $blacklist_path = realpath(ISPC_ROOT_PATH.'/../security/nginx_directives.blacklist'); + + $directives = explode("\n",$field_value); + $regex = explode("\n",file_get_contents($blacklist_path)); + $blocked = false; + $blocked_line = ''; + + if(is_array($directives) && is_array($regex)) { + foreach($directives as $directive) { + $directive = trim($directive); + foreach($regex as $r) { + if(preg_match(trim($r),$directive)) { + $blocked = true; + $blocked_line .= $directive.'
    '; + }; + } + } + } + } + } + + if($blocked === true) { + return $this->get_error('nginx_directive_blocked_error').' '.$blocked_line; + } + } + /* internal validator function to match regexp */ function _regex_validate($domain_name, $allow_wildcard = false) { diff --git a/interface/web/admin/directive_snippets_edit.php b/interface/web/admin/directive_snippets_edit.php index de803581e07d373a23bfce05e490772d041788b4..b12da0a79bf28f000b0c11103db13482557608ad 100644 --- a/interface/web/admin/directive_snippets_edit.php +++ b/interface/web/admin/directive_snippets_edit.php @@ -70,9 +70,9 @@ class page_action extends tform_actions { if($this->id > 0){ if($this->dataRecord['master_directive_snippets_id'] > 0){ $is_master = true; - $app->tpl->setVar("name", $this->dataRecord['name']); - $app->tpl->setVar("type", $this->dataRecord['type']); - $app->tpl->setVar("snippet", $this->dataRecord['snippet']); + $app->tpl->setVar("name", $this->dataRecord['name'], true); + $app->tpl->setVar("type", $this->dataRecord['type'], true); + $app->tpl->setVar("snippet", $this->dataRecord['snippet'], true); } } $app->tpl->setVar("is_master", $is_master); diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php index 4ee72aa954c6baf3302154e359c03b7a70aef261..01cad2b815b1c09775bf0a95ac31b57e01dcefec 100644 --- a/interface/web/admin/firewall_edit.php +++ b/interface/web/admin/firewall_edit.php @@ -57,7 +57,7 @@ class page_action extends tform_actions { if($this->id ==0) { //* new record $server_list = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id NOT IN (SELECT server_id FROM firewall) ORDER BY server_name"); if(is_array($server_list)) { - foreach( $server_list as $server) $server_select .= "\r\n"; + foreach( $server_list as $server) $server_select .= "\r\n"; } $app->tpl->setVar('server_id', $server_select); } diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php index 5b446c0494adea6818d9292e830718c9efd435f6..b146d8f295d991ed6161f59349373a3800561aa0 100644 --- a/interface/web/admin/server_edit.php +++ b/interface/web/admin/server_edit.php @@ -61,7 +61,7 @@ class page_action extends tform_actions { if(is_array($mirror_servers)) { foreach( $mirror_servers as $mirror_server) { $selected = ($mirror_server["server_id"] == $this->dataRecord['mirror_server_id'])?'SELECTED':''; - $mirror_server_select .= "\r\n"; + $mirror_server_select .= "\r\n"; } } $app->tpl->setVar("mirror_server_id", $mirror_server_select); diff --git a/interface/web/admin/server_ip_map_edit.php b/interface/web/admin/server_ip_map_edit.php index 4442287132f6f8c1c9b775b178c9b69dc1297d85..b5188673093184891d15b04dea9e82fed61f6d09 100644 --- a/interface/web/admin/server_ip_map_edit.php +++ b/interface/web/admin/server_ip_map_edit.php @@ -52,7 +52,7 @@ class page_action extends tform_actions { if(is_array($servers)) { foreach($servers as $server) { $selected = ($server['server_id'] == $this->dataRecord['server_id'])?'SELECTED':''; - $server_select .= "\r\n"; + $server_select .= "\r\n"; } } unset($servers); @@ -65,7 +65,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip['ip_address'] == $this->dataRecord['source_ip'])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } unset($ips); diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php index 1540bfbfd7528d3f8bb8a5e91a9bc96aa140aa03..8bef6e9d634868439d7d57ff49f8ab78e4341e26 100644 --- a/interface/web/client/client_del.php +++ b/interface/web/client/client_del.php @@ -128,13 +128,12 @@ class page_action extends tform_actions { $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id); // Delete all records (sub-clients, mail, web, etc....) of this client. - $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist'; + $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist,spamfilter_wblist'; $tables_array = explode(',', $tables); $client_group_id = $app->functions->intval($client_group['groupid']); if($client_group_id > 1) { foreach($tables_array as $table) { if($table != '') { - $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id); //* find the primary ID of the table $table_info = $app->db->tableInfo($table); $index_field = ''; @@ -143,6 +142,7 @@ class page_action extends tform_actions { } //* Delete the records if($index_field != '') { + $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ? ORDER BY ?? DESC", $table, $client_group_id, $index_field); if(is_array($records)) { foreach($records as $rec) { $app->db->datalogDelete($table, $index_field, $rec[$index_field]); diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php index eb8bcdbae244e1e5a93958cd2a3f8cabf042ffb6..b4638bd2151ce076df7d96970166e163552d21ea 100644 --- a/interface/web/client/client_message.php +++ b/interface/web/client/client_message.php @@ -114,9 +114,9 @@ if(isset($_POST) && count($_POST) > 1) { } } else { - $app->tpl->setVar('sender', $_POST['sender']); - $app->tpl->setVar('subject', $_POST['subject']); - $app->tpl->setVar('message', $_POST['message']); + $app->tpl->setVar('sender', $_POST['sender'], true); + $app->tpl->setVar('subject', $_POST['subject'], true); + $app->tpl->setVar('message', $_POST['message'], true); } } else { // pre-fill Sender field with reseller's email address diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php index 7d285ac7ef86e6bd1f6ee7a379ef21cb24f62e7d..1c11ff89577afc49c921d82646e5749fb342ec1b 100644 --- a/interface/web/client/message_template_edit.php +++ b/interface/web/client/message_template_edit.php @@ -80,7 +80,7 @@ class page_action extends tform_actions { if($field_name['Field'] == 'gender'){ $message_variables .= '{salutation} '; } else { - $message_variables .= '{'.$field_name['Field'].'} '; + $message_variables .= '{'.$app->functions->htmlentities($field_name['Field']).'} '; } } } diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php index 7f7e6856dbe45c494a3121277bcbb669774519c5..35bac0d0c6254b642fc8a198b28209cb64109f49 100644 --- a/interface/web/dns/dns_dkim_edit.php +++ b/interface/web/dns/dns_dkim_edit.php @@ -76,8 +76,8 @@ class page_action extends tform_actions { if(isset($sql['domain']) && $sql['domain'] != '') { if($sql['dkim'] == 'y') { $public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']); - $app->tpl->setVar('public_key', $public_key); - $app->tpl->setVar('selector', $sql['dkim_selector']); + $app->tpl->setVar('public_key', $public_key, true); + $app->tpl->setVar('selector', $sql['dkim_selector'], true); } else { //TODO: show warning - use mail_domain for dkim and enabled dkim } @@ -85,7 +85,7 @@ class page_action extends tform_actions { } else { $app->tpl->setVar('edit_disabled', 0); } - $app->tpl->setVar('name', $soa['origin']); + $app->tpl->setVar('name', $soa['origin'], true); } diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php index c806c7c20e4a44c35f4866c3a5b93dc2531b2288..7f915074d75deccbf9f3f62cbb2e75a7b8ab6da2 100644 --- a/interface/web/dns/dns_dmarc_edit.php +++ b/interface/web/dns/dns_dmarc_edit.php @@ -93,7 +93,7 @@ class page_action extends tform_actions { if ( isset($rec) && !empty($rec) ) { $this->id = 1; $old_data = strtolower($rec['data']); - $app->tpl->setVar("data", $old_data); + $app->tpl->setVar("data", $old_data, true); if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED"); $dmarc_rua = ''; $dmarc_ruf = ''; @@ -123,7 +123,7 @@ class page_action extends tform_actions { } //set html-values - $app->tpl->setVar('domain', $domain_name); + $app->tpl->setVar('domain', $domain_name, true); //create dmarc-policy-list $dmarc_policy_value = array( @@ -138,9 +138,9 @@ class page_action extends tform_actions { } $app->tpl->setVar('dmarc_policy', $dmarc_policy_list); - if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua); + if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua, true); - if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf); + if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf, true); //set dmarc-fo-options if (isset($dmarc_fo)) { @@ -178,9 +178,9 @@ class page_action extends tform_actions { if ( strpos($dmarc_rf, 'afrf') !== false ) $app->tpl->setVar("dmarc_rf_afrf", 'CHECKED'); if ( strpos($dmarc_rf, 'iodef') !== false ) $app->tpl->setVar("dmarc_rf_iodef", 'CHECKED'); - $app->tpl->setVar("dmarc_pct", $dmarc_pct); + $app->tpl->setVar("dmarc_pct", $dmarc_pct, true); - $app->tpl->setVar("dmarc_ri", $dmarc_ri); + $app->tpl->setVar("dmarc_ri", $dmarc_ri, true); //create dmarc-sp-list $dmarc_sp_value = array( diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php index fb66b7b176ae6392add54894cab364f0b3d6fbe1..405e437838a4895687790f11fbe5dcd971477560 100644 --- a/interface/web/dns/dns_import.php +++ b/interface/web/dns/dns_import.php @@ -587,6 +587,15 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name' if($dns_rr[$r]['type'] == 'NS' && $dns_rr[$r]['name'] == $soa['name']){ unset($dns_rr[$r]); } + + $valid = true; + $dns_rr[$r]['ttl'] = $app->functions->intval($dns_rr[$r]['ttl']); + $dns_rr[$r]['aux'] = $app->functions->intval($dns_rr[$r]['aux']); + $dns_rr[$r]['data'] = strip_tags($dns_rr[$r]['data']); + if(!preg_match('/^[a-zA-Z0-9\.\-\*]{0,64}$/',$dns_rr[$r]['name'])) $valid == false; + if(!in_array(strtoupper($dns_rr[$r]['type']),array('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY'))) $valid == false; + if($valid == false) unset($dns_rr[$r]); + $r++; } $i++; diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php index 4d588ef8e032ab1e0bfd3ae270aacb6bc8292d85..117b101b875de812e10160b1bfe37031164cecb8 100644 --- a/interface/web/dns/dns_slave_edit.php +++ b/interface/web/dns/dns_slave_edit.php @@ -132,7 +132,7 @@ class page_action extends tform_actions { if ($domain['domain'].'.' == $this->dataRecord["origin"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".\r\n"; } } else { @@ -149,7 +149,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php index 6faefac3903ec588d400fa2b8bb48e69a612ac35..9b36daee1500fb07ecf1c8b5f43668be3a063c96 100644 --- a/interface/web/dns/dns_soa_edit.php +++ b/interface/web/dns/dns_soa_edit.php @@ -179,7 +179,7 @@ class page_action extends tform_actions { $options_dns_servers = ""; foreach ($dns_servers as $dns_server) { - $options_dns_servers .= ''; + $options_dns_servers .= ''; } $app->tpl->setVar("client_server_id", $options_dns_servers); @@ -200,7 +200,7 @@ class page_action extends tform_actions { if ($domain['domain'].'.' == $this->dataRecord["origin"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".\r\n"; } } else { @@ -217,12 +217,12 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id); if(is_array($datalog) && !empty($datalog)){ if(trim($datalog['error']) != ''){ - $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error']))); + $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error']))); $app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp'])); } } diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php index ca109272d8aa17111c7094c7a5eb05386a0feb7a..94096662a1e8e0af7e0e228d322d0c955076b8f2 100644 --- a/interface/web/dns/dns_spf_edit.php +++ b/interface/web/dns/dns_spf_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { $this->id = 1; $old_data = strtolower($rec['data']); - $app->tpl->setVar("data", $old_data); + $app->tpl->setVar("data", $old_data, true); if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED"); $spf_hostname = ''; @@ -108,9 +108,9 @@ class page_action extends tform_actions { } //set html-values - $app->tpl->setVar("spf_ip", $spf_ip); - $app->tpl->setVar("spf_hostname", $spf_hostname); - $app->tpl->setVar("spf_domain", $spf_domain); + $app->tpl->setVar("spf_ip", $spf_ip, true); + $app->tpl->setVar("spf_hostname", $spf_hostname, true); + $app->tpl->setVar("spf_domain", $spf_domain, true); //create spf-mechanism-list $spf_mechanism_value = array( '+' => 'spf_mechanism_pass_txt', diff --git a/interface/web/dns/dns_srv_edit.php b/interface/web/dns/dns_srv_edit.php index e2b290ab9f1f52a1a3ab3a6786aa5ef5f5b0fdf8..16c1086db3a74452c56a37510a9ef9862739169d 100644 --- a/interface/web/dns/dns_srv_edit.php +++ b/interface/web/dns/dns_srv_edit.php @@ -51,9 +51,9 @@ class page_action extends dns_page_action { // Split the 3 parts of the SRV Record apart $split = explode(' ', $this->dataRecord['data']); - $app->tpl->setVar('weight', $split[0]); - $app->tpl->setVar('port', $split[1]); - $app->tpl->setVar('target', $split[2]); + $app->tpl->setVar('weight', $split[0], true); + $app->tpl->setVar('port', $split[1], true); + $app->tpl->setVar('target', $split[2], true); parent::onShowEnd(); } diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index 0e955bee09044a9a339b90ea74b631b0ff619db3..32112560a48ba9747f18eee43570acb6c4a96493 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -183,7 +183,7 @@ if(is_array($fields)) { } else { $app->tpl->setVar($field."_VISIBLE", 1); $field = strtolower($field); - $app->tpl->setVar($field, $_POST[$field]); + $app->tpl->setVar($field, $_POST[$field], true); } } } diff --git a/interface/web/help/faq_delete.php b/interface/web/help/faq_delete.php index e8f36272786fec032bb0d9d23df22a8258b4199a..c1faed60d99afdad537d4447cd009d2f7e49ff50 100644 --- a/interface/web/help/faq_delete.php +++ b/interface/web/help/faq_delete.php @@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the form $app->uses('tform_actions'); diff --git a/interface/web/help/faq_edit.php b/interface/web/help/faq_edit.php index 629bde88c798f7105ad1b3621ab3cfcfa85fc06f..397f5cccf4233b4a5cefb4485a1f27617d68a1cf 100644 --- a/interface/web/help/faq_edit.php +++ b/interface/web/help/faq_edit.php @@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check the module permissions and redirect if not allowed. -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the templating and form classes $app->uses('tpl,tform,tform_actions'); diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php index 4ea86722cfe07a78b4b8016d9775edc3ac38e952..c647fbf6eb01b8edf65b98ec6dc49ca261845038 100644 --- a/interface/web/help/faq_list.php +++ b/interface/web/help/faq_list.php @@ -11,10 +11,7 @@ require_once '../../lib/classes/parsedown/parsedown_extra.php'; $list_def_file = 'list/faq_list.php'; // Check the module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die(); -} +$app->auth->check_module_permissions('help'); // Loading the class $app->uses('listform_actions'); @@ -47,7 +44,7 @@ $override->SQLExtWhere = "help_faq.hf_section = $hf_section"; if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section); // Start the form rendering and action ahndling -echo "

    FAQ: ".$res['hfs_name']."

    "; -if($hf_section) $override->onLoad(); +echo "

    FAQ: ".$app->functions->htmlentities($res['hfs_name'])."

    "; +if($hf_section) $app->listform_actions->onLoad(); ?> diff --git a/interface/web/help/faq_manage_questions_list.php b/interface/web/help/faq_manage_questions_list.php index e72824458683f78bd7a2c8323049a5c636931bd3..ae29e752fca36db0737c78171658ab5077dda556 100644 --- a/interface/web/help/faq_manage_questions_list.php +++ b/interface/web/help/faq_manage_questions_list.php @@ -6,7 +6,7 @@ require_once '../../lib/app.inc.php'; $list_def_file = "list/faq_manage_questions_list.php"; //* Check permissions for module -$app->auth->check_module_permissions('help'); +$app->auth->check_module_permissions('admin'); //* Loading the class $app->uses('listform_actions'); diff --git a/interface/web/help/faq_sections_delete.php b/interface/web/help/faq_sections_delete.php index adcacf4376233fe21b53068b89986d736282ae68..865071ff252cc507ef6748322f38cfa341e648d9 100644 --- a/interface/web/help/faq_sections_delete.php +++ b/interface/web/help/faq_sections_delete.php @@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the form $app->uses('tform_actions'); diff --git a/interface/web/help/faq_sections_edit.php b/interface/web/help/faq_sections_edit.php index 32f0123466c98c6c80235cf4888a459521569afe..f146db8605dd34e9c9980871f4a88923c431c9b5 100644 --- a/interface/web/help/faq_sections_edit.php +++ b/interface/web/help/faq_sections_edit.php @@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php'; require_once '../../lib/app.inc.php'; // Check the module permissions and redirect if not allowed. -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die; -} +$app->auth->check_module_permissions('admin'); // Load the templating and form classes $app->uses('tpl,tform,tform_actions'); diff --git a/interface/web/help/faq_sections_list.php b/interface/web/help/faq_sections_list.php index 4acb4ae20e107942d62815d38d93baa176d39373..7ce9fb0235cba91f44c3930e98b423c0340c1ba2 100644 --- a/interface/web/help/faq_sections_list.php +++ b/interface/web/help/faq_sections_list.php @@ -7,10 +7,7 @@ require_once '../../lib/app.inc.php'; $list_def_file = 'list/faq_sections_list.php'; // Check the module permissions -if(!stristr($_SESSION['s']['user']['modules'], 'help')) { - header('Location: ../index.php'); - die(); -} +$app->auth->check_module_permissions('admin'); // Loading the class $app->uses('listform_actions'); diff --git a/interface/web/help/form/faq.tform.php b/interface/web/help/form/faq.tform.php index e795f3566f034c9f56a2f79f1f221e31b45a2fc2..e440de7e6b87103b3f42e04784192268cf4bb61c 100644 --- a/interface/web/help/form/faq.tform.php +++ b/interface/web/help/form/faq.tform.php @@ -79,6 +79,12 @@ $form['tabs']['message'] = array( 'errmsg'=> 'subject_is_empty' ), ), + 'filters' => array( + 0 => array( 'event' => 'SAVE', + 'type' => 'STRIPTAGS'), + 1 => array( 'event' => 'SAVE', + 'type' => 'STRIPNL') + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/help/templates/help_faq_list.htm b/interface/web/help/templates/help_faq_list.htm index e81dae2e0ba7279ce2c4f5a03203c4e0e04cf15f..28850fe8300e881a6a8407e5e27c516ec48e0ef1 100644 --- a/interface/web/help/templates/help_faq_list.htm +++ b/interface/web/help/templates/help_faq_list.htm @@ -12,5 +12,3 @@
    - - diff --git a/interface/web/index.php b/interface/web/index.php index 4a2103208101e69633d6a18923fc1d81f9137b7e..1bccb1ebe17093938c57fcfadaba577057875ea4 100644 --- a/interface/web/index.php +++ b/interface/web/index.php @@ -41,7 +41,7 @@ if(!isset($_SESSION['s']['module']['name'])) $_SESSION['s']['module']['name'] = $app->uses('tpl'); $app->tpl->newTemplate('main.tpl.htm'); -$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : ''); +$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '', true); $app->tpl->setVar('logged_in', ($_SESSION['s']['user']['active'] != 1 ? 'n' : 'y')); // tab change warning? @@ -93,7 +93,7 @@ if(@is_dir($js_d)) { if (!empty($js_d_files)) $app->tpl->setLoop('js_d_includes', $js_d_files); unset($js_d_files); -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); // Logo $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); diff --git a/interface/web/login/index.php b/interface/web/login/index.php index 303e2e88c5a96fc25975d417ecdd2c99d51cd5fc..6fdeab35ee124aa08dbe3ceee2c429c17782a87b 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -347,7 +347,7 @@ $app->tpl->setVar('login_button_txt', $app->lng('login_button_txt')); $app->tpl->setVar('session_timeout', $server_config_array['session_timeout']); $app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']); //$app->tpl->setInclude('content_tpl', 'login/templates/index.htm'); -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); //die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); // Logo diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php index c0d454cd326fce1f1e6ae5d72b55bcf5675cfbb2..e6976bff734798d0c5ee59440c161f072465540c 100644 --- a/interface/web/login/password_reset.php +++ b/interface/web/login/password_reset.php @@ -156,7 +156,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != ' if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']); } -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); // Logo $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); diff --git a/interface/web/mail/form/mail_forward.tform.php b/interface/web/mail/form/mail_forward.tform.php index 260d953982778b81ccc453b926e398f84b52f3e0..3c902b4221f717c456133c748238c8e1d77304cd 100644 --- a/interface/web/mail/form/mail_forward.tform.php +++ b/interface/web/mail/form/mail_forward.tform.php @@ -100,9 +100,7 @@ $form["tabs"]['forward'] = array ( 2 => array( 'event' => 'SAVE', 'type' => 'TOLOWER'), 3 => array( 'event' => 'SAVE', - 'type' => 'STRIPTAGS'), - 4 => array( 'event' => 'SAVE', - 'type' => 'STRIPNL') + 'type' => 'STRIPTAGS') ), 'default' => '', 'value' => '', diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php index 4292f8f4c2e405c45256a8cdf35000c9eefe8f3c..eb7ff4b4d639f34b887ea6f96bfdd5c1b414d2aa 100644 --- a/interface/web/mail/mail_alias_edit.php +++ b/interface/web/mail/mail_alias_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_aliasdomain_edit.php b/interface/web/mail/mail_aliasdomain_edit.php index 918a5f3a05b47a9e3a16a328c030e4d8eaafa35d..ef3b16275c5bf4bf69e5df1de50aa10150cd1d41 100644 --- a/interface/web/mail/mail_aliasdomain_edit.php +++ b/interface/web/mail/mail_aliasdomain_edit.php @@ -82,9 +82,9 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$source_domain)?'SELECTED':''; - $source_select .= "\r\n"; + $source_select .= "\r\n"; $selected = ($domain["domain"] == @$destination_domain)?'SELECTED':''; - $destination_select .= "\r\n"; + $destination_select .= "\r\n"; } } $app->tpl->setVar("source_domain", $source_select); diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php index 60da619e14363aaaa6903febdb4ec81df3e7ed76..4ef18d45e7c8fee393a5b0666c8e5bf6cf6a1bba 100644 --- a/interface/web/mail/mail_domain_catchall_edit.php +++ b/interface/web/mail/mail_domain_catchall_edit.php @@ -82,7 +82,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index 7565752bd31c575d38731fe09af55c191ba81c70..d7d6ea4c6862bda5ff179078ae38f8efb3474c28 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -101,7 +101,7 @@ class page_action extends tform_actions { // Set the mailserver to the default server of the client $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']); - $app->tpl->setVar("server_id", ""); + $app->tpl->setVar("server_id", ""); unset($tmp); if ($settings['use_domain_module'] != 'y') { @@ -142,7 +142,7 @@ class page_action extends tform_actions { $options_mail_servers = ""; foreach ($mail_servers as $mail_server) { - $options_mail_servers .= ''; + $options_mail_servers .= ''; } $app->tpl->setVar("client_server_id", $options_mail_servers); @@ -167,7 +167,7 @@ class page_action extends tform_actions { if ($domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -193,7 +193,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); @@ -204,7 +204,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } @@ -214,10 +214,10 @@ class page_action extends tform_actions { $rec = $app->db->queryOneRecord($sql, $app->functions->intval($_GET['id'])); $dns_key = str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$rec['dkim_public']); $dns_record = $rec['dkim_selector'] . '._domainkey.' . $rec['domain'] . '. 3600 TXT v=DKIM1; t=s; p=' . $dns_key; - $app->tpl->setVar('dkim_selector', $rec['dkim_selector']); - $app->tpl->setVar('dkim_private', $rec['dkim_private']); - $app->tpl->setVar('dkim_public', $rec['dkim_public']); - if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record); + $app->tpl->setVar('dkim_selector', $rec['dkim_selector'], true); + $app->tpl->setVar('dkim_private', $rec['dkim_private'], true); + $app->tpl->setVar('dkim_public', $rec['dkim_public'], true); + if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record, true); parent::onShowEnd(); } diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php index 17ce213cb2a31a511bf09173a55493497b0b305f..ee8c5f29971b38bbe2cf27e674496eca68a1bb9a 100644 --- a/interface/web/mail/mail_forward_edit.php +++ b/interface/web/mail/mail_forward_edit.php @@ -82,7 +82,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php index e0b1a23be50ab0cb01bfef3812da2d92c34b832d..73680c8a189078b8677dbff570e2367c78ebe8c9 100644 --- a/interface/web/mail/mail_mailinglist_edit.php +++ b/interface/web/mail/mail_mailinglist_edit.php @@ -116,7 +116,7 @@ class page_action extends tform_actions { if(is_array($domains)) { foreach( $domains as $domain) { $selected = ($domain["domain"] == $this->dataRecord["domain"])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("domain_option", $domain_select); @@ -124,9 +124,9 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("listname_value", $this->dataRecord["listname"]); - $app->tpl->setVar("domain_value", $this->dataRecord["domain"]); - $app->tpl->setVar("email_value", $this->dataRecord["email"]); + $app->tpl->setVar("listname_value", $this->dataRecord["listname"], true); + $app->tpl->setVar("domain_value", $this->dataRecord["domain"], true); + $app->tpl->setVar("email_value", $this->dataRecord["email"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mail/mail_spamfilter_edit.php b/interface/web/mail/mail_spamfilter_edit.php index 6282a38b0ff85596a30322381133af5f9a8772ca..c47ec8b41a72072a94a670cd8702e1b051f735d3 100644 --- a/interface/web/mail/mail_spamfilter_edit.php +++ b/interface/web/mail/mail_spamfilter_edit.php @@ -67,7 +67,7 @@ class page_action extends tform_actions { $domain_select = ''; foreach( $domains as $domain) { $selected = ($domain["domain"] == $email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } $app->tpl->setVar("email_domain", $domain_select); diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php index 9707d2fce018433c4e8c0c84a61ba9649548d06a..65667726ad39ff8d6c0d5d5d8b18adc51b6ef705 100644 --- a/interface/web/mail/mail_transport_edit.php +++ b/interface/web/mail/mail_transport_edit.php @@ -70,6 +70,7 @@ class page_action extends tform_actions { function onShowEnd() { global $app, $conf; + $rec = array(); $types = array('smtp' => 'smtp', 'uucp' => 'uucp', 'slow' => 'slow', 'error' => 'error', 'custom' => 'custom', '' => 'null'); $tmp_parts = explode(":", $this->dataRecord["transport"]); if(!empty($this->id) && !stristr($this->dataRecord["transport"], ':')) { @@ -106,7 +107,7 @@ class page_action extends tform_actions { } } $rec["type"] = $type_select; - $app->tpl->setVar($rec); + $app->tpl->setVar($rec, null, true); unset($type); unset($types); diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index 87d3be66bbf2f4a21b0dbf12d7de76f5ab3cf34d..6cf9b34e3649b6b352d7b05fa65fcb5ceda0a58e 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -84,7 +84,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("email_domain", $domain_select); @@ -100,7 +100,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); @@ -121,7 +121,7 @@ class page_action extends tform_actions { if($this->dataRecord['autoresponder_subject'] == '') { $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject')); } else { - $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']); + $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true); } $app->uses('getconf'); diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php index b7370a2e5e9d0ac3b644faed7e23931aa813ef79..3366a40de61359cb809f549d718b884aa82bb876 100644 --- a/interface/web/mail/xmpp_domain_edit.php +++ b/interface/web/mail/xmpp_domain_edit.php @@ -165,7 +165,7 @@ class page_action extends tform_actions { $options_xmpp_servers = ""; foreach ($xmpp_servers as $xmpp_server) { - $options_xmpp_servers .= ""; + $options_xmpp_servers .= ""; } $app->tpl->setVar("client_server_id", $options_xmpp_servers); @@ -190,7 +190,7 @@ class page_action extends tform_actions { if ($domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -211,7 +211,7 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php index 16d440a9f1a5419a968765eb602d077b43b3504e..188de01ae240d7f3331509e581c82df5df0b1494 100644 --- a/interface/web/mail/xmpp_user_edit.php +++ b/interface/web/mail/xmpp_user_edit.php @@ -83,7 +83,7 @@ class page_action extends tform_actions { foreach( $domains as $domain) { $domain['domain'] = $app->functions->idn_decode($domain['domain']); $selected = ($domain["domain"] == @$jid_parts[1])?'SELECTED':''; - $domain_select .= "\r\n"; + $domain_select .= "\r\n"; } } $app->tpl->setVar("jid_domain", $domain_select); diff --git a/interface/web/mailuser/mail_user_autoresponder_edit.php b/interface/web/mailuser/mail_user_autoresponder_edit.php index 8007c0fd814ee934db7d7b08f43d18321fcffc41..d93151bf24094f72829e2da89dcfb5321b6ee413 100644 --- a/interface/web/mailuser/mail_user_autoresponder_edit.php +++ b/interface/web/mailuser/mail_user_autoresponder_edit.php @@ -84,7 +84,7 @@ class page_action extends tform_actions { if($this->dataRecord['autoresponder_subject'] == '') { $app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject')); } else { - $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']); + $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true); } parent::onShowEnd(); diff --git a/interface/web/mailuser/mail_user_cc_edit.php b/interface/web/mailuser/mail_user_cc_edit.php index 39e5bdf6f95b01fdf1d865aca92b70138ac5186e..778be781ece87a4d7ee5f35bc715c96aafb2cc01 100644 --- a/interface/web/mailuser/mail_user_cc_edit.php +++ b/interface/web/mailuser/mail_user_cc_edit.php @@ -75,7 +75,7 @@ class page_action extends tform_actions { global $app, $conf; $rec = $app->tform->getDataRecord($this->id); - $app->tpl->setVar("email", $rec['email']); + $app->tpl->setVar("email", $rec['email'], true); parent::onShowEnd(); } diff --git a/interface/web/mailuser/mail_user_password_edit.php b/interface/web/mailuser/mail_user_password_edit.php index 07a19259ea0d045e4d3d65ac939d32453dfb6b2f..5c5706177a6b2d0fa41b7a9edd386546764ed688 100644 --- a/interface/web/mailuser/mail_user_password_edit.php +++ b/interface/web/mailuser/mail_user_password_edit.php @@ -63,7 +63,7 @@ class page_action extends tform_actions { global $app, $conf; $rec = $app->tform->getDataRecord($_SESSION['s']['user']['mailuser_id']); - $app->tpl->setVar("email", $rec['email']); + $app->tpl->setVar("email", $rec['email'], true); parent::onShowEnd(); } diff --git a/interface/web/mailuser/mail_user_spamfilter_edit.php b/interface/web/mailuser/mail_user_spamfilter_edit.php index 9d3735672184d0d3c3596c0e7eb19fc59a6a27f8..abbea219376204ce922762129849da67122a4738 100644 --- a/interface/web/mailuser/mail_user_spamfilter_edit.php +++ b/interface/web/mailuser/mail_user_spamfilter_edit.php @@ -112,7 +112,7 @@ class page_action extends tform_actions { global $app, $conf; $rec = $app->tform->getDataRecord($this->id); - $app->tpl->setVar("email", $rec['email']); + $app->tpl->setVar("email", $rec['email'], true); // Get the spamfilter policys for the user $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']); @@ -122,7 +122,7 @@ class page_action extends tform_actions { if(is_array($policys)) { foreach( $policys as $p) { $selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':''; - $policy_select .= "\r\n"; + $policy_select .= "\r\n"; } } $app->tpl->setVar("policy", $policy_select); diff --git a/interface/web/remote/index.php b/interface/web/remote/index.php index 3e111394a365541e0f4ef5cbe764d7e110f8d49d..670a9db13b41b62daf99ab425174ac2d9cd03a7f 100644 --- a/interface/web/remote/index.php +++ b/interface/web/remote/index.php @@ -1,5 +1,7 @@ id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php index 213063ae89bdb70c495e630a345caa52e73987cc..71e5acaf27c120d8d332485e494de8af8fd1689a 100644 --- a/interface/web/sites/database_edit.php +++ b/interface/web/sites/database_edit.php @@ -89,7 +89,7 @@ class page_action extends tform_actions { } foreach ($tmp as $db_server) { - $options_db_servers .= ''; + $options_db_servers .= ''; } $app->tpl->setVar("server_id", $options_db_servers); @@ -112,7 +112,7 @@ class page_action extends tform_actions { } foreach ($tmp as $db_server) { - $options_db_servers .= ''; + $options_db_servers .= ''; } $app->tpl->setVar("server_id", $options_db_servers); @@ -143,22 +143,22 @@ class page_action extends tform_actions { if ($this->dataRecord['database_name'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix)); + $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix), true); } if($this->dataRecord['database_name'] == "") { - $app->tpl->setVar("database_name_prefix", $dbname_prefix); + $app->tpl->setVar("database_name_prefix", $dbname_prefix, true); } else { - $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix'])); + $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $edit_disabled = @($_SESSION["s"]["user"]["typ"] == 'admin')? 0 : 1; //* admin can change the database-name $app->tpl->setVar("edit_disabled", $edit_disabled); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]); - $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"], true); + $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php index e7bfa611a937be481efde7ae8ba7a8308cbaf01c..07fa1315f062960e5f214aefdaa3eebb19f8837b 100644 --- a/interface/web/sites/database_user_edit.php +++ b/interface/web/sites/database_user_edit.php @@ -118,13 +118,13 @@ class page_action extends tform_actions { if ($this->dataRecord['database_user'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix)); + $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix), true); } if($this->dataRecord['database_user'] == "") { - $app->tpl->setVar("database_user_prefix", $dbuser_prefix); + $app->tpl->setVar("database_user_prefix", $dbuser_prefix, true); } else { - $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix'])); + $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true); } parent::onShowEnd(); diff --git a/interface/web/sites/form/web_childdomain.tform.php b/interface/web/sites/form/web_childdomain.tform.php index 02480db42879a97058306114b8771f7cdd0ff9b2..6cfaa38c2a5188f1441d8f3db59d44bea4a1f3be 100644 --- a/interface/web/sites/form/web_childdomain.tform.php +++ b/interface/web/sites/form/web_childdomain.tform.php @@ -125,7 +125,7 @@ $form["tabs"]['domain'] = array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '@^(([\.]{0})|((ftp|https?)://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(\[scheme\]://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', + 'regex' => '@^(([\.]{0})|((ftp|https?|\[scheme\])://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)(?:#\S*)?|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', 'errmsg'=> 'redirect_error_regex'), ), 'default' => '', diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php index 071efbb9a9b18d224d243ee8be78222393a07cf8..11132f5469d5c5ebabb2e1e81b95e1de2bb780b0 100644 --- a/interface/web/sites/form/web_vhost_domain.tform.php +++ b/interface/web/sites/form/web_vhost_domain.tform.php @@ -396,7 +396,7 @@ $form["tabs"]['redirect'] = array ( 'redirect_path' => array ( 'datatype' => 'VARCHAR', 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '@^(([\.]{0})|((ftp|https?)://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)|(\[scheme\]://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', + 'regex' => '@^(([\.]{0})|((ftp|https?|\[scheme\])://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)(?:#\S*)?|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@', 'errmsg'=> 'redirect_error_regex'), ), 'formtype' => 'TEXT', @@ -881,6 +881,13 @@ if($_SESSION["s"]["user"]["typ"] == 'admin' 'nginx_directives' => array ( 'datatype' => 'TEXT', 'formtype' => 'TEXT', + 'validators' => array ( 0 => array( + 'type' => 'CUSTOM', + 'class' => 'validate_domain', + 'function' => 'web_nginx_directives', + 'errmsg' => 'nginx_directive_blocked_error' + ), + ), 'default' => '', 'value' => '', 'width' => '30', diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php index 9de400ce0392fcff585fe6450621d8c15b6d3d14..7fab1e2273e850d9e59fcb7c48bbd0d4186e1f7a 100644 --- a/interface/web/sites/ftp_user_edit.php +++ b/interface/web/sites/ftp_user_edit.php @@ -79,13 +79,13 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix), true); } if($this->dataRecord['username'] == "") { - $app->tpl->setVar("username_prefix", $ftpuser_prefix); + $app->tpl->setVar("username_prefix", $ftpuser_prefix, true); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true); } parent::onShowEnd(); diff --git a/interface/web/sites/lib/lang/ar_web_aliasdomain.lng b/interface/web/sites/lib/lang/ar_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/ar_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/ar_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng b/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng index 8ea34c440978e1ec0920627b26e72315d713eda1..0cbee5b1219730bdf3a356c0ab59758b3d9598cf 100644 --- a/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng +++ b/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng @@ -8,6 +8,7 @@ $wb['add_new_record_txt'] = 'Add new aliasdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/ar_web_childdomain.lng b/interface/web/sites/lib/lang/ar_web_childdomain.lng index fe6eae507486f1cab06a117dfab93049607ea030..e948694b3b5941d7380065c2947d4f9af34a92b4 100644 --- a/interface/web/sites/lib/lang/ar_web_childdomain.lng +++ b/interface/web/sites/lib/lang/ar_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; $wb['no_redirect_txt'] = 'No redirect'; diff --git a/interface/web/sites/lib/lang/ar_web_childdomain_list.lng b/interface/web/sites/lib/lang/ar_web_childdomain_list.lng index 1ce49ba1be6e86b451e04493c0e7f737a09e4939..4dfc97f907e90c569e325ed1c2ee4b4707953c3b 100644 --- a/interface/web/sites/lib/lang/ar_web_childdomain_list.lng +++ b/interface/web/sites/lib/lang/ar_web_childdomain_list.lng @@ -7,6 +7,7 @@ $wb['domain_txt'] = 'Subdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/ar_web_domain.lng b/interface/web/sites/lib/lang/ar_web_domain.lng index 0b8161e0978acbeab26a2885512e99aa272ca9ec..00edc9ce51db5f2ae772a8ca39ce54ceb4c34092 100644 --- a/interface/web/sites/lib/lang/ar_web_domain.lng +++ b/interface/web/sites/lib/lang/ar_web_domain.lng @@ -38,6 +38,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; $wb['error_ssl_state_empty'] = 'SSL State is empty.'; @@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/ar_web_subdomain.lng b/interface/web/sites/lib/lang/ar_web_subdomain.lng index c5fa1711bbbecf45e91322c7c5192b51a25d24b2..b4a8c15f1563df72b828881a9ba79883d9f3e89f 100644 --- a/interface/web/sites/lib/lang/ar_web_subdomain.lng +++ b/interface/web/sites/lib/lang/ar_web_subdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; $wb['no_redirect_txt'] = 'No redirect'; diff --git a/interface/web/sites/lib/lang/ar_web_vhost_domain.lng b/interface/web/sites/lib/lang/ar_web_vhost_domain.lng index 1f01c23704c3791362d3dd99e75fd85eb18b2b00..628f0d6293409d11988ccae2119d91d80f8a56fb 100644 --- a/interface/web/sites/lib/lang/ar_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/ar_web_vhost_domain.lng @@ -39,6 +39,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; $wb['error_ssl_state_empty'] = 'SSL State is empty.'; diff --git a/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/bg_web_aliasdomain.lng b/interface/web/sites/lib/lang/bg_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/bg_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/bg_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/bg_web_domain.lng b/interface/web/sites/lib/lang/bg_web_domain.lng index cce48221437625978cc7f2884060f57b7f626df8..901c34a6ec85fd026c53c08f3e79b88d2c11d37b 100644 --- a/interface/web/sites/lib/lang/bg_web_domain.lng +++ b/interface/web/sites/lib/lang/bg_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/br_web_domain.lng b/interface/web/sites/lib/lang/br_web_domain.lng index 33ea9f35658286ec6c19ef59f791baacb269f8e2..a199f3273c55e469ada72518455318cda6a7033a 100644 --- a/interface/web/sites/lib/lang/br_web_domain.lng +++ b/interface/web/sites/lib/lang/br_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'Porta HTTP'; $wb['https_port_txt'] = 'Porta HTTPS'; $wb['http_port_error_regex'] = 'Porta HTTP inválida.'; $wb['https_port_error_regex'] = 'Porta HTTPS inválida.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/ca_web_childdomain.lng b/interface/web/sites/lib/lang/ca_web_childdomain.lng index 6ff34de1a44f864a9498870151a1860cbf33d5bc..9e3968e2fd89656e068999521d087c04c9fa47b8 100644 --- a/interface/web/sites/lib/lang/ca_web_childdomain.lng +++ b/interface/web/sites/lib/lang/ca_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; diff --git a/interface/web/sites/lib/lang/ca_web_childdomain_list.lng b/interface/web/sites/lib/lang/ca_web_childdomain_list.lng index f06935bf0ee7098dce0816fb3d7da1886363a15b..246fb2b1d191a9f95f844053af0953460f76ff6f 100644 --- a/interface/web/sites/lib/lang/ca_web_childdomain_list.lng +++ b/interface/web/sites/lib/lang/ca_web_childdomain_list.lng @@ -9,6 +9,7 @@ $wb['add_new_aliasdomain_txt'] = 'Add new Aliasdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/ca_web_domain.lng b/interface/web/sites/lib/lang/ca_web_domain.lng index fc680dfd1a56e8b525e864595dac746a8ab3ab4a..a3475c43c2d58dd7b3e2232032926af144882c71 100644 --- a/interface/web/sites/lib/lang/ca_web_domain.lng +++ b/interface/web/sites/lib/lang/ca_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/ca_web_vhost_domain.lng b/interface/web/sites/lib/lang/ca_web_vhost_domain.lng index 83538dc778d95776ae89083b3fbf36bf46e0709a..b915021b03bf4ae348546f1066b7f2ab958b2e60 100644 --- a/interface/web/sites/lib/lang/ca_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/ca_web_vhost_domain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng index c9a46866089adc1e4bc6c1d21d3560087f9d215e..673182950742fd96077d87c7a9e3f3f1f57de39f 100644 --- a/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/cz_web_domain.lng b/interface/web/sites/lib/lang/cz_web_domain.lng index 585c2c94ffc3d29764960e6f1468a1bd0e53ae6a..0998cb1264a385b11957d85915ae7ea184bbc154 100644 --- a/interface/web/sites/lib/lang/cz_web_domain.lng +++ b/interface/web/sites/lib/lang/cz_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/de_web_domain.lng b/interface/web/sites/lib/lang/de_web_domain.lng index 75a4f146695d49aa69b729de85343c6aa0b346c5..7232d8fa5f79141cb420ec53768617c132a60f55 100644 --- a/interface/web/sites/lib/lang/de_web_domain.lng +++ b/interface/web/sites/lib/lang/de_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/de_web_subdomain.lng b/interface/web/sites/lib/lang/de_web_subdomain.lng index 4f34874a11f1d7490f6c8536c502faabea09492a..41546c81c5f5bbd92770d0aa9eaac7716fb47e9a 100644 --- a/interface/web/sites/lib/lang/de_web_subdomain.lng +++ b/interface/web/sites/lib/lang/de_web_subdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache-Direktiven'; $wb['domain_error_empty'] = 'Domain ist leer.'; $wb['domain_error_unique'] = 'Domain muss eindeutig sein.'; $wb['domain_error_regex'] = 'Domain-Name ist ungültig.'; +$wb['domain_error_acme_invalid'] = 'Domainname acme.invalid ist nicht erlaubt.'; $wb['domain_error_wildcard'] = 'Wildcard Subdomains sind nicht erlaubt.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Ungültiger Redirect-Pfad. Gültige Pfade sind beispielsweise: /test/ oder http://www.domain.tld/test/'; diff --git a/interface/web/sites/lib/lang/de_web_vhost_domain.lng b/interface/web/sites/lib/lang/de_web_vhost_domain.lng index 7719b296894a22f1c701aed85b713a00fd2287bc..84d5b2fd7a8f23802de80f23caf5a63ce36be52b 100644 --- a/interface/web/sites/lib/lang/de_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/de_web_vhost_domain.lng @@ -38,6 +38,7 @@ $wb['apache_directives_txt'] = 'Apache Direktiven'; $wb['domain_error_empty'] = 'Domain ist leer.'; $wb['domain_error_unique'] = 'Domain muss eindeutig sein'; $wb['domain_error_regex'] = 'Domain Name ungültig.'; +$wb['domain_error_acme_invalid'] = 'Domainname acme.invalid ist nicht erlaubt.'; $wb['domain_error_autosub'] = 'Es existiert bereits eine Subdomain mit diesen Einstellungen.'; $wb['hd_quota_error_empty'] = 'Speicherplatzbeschränkung ist leer.'; $wb['traffic_quota_error_empty'] = 'Transfervolumenbeschränkung ist leer.'; diff --git a/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng index 89e50f2df4c027deb6ab46e200f9e47ea22f3d20..2e3404b99448018e414173e0030ff3a4fb5d255c 100644 --- a/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng @@ -41,6 +41,7 @@ $wb['apache_directives_txt'] = 'Apache-Direktiven'; $wb['domain_error_empty'] = 'Domain ist leer.'; $wb['domain_error_unique'] = 'Domain muss eindeutig sein'; $wb['domain_error_regex'] = 'Domain-Name ungültig.'; +$wb['domain_error_acme_invalid'] = 'Domainname acme.invalid ist nicht erlaubt.'; $wb['domain_error_wildcard'] = 'Wildcard-Subdomains sind nicht erlaubt.'; $wb['hd_quota_error_empty'] = 'Harddisk-Quota ist leer.'; $wb['traffic_quota_error_empty'] = 'Traffic-Quota ist leer.'; diff --git a/interface/web/sites/lib/lang/dk_web_childdomain.lng b/interface/web/sites/lib/lang/dk_web_childdomain.lng index 6ff34de1a44f864a9498870151a1860cbf33d5bc..9e3968e2fd89656e068999521d087c04c9fa47b8 100644 --- a/interface/web/sites/lib/lang/dk_web_childdomain.lng +++ b/interface/web/sites/lib/lang/dk_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; diff --git a/interface/web/sites/lib/lang/dk_web_childdomain_list.lng b/interface/web/sites/lib/lang/dk_web_childdomain_list.lng index f06935bf0ee7098dce0816fb3d7da1886363a15b..246fb2b1d191a9f95f844053af0953460f76ff6f 100644 --- a/interface/web/sites/lib/lang/dk_web_childdomain_list.lng +++ b/interface/web/sites/lib/lang/dk_web_childdomain_list.lng @@ -9,6 +9,7 @@ $wb['add_new_aliasdomain_txt'] = 'Add new Aliasdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/dk_web_domain.lng b/interface/web/sites/lib/lang/dk_web_domain.lng index 6124ee0676f2bc12f401a4cac7c9ec557b9efcc3..7b6183554314151740697ca33197f37a6bcfca78 100644 --- a/interface/web/sites/lib/lang/dk_web_domain.lng +++ b/interface/web/sites/lib/lang/dk_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/dk_web_vhost_domain.lng b/interface/web/sites/lib/lang/dk_web_vhost_domain.lng index 83538dc778d95776ae89083b3fbf36bf46e0709a..b915021b03bf4ae348546f1066b7f2ab958b2e60 100644 --- a/interface/web/sites/lib/lang/dk_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/dk_web_vhost_domain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/el_web_aliasdomain.lng b/interface/web/sites/lib/lang/el_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/el_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/el_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/el_web_domain.lng b/interface/web/sites/lib/lang/el_web_domain.lng index 1ae8ca208b59fb3eb6a79ad3bfe6057b3daed812..e1ce03d1c5fa226bcc32cf6b9eb81f82b34192ca 100644 --- a/interface/web/sites/lib/lang/el_web_domain.lng +++ b/interface/web/sites/lib/lang/el_web_domain.lng @@ -40,6 +40,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Το Domain δεν έχει οριστεί.'; $wb['domain_error_unique'] = 'Υπάρχει ήδη ένα website ή ένα sub / aliasdomain με αυτό το όνομα domain.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Το όριο αποθηκευτικού χώρου είναι 0 ή δεν έχει οριστεί.'; $wb['traffic_quota_error_empty'] = 'Το όριο κίνησης δεν έχει οριστεί.'; $wb['error_ssl_state_empty'] = 'Κενή περιφέρεια SSL.'; @@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/el_web_vhost_domain.lng b/interface/web/sites/lib/lang/el_web_vhost_domain.lng index 983a298b36c97aee6bbe240fe276e0a227212bd4..cfaedc4b18f59f6b837e5cb0f100040877d92c27 100644 --- a/interface/web/sites/lib/lang/el_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/el_web_vhost_domain.lng @@ -41,6 +41,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Το Domain δεν έχει οριστεί.'; $wb['domain_error_unique'] = 'Υπάρχει ήδη ένα website ή ένα sub / aliasdomain με αυτό το όνομα domain.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Το όριο αποθηκευτικού χώρου είναι 0 ή δεν έχει οριστεί.'; $wb['traffic_quota_error_empty'] = 'Το όριο κίνησης δεν έχει οριστεί.'; $wb['error_ssl_state_empty'] = 'Κενή περιφέρεια SSL.'; diff --git a/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/en_web_childdomain.lng b/interface/web/sites/lib/lang/en_web_childdomain.lng index cd9afca55126dc33515df167d4ef4629c964dd4f..54def692147f0da11aa51d3d490741d422f04040 100644 --- a/interface/web/sites/lib/lang/en_web_childdomain.lng +++ b/interface/web/sites/lib/lang/en_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; diff --git a/interface/web/sites/lib/lang/en_web_childdomain_list.lng b/interface/web/sites/lib/lang/en_web_childdomain_list.lng index bd8be1a7e67e99f8855bab9f2d6f5554c1a84fcf..11b3f4cf12b1d8d66c9a5a6e67288fb0e0255f74 100644 --- a/interface/web/sites/lib/lang/en_web_childdomain_list.lng +++ b/interface/web/sites/lib/lang/en_web_childdomain_list.lng @@ -9,6 +9,7 @@ $wb['add_new_aliasdomain_txt'] = 'Add new Aliasdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng index 940053bc703d37fec36dfd06a3fd70fc14f54e54..28c7c3e4e1b52483e56b8c63149179a1040b192c 100644 --- a/interface/web/sites/lib/lang/en_web_domain.lng +++ b/interface/web/sites/lib/lang/en_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> \ No newline at end of file diff --git a/interface/web/sites/lib/lang/en_web_vhost_domain.lng b/interface/web/sites/lib/lang/en_web_vhost_domain.lng index 9948839b5f75693c376edea2cf64670540598f09..2b463b67d9ecc83e43089039a9031621bf7a5233 100644 --- a/interface/web/sites/lib/lang/en_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/en_web_vhost_domain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/es_web_aliasdomain.lng b/interface/web/sites/lib/lang/es_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/es_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/es_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/es_web_domain.lng b/interface/web/sites/lib/lang/es_web_domain.lng index 8ba5d93c177a9a2b8dc70c54c87deca547a28167..889d29bd9536cbffa55b01f413bf48b6577692cd 100644 --- a/interface/web/sites/lib/lang/es_web_domain.lng +++ b/interface/web/sites/lib/lang/es_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/fi_web_aliasdomain.lng b/interface/web/sites/lib/lang/fi_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/fi_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/fi_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/fi_web_domain.lng b/interface/web/sites/lib/lang/fi_web_domain.lng index 5d78fa7961e6facd13e2aeb05a00aadeb012504f..1cc2a2024d93b2d268622cf6a7f9bb25e30ce75c 100644 --- a/interface/web/sites/lib/lang/fi_web_domain.lng +++ b/interface/web/sites/lib/lang/fi_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/fr_web_domain.lng b/interface/web/sites/lib/lang/fr_web_domain.lng index 5cbce08e607d581a0afbe3a84c15c845ece40e31..421693a0e64cb0cbdcb92578911115fd12704e5b 100644 --- a/interface/web/sites/lib/lang/fr_web_domain.lng +++ b/interface/web/sites/lib/lang/fr_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng index a97883fe46afcaadde1b6b4658db562a0f28c5c2..12fedd1e98ef0b6e806bb57ef7e4a5d14820d575 100644 --- a/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/hr_web_domain.lng b/interface/web/sites/lib/lang/hr_web_domain.lng index b6f589ead0b59505a97024aed46b6de92a8334ab..8a089e6ba5f365147feb61e20d0de0de4e9ed9cf 100644 --- a/interface/web/sites/lib/lang/hr_web_domain.lng +++ b/interface/web/sites/lib/lang/hr_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/hu_web_aliasdomain.lng b/interface/web/sites/lib/lang/hu_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/hu_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/hu_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/hu_web_domain.lng b/interface/web/sites/lib/lang/hu_web_domain.lng index b2404565386f25e73c31c37bffe775e72611b387..5ddf06593ded5ab4740f467055c1c63e46d53176 100644 --- a/interface/web/sites/lib/lang/hu_web_domain.lng +++ b/interface/web/sites/lib/lang/hu_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/id_web_aliasdomain.lng b/interface/web/sites/lib/lang/id_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/id_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/id_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/id_web_domain.lng b/interface/web/sites/lib/lang/id_web_domain.lng index a96b4cc2ce2044f6540855e7d46351e04d3ee6a7..785d7fc0daa9655cc0d4cbebf704ca89a95223b8 100644 --- a/interface/web/sites/lib/lang/id_web_domain.lng +++ b/interface/web/sites/lib/lang/id_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/it_web_childdomain.lng b/interface/web/sites/lib/lang/it_web_childdomain.lng index e98ba52bbea4e105cabe29364857b62e1891e599..9d186b3c8997fb421a3aecaef415d2479eca4a03 100644 --- a/interface/web/sites/lib/lang/it_web_childdomain.lng +++ b/interface/web/sites/lib/lang/it_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Direttive Apache'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; $wb['no_redirect_txt'] = 'No redirect'; diff --git a/interface/web/sites/lib/lang/it_web_childdomain_list.lng b/interface/web/sites/lib/lang/it_web_childdomain_list.lng index 520c81d6550120531dace31030228bac9de256e3..45d82ecc58fe351faf9307d8bac9c20ac40a2f74 100644 --- a/interface/web/sites/lib/lang/it_web_childdomain_list.lng +++ b/interface/web/sites/lib/lang/it_web_childdomain_list.lng @@ -7,6 +7,7 @@ $wb['domain_txt'] = 'Sottodominio'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/it_web_domain.lng b/interface/web/sites/lib/lang/it_web_domain.lng index 0f46e2a3ef82698182a7d48ebc77e5ac16182e59..68eae554fc16b20070359dd0f29e051d334ae9bf 100644 --- a/interface/web/sites/lib/lang/it_web_domain.lng +++ b/interface/web/sites/lib/lang/it_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/it_web_vhost_domain.lng b/interface/web/sites/lib/lang/it_web_vhost_domain.lng index 59a30ed4134bbefc55e70b28f650fbf4c339da92..a2cdef8d41a33ed9d4c2bfe44dd30b598db9a6c5 100644 --- a/interface/web/sites/lib/lang/it_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/it_web_vhost_domain.lng @@ -37,6 +37,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; $wb['error_ssl_state_empty'] = 'SSL State is empty.'; diff --git a/interface/web/sites/lib/lang/ja_web_aliasdomain.lng b/interface/web/sites/lib/lang/ja_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/ja_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/ja_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/ja_web_domain.lng b/interface/web/sites/lib/lang/ja_web_domain.lng index 95e1f7de527634541ef7ec13e714e07a7e5b7f05..2dbf65d2e5a162fb94e1bcc6726bc916f778f197 100644 --- a/interface/web/sites/lib/lang/ja_web_domain.lng +++ b/interface/web/sites/lib/lang/ja_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/nl_web_aliasdomain.lng b/interface/web/sites/lib/lang/nl_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/nl_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/nl_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/nl_web_domain.lng b/interface/web/sites/lib/lang/nl_web_domain.lng index 60a06c266a4cbbf04b98e8b54c4278ae8e5cb378..8b4f6ff8552ece4e37d36dde2b596babf9ff0e5a 100644 --- a/interface/web/sites/lib/lang/nl_web_domain.lng +++ b/interface/web/sites/lib/lang/nl_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/pl_web_domain.lng b/interface/web/sites/lib/lang/pl_web_domain.lng index 8afd4b50c74bc0f39be5407cf6de8007f1edc495..2521f174069e5ee125e76df6eb7a2e44c5302e37 100644 --- a/interface/web/sites/lib/lang/pl_web_domain.lng +++ b/interface/web/sites/lib/lang/pl_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/pt_web_aliasdomain.lng b/interface/web/sites/lib/lang/pt_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/pt_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/pt_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/pt_web_domain.lng b/interface/web/sites/lib/lang/pt_web_domain.lng index 475544e16ddb264c00fa344a3db213614350e5ea..fc7add5d896a6299f65ef0c96fa60a3cec2310a1 100644 --- a/interface/web/sites/lib/lang/pt_web_domain.lng +++ b/interface/web/sites/lib/lang/pt_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/ro_web_aliasdomain.lng b/interface/web/sites/lib/lang/ro_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/ro_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/ro_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/ro_web_childdomain.lng b/interface/web/sites/lib/lang/ro_web_childdomain.lng index a3bcfdd37dc8cd7c80763b65f4aec3b61936a672..f6a69829f5163d204dcb2d57a04feaaf0e347510 100644 --- a/interface/web/sites/lib/lang/ro_web_childdomain.lng +++ b/interface/web/sites/lib/lang/ro_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain necompletat'; $wb['domain_error_unique'] = 'exista deja un domeniu sau subdomeniu asemanator'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; $wb['no_redirect_txt'] = 'No redirect'; diff --git a/interface/web/sites/lib/lang/ro_web_domain.lng b/interface/web/sites/lib/lang/ro_web_domain.lng index 185155ad816c2b41545256330291db646b70d045..9b8d927272a6750c2d505917a92cc2158eab1af2 100644 --- a/interface/web/sites/lib/lang/ro_web_domain.lng +++ b/interface/web/sites/lib/lang/ro_web_domain.lng @@ -37,6 +37,7 @@ $wb['apache_directives_txt'] = 'Apache directive'; $wb['domain_error_empty'] = 'Domain este necompletat'; $wb['domain_error_unique'] = 'deja exista un domeniu /subdomeniu asemanator'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota necompletata'; $wb['traffic_quota_error_empty'] = 'Traffic quota necompletata'; $wb['error_ssl_state_empty'] = 'SSL Judet necompletata'; @@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/ro_web_subdomain.lng b/interface/web/sites/lib/lang/ro_web_subdomain.lng index f36685be8ab531f08ec462f59bbbdfba3abba07c..be5ce6ee043e478409d53c62996bc1846b9af8a6 100644 --- a/interface/web/sites/lib/lang/ro_web_subdomain.lng +++ b/interface/web/sites/lib/lang/ro_web_subdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain necompletat'; $wb['domain_error_unique'] = 'exista deja un domeniu sau subdomeniu asemanator'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; $wb['no_redirect_txt'] = 'No redirect'; diff --git a/interface/web/sites/lib/lang/ro_web_vhost_domain.lng b/interface/web/sites/lib/lang/ro_web_vhost_domain.lng index a874c27bed800f9810c6e17d685a385faaacddd4..133fe88cdbfd95530d26043d14b941ff356e1c32 100644 --- a/interface/web/sites/lib/lang/ro_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/ro_web_vhost_domain.lng @@ -38,6 +38,7 @@ $wb['apache_directives_txt'] = 'Apache directive'; $wb['domain_error_empty'] = 'Domain este necompletat'; $wb['domain_error_unique'] = 'deja exista un domeniu /subdomeniu asemanator'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota necompletata'; $wb['traffic_quota_error_empty'] = 'Traffic quota necompletata'; $wb['error_ssl_state_empty'] = 'SSL Judet necompletata'; diff --git a/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/ru_web_domain.lng b/interface/web/sites/lib/lang/ru_web_domain.lng index a4be337fb41bd44f4528abc1a87cbf18792972b1..6cba45f1b7e065079da9d7bf900c41c09c9900c9 100644 --- a/interface/web/sites/lib/lang/ru_web_domain.lng +++ b/interface/web/sites/lib/lang/ru_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'Порт HTTP'; $wb['https_port_txt'] = 'Порт HTTPS'; $wb['http_port_error_regex'] = 'Некорректный порт HTTP.'; $wb['https_port_error_regex'] = 'Некорректный порт HTTPS.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/se_web_aliasdomain.lng b/interface/web/sites/lib/lang/se_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/se_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/se_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng b/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng index 8ea34c440978e1ec0920627b26e72315d713eda1..0cbee5b1219730bdf3a356c0ab59758b3d9598cf 100644 --- a/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng +++ b/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng @@ -8,6 +8,7 @@ $wb['add_new_record_txt'] = 'Add new aliasdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/se_web_childdomain.lng b/interface/web/sites/lib/lang/se_web_childdomain.lng index 8bcd638cd7796d3bb2572567b1c7c690d48543eb..063c47db10e6d83eab71c691f12e609e40aec139 100644 --- a/interface/web/sites/lib/lang/se_web_childdomain.lng +++ b/interface/web/sites/lib/lang/se_web_childdomain.lng @@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['host_txt'] = 'Host'; $wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/'; $wb['no_redirect_txt'] = 'No redirect'; diff --git a/interface/web/sites/lib/lang/se_web_childdomain_list.lng b/interface/web/sites/lib/lang/se_web_childdomain_list.lng index 1ce49ba1be6e86b451e04493c0e7f737a09e4939..4dfc97f907e90c569e325ed1c2ee4b4707953c3b 100644 --- a/interface/web/sites/lib/lang/se_web_childdomain_list.lng +++ b/interface/web/sites/lib/lang/se_web_childdomain_list.lng @@ -7,6 +7,7 @@ $wb['domain_txt'] = 'Subdomain'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['no_redirect_txt'] = 'No redirect'; $wb['no_flag_txt'] = 'No flag'; $wb['none_txt'] = 'None'; diff --git a/interface/web/sites/lib/lang/se_web_domain.lng b/interface/web/sites/lib/lang/se_web_domain.lng index b4f58b827e65b9d81e49837f05b79e262f51b6d7..8cf7c63473c1276062645c0888b0627a7114b2f6 100644 --- a/interface/web/sites/lib/lang/se_web_domain.lng +++ b/interface/web/sites/lib/lang/se_web_domain.lng @@ -36,6 +36,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; $wb['error_ssl_state_empty'] = 'SSL State is empty.'; @@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/se_web_vhost_domain.lng b/interface/web/sites/lib/lang/se_web_vhost_domain.lng index e0dd1e129431f20e1e34384ef46748f3df52da9c..c8461fee7d9aa475d5a79f4e2ce5528ceaa5f449 100644 --- a/interface/web/sites/lib/lang/se_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/se_web_vhost_domain.lng @@ -37,6 +37,7 @@ $wb['apache_directives_txt'] = 'Apache directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'Domain must be unique.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; $wb['error_ssl_state_empty'] = 'SSL State is empty.'; diff --git a/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/sk_web_aliasdomain.lng b/interface/web/sites/lib/lang/sk_web_aliasdomain.lng index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644 --- a/interface/web/sites/lib/lang/sk_web_aliasdomain.lng +++ b/interface/web/sites/lib/lang/sk_web_aliasdomain.lng @@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_autosub'] = 'There is already a subdomain with these settings.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/sk_web_domain.lng b/interface/web/sites/lib/lang/sk_web_domain.lng index 8e39ca8afa24b98212beaf0e5478c20de4b29055..f8f2f79b965f20526db9faf7d8e551d0892b6cf2 100644 --- a/interface/web/sites/lib/lang/sk_web_domain.lng +++ b/interface/web/sites/lib/lang/sk_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644 --- a/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng +++ b/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng @@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives'; $wb['domain_error_empty'] = 'Domain is empty.'; $wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.'; $wb['domain_error_regex'] = 'Domain name invalid.'; +$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.'; $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; $wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.'; $wb['traffic_quota_error_empty'] = 'Traffic quota is empty.'; diff --git a/interface/web/sites/lib/lang/tr_web_domain.lng b/interface/web/sites/lib/lang/tr_web_domain.lng index da3625df37340c411ad9c75a5b8680960f8b7192..c97ce73778810e403fdbdc1e1e1d0f8d570eb1a9 100644 --- a/interface/web/sites/lib/lang/tr_web_domain.lng +++ b/interface/web/sites/lib/lang/tr_web_domain.lng @@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port'; $wb['https_port_txt'] = 'HTTPS Port'; $wb['http_port_error_regex'] = 'HTTP Port invalid.'; $wb['https_port_error_regex'] = 'HTTPS Port invalid.'; +$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:'; ?> diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php index 77c4509b44e7e2c56c5ca72d80e16d3d30b2198e..7f74d893fc54cef87bdbdd423ea7ba6be267a89f 100644 --- a/interface/web/sites/shell_user_edit.php +++ b/interface/web/sites/shell_user_edit.php @@ -79,19 +79,19 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != ""){ /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix), true); } if($this->dataRecord['username'] == "") { - $app->tpl->setVar("username_prefix", $shelluser_prefix); + $app->tpl->setVar("username_prefix", $shelluser_prefix, true); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php index 6ef98f901fb864083d41b9feb64bd102edab4f67..2da58a4661c4342dfe92402dc6c23aace687ae91 100644 --- a/interface/web/sites/web_childdomain_edit.php +++ b/interface/web/sites/web_childdomain_edit.php @@ -87,7 +87,7 @@ class page_action extends tform_actions { } } - $app->tpl->setVar('childdomain_type', $this->_childdomain_type); + $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true); parent::onShowNew(); } @@ -118,7 +118,7 @@ class page_action extends tform_actions { } elseif($this->_childdomain_type == 'aliasdomain' && $domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -144,7 +144,7 @@ class page_action extends tform_actions { $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]); } } - if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"]); + if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true); $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { @@ -159,7 +159,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt = ''; if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){ foreach($proxy_directive_snippets as $proxy_directive_snippet){ - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].'] '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).'] '; } } if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------'; @@ -167,7 +167,7 @@ class page_action extends tform_actions { $app->tpl->setVar('limit_ssl_letsencrypt', 'y'); } - $app->tpl->setVar('childdomain_type', $this->_childdomain_type); + $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true); parent::onShowEnd(); diff --git a/interface/web/sites/web_childdomain_list.php b/interface/web/sites/web_childdomain_list.php index a4e953c07e99115de6a14da7952e14d8e42fed66..f445c4b50bf826e2c72a327488e423ad0fc69f48 100644 --- a/interface/web/sites/web_childdomain_list.php +++ b/interface/web/sites/web_childdomain_list.php @@ -56,7 +56,7 @@ $_SESSION['s']['var']['childdomain_type'] = $show_type; class list_action extends listform_actions { function onShow() { global $app; - $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type']); + $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type'], true); parent::onShow(); } diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php index 72c07724ea2e153780f6b6adb59e482a8756479d..df9185d262796002060c5ff3744229ca436663b4 100644 --- a/interface/web/sites/web_vhost_domain_edit.php +++ b/interface/web/sites/web_vhost_domain_edit.php @@ -115,7 +115,7 @@ class page_action extends tform_actions { $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); $web_servers = explode(',', $client['web_servers']); $server_id = $web_servers[0]; - $app->tpl->setVar("server_id_value", $server_id); + $app->tpl->setVar("server_id_value", $server_id, true); unset($web_servers); } else { $settings = $app->getconf->get_global_config('sites'); @@ -130,7 +130,7 @@ class page_action extends tform_actions { $app->tform->formDef['tabs']['domain']['fields']['php']['default'] = $web_config['php_handler']; $app->tform->formDef['tabs']['domain']['readonly'] = false; - $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type); + $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true); parent::onShowNew(); } @@ -179,7 +179,7 @@ class page_action extends tform_actions { $options_web_servers = ""; foreach ($web_servers as $web_server) { - $options_web_servers .= ''; + $options_web_servers .= ''; } $app->tpl->setVar("server_id", $options_web_servers); @@ -214,7 +214,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -230,7 +230,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ipv6_address", $ip_select); @@ -266,7 +266,7 @@ class page_action extends tform_actions { $php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir']; } $selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':''; - $php_select .= "\r\n"; + $php_select .= "\r\n"; } } $app->tpl->setVar("fastcgi_php_version", $php_select); @@ -306,7 +306,7 @@ class page_action extends tform_actions { $options_web_servers = ""; foreach ($web_servers as $web_server) { - $options_web_servers .= ''; + $options_web_servers .= ''; } $app->tpl->setVar("server_id", $options_web_servers); @@ -361,7 +361,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -376,7 +376,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ipv6_address", $ip_select); @@ -413,7 +413,7 @@ class page_action extends tform_actions { $php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir']; } $selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':''; - $php_select .= "\r\n"; + $php_select .= "\r\n"; } } $app->tpl->setVar("fastcgi_php_version", $php_select); @@ -441,7 +441,7 @@ class page_action extends tform_actions { $php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($php_directive_snippets as $php_directive_snippet){ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL; - $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']     '; + $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']     '; } } if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------'; @@ -464,7 +464,7 @@ class page_action extends tform_actions { $apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($apache_directive_snippets as $apache_directive_snippet){ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL; - $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']     '; + $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']     '; } } if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------'; @@ -478,7 +478,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } $nginx_directive_snippets_txt .= '

    '; } @@ -488,7 +488,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } } if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------'; @@ -501,7 +501,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } $proxy_directive_snippets_txt .= '

    '; } @@ -511,7 +511,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } } if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------'; @@ -557,7 +557,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -572,7 +572,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ipv6_address", $ip_select); @@ -633,7 +633,7 @@ class page_action extends tform_actions { $php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir']; } $selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':''; - $php_select .= "\r\n"; + $php_select .= "\r\n"; } } $app->tpl->setVar("fastcgi_php_version", $php_select); @@ -648,7 +648,7 @@ class page_action extends tform_actions { $php_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($php_directive_snippets as $php_directive_snippet){ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL; - $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']     '; + $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']     '; } $php_directive_snippets_txt .= '

    '; } @@ -658,7 +658,7 @@ class page_action extends tform_actions { $php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($php_directive_snippets as $php_directive_snippet){ $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL; - $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']     '; + $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']     '; } } if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------'; @@ -671,7 +671,7 @@ class page_action extends tform_actions { $apache_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($apache_directive_snippets as $apache_directive_snippet){ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL; - $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']     '; + $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']     '; } $apache_directive_snippets_txt .= '

    '; } @@ -681,7 +681,7 @@ class page_action extends tform_actions { $apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($apache_directive_snippets as $apache_directive_snippet){ $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL; - $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']     '; + $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']     '; } } if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------'; @@ -695,7 +695,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } $nginx_directive_snippets_txt .= '

    '; } @@ -705,7 +705,7 @@ class page_action extends tform_actions { $nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($nginx_directive_snippets as $nginx_directive_snippet){ $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL; - $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']     '; + $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']     '; } } if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------'; @@ -718,7 +718,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } $proxy_directive_snippets_txt .= '

    '; } @@ -728,7 +728,7 @@ class page_action extends tform_actions { $proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
    '; foreach($proxy_directive_snippets as $proxy_directive_snippet){ $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL; - $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']     '; + $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']     '; } } if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------'; @@ -748,7 +748,7 @@ class page_action extends tform_actions { if(is_array($ssl_domains)) { foreach( $ssl_domains as $ssl_domain) { $selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':''; - $ssl_domain_select .= "\r\n"; + $ssl_domain_select .= "\r\n"; } } $app->tpl->setVar("ssl_domain", $ssl_domain_select); @@ -761,8 +761,8 @@ class page_action extends tform_actions { $app->tpl->setVar("edit_disabled", 1); $app->tpl->setVar('fixed_folder', 'y'); if($this->_vhostdomain_type == 'domain') { - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("document_root", $this->dataRecord["document_root"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("document_root", $this->dataRecord["document_root"], true); } else $app->tpl->setVar('server_id_value', $parent_domain['server_id']); } else { @@ -798,7 +798,7 @@ class page_action extends tform_actions { } elseif($this->_vhostdomain_type == 'domain' && $domain['domain'] == $this->dataRecord["domain"]) { $domain_select .= " selected"; } - $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n"; + $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n"; } } else { @@ -820,20 +820,20 @@ class page_action extends tform_actions { if($this->dataRecord["type"] == 'vhostsubdomain') $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]); } - if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"]); + if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true); // check for configuration errors in sys_datalog if($this->id > 0) { $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'domain_id:' . $this->id); if(is_array($datalog) && !empty($datalog)){ if(trim($datalog['error']) != ''){ - $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error']))); + $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error']))); $app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp'])); } } } - $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type); + $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true); $app->tpl->setVar('is_spdy_enabled', ($web_config['enable_spdy'] === 'y')); $app->tpl->setVar("is_admin", $is_admin); @@ -859,7 +859,7 @@ class page_action extends tform_actions { if(is_array($m_directive_snippets) && !empty($m_directive_snippets)){ $directive_snippets_id_select .= ''; foreach($m_directive_snippets as $m_directive_snippet){ - $directive_snippets_id_select .= ''; + $directive_snippets_id_select .= ''; } $directive_snippets_id_select .= ''; } @@ -868,7 +868,7 @@ class page_action extends tform_actions { if(is_array($directive_snippets) && !empty($directive_snippets)){ $directive_snippets_id_select .= ''; foreach($directive_snippets as $directive_snippet){ - $directive_snippets_id_select .= ''; + $directive_snippets_id_select .= ''; } $directive_snippets_id_select .= ''; } diff --git a/interface/web/sites/web_vhost_domain_list.php b/interface/web/sites/web_vhost_domain_list.php index 378eeaaf6a2bfa3acaf44e4325ba428162082a86..b74fd644f70bd42fadb6fcec7b38389e9c83d777 100644 --- a/interface/web/sites/web_vhost_domain_list.php +++ b/interface/web/sites/web_vhost_domain_list.php @@ -68,7 +68,7 @@ $_SESSION['s']['var']['vhostdomain_type'] = $show_type; class list_action extends listform_actions { function onShow() { global $app; - $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type']); + $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type'], true); parent::onShow(); } diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php index 73e47eb7a98d5ef6e847614384eb9df1d11aea38..e02e0bdaff10e56bb3ac4a41d615a4b53b6ce79b 100644 --- a/interface/web/sites/webdav_user_edit.php +++ b/interface/web/sites/webdav_user_edit.php @@ -78,19 +78,19 @@ class page_action extends tform_actions { if ($this->dataRecord['username'] != "") { /* REMOVE the restriction */ - $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix)); + $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix), true); } if($this->dataRecord['username'] == "") { - $app->tpl->setVar("username_prefix", $webdavuser_prefix); + $app->tpl->setVar("username_prefix", $webdavuser_prefix, true); } else { - $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix'])); + $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true); } if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]); + $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php index 849a097680f74a6f7bd68584340f3fc4c76fa1f0..12bd03529673c39a8b5d9979e2f4cf4bc6a84111 100644 --- a/interface/web/tools/dns_import_tupa.php +++ b/interface/web/tools/dns_import_tupa.php @@ -50,10 +50,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) { $app->auth->csrf_token_check(); //* Set variable sin template - $app->tpl->setVar('dbhost', $_POST['dbhost']); - $app->tpl->setVar('dbname', $_POST['dbname']); - $app->tpl->setVar('dbuser', $_POST['dbuser']); - $app->tpl->setVar('dbpassword', $_POST['dbpassword']); + $app->tpl->setVar('dbhost', $_POST['dbhost'], true); + $app->tpl->setVar('dbname', $_POST['dbname'], true); + $app->tpl->setVar('dbuser', $_POST['dbuser'], true); + $app->tpl->setVar('dbpassword', $_POST['dbpassword'], true); //* Establish connection to external database $msg .= 'Connecting to external database...
    '; diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php index 728c279c01933b152905734cd122e7b197e88a46..a1ab9e14a41b17e262c72060c75045f60fa03306 100644 --- a/interface/web/tools/import_ispconfig.php +++ b/interface/web/tools/import_ispconfig.php @@ -153,9 +153,9 @@ if(isset($_POST['connected'])) { } -$app->tpl->setVar('remote_server', $_POST['remote_server']); -$app->tpl->setVar('remote_user', $_POST['remote_user']); -$app->tpl->setVar('remote_password', $_POST['remote_password']); +$app->tpl->setVar('remote_server', $_POST['remote_server'], true); +$app->tpl->setVar('remote_user', $_POST['remote_user'], true); +$app->tpl->setVar('remote_password', $_POST['remote_password'], true); $app->tpl->setVar('connected', $connected); $app->tpl->setVar('remote_session_id', $remote_session_id); $app->tpl->setVar('msg', $msg); diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php index 9e560cdf30455be6c9e3459aec98334cfa3a7a54..3ef87710e593cb37c6980e5cfa4e16c54052dc3d 100644 --- a/interface/web/tools/import_vpopmail.php +++ b/interface/web/tools/import_vpopmail.php @@ -84,11 +84,11 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') { $_POST['local_server_id'] = 1; } -$app->tpl->setVar('db_hostname', $_POST['db_hostname']); -$app->tpl->setVar('db_user', $_POST['db_user']); -$app->tpl->setVar('db_password', $_POST['db_password']); -$app->tpl->setVar('db_name', $_POST['db_name']); -$app->tpl->setVar('local_server_id', $_POST['local_server_id']); +$app->tpl->setVar('db_hostname', $_POST['db_hostname'], true); +$app->tpl->setVar('db_user', $_POST['db_user'], true); +$app->tpl->setVar('db_password', $_POST['db_password'], true); +$app->tpl->setVar('db_name', $_POST['db_name'], true); +$app->tpl->setVar('local_server_id', $_POST['local_server_id'], true); $app->tpl->setVar('msg', $msg); $app->tpl->setVar('error', $error); diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php index 2a5b12f3d712886143a05b65acdfbed536afcad1..4dd1a551deff4e8cb40c7f2cb23200acbc93627e 100644 --- a/interface/web/vm/openvz_vm_edit.php +++ b/interface/web/vm/openvz_vm_edit.php @@ -86,7 +86,7 @@ class page_action extends tform_actions { if(is_array($records)) { foreach( $records as $rec) { $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':''; - $template_id_select .= "\r\n"; + $template_id_select .= "\r\n"; } } $app->tpl->setVar("template_id_select", $template_id_select); @@ -109,7 +109,7 @@ class page_action extends tform_actions { if(is_array($records)) { foreach( $records as $rec) { $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; - $client_select .= "\r\n"; + $client_select .= "\r\n"; } } $app->tpl->setVar("client_group_id", $client_select); @@ -124,7 +124,7 @@ class page_action extends tform_actions { if(is_array($records)) { foreach( $records as $rec) { $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':''; - $template_id_select .= "\r\n"; + $template_id_select .= "\r\n"; } } $app->tpl->setVar("template_id_select", $template_id_select); @@ -141,7 +141,7 @@ class page_action extends tform_actions { if(is_array($clients)) { foreach( $clients as $client) { $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':''; - $client_select .= "\r\n"; + $client_select .= "\r\n"; } } $app->tpl->setVar("client_group_id", $client_select); @@ -153,7 +153,7 @@ class page_action extends tform_actions { $template_id_select=''; foreach( $records as $rec) { $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':''; - $template_id_select .= "\r\n"; + $template_id_select .= "\r\n"; } } $app->tpl->setVar("template_id_select", $template_id_select); @@ -175,7 +175,7 @@ class page_action extends tform_actions { if(is_array($ips)) { foreach( $ips as $ip) { $selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':''; - $ip_select .= "\r\n"; + $ip_select .= "\r\n"; } } $app->tpl->setVar("ip_address", $ip_select); @@ -188,7 +188,7 @@ class page_action extends tform_actions { foreach ($additional_ips as $idx => $rec) { $temp .= ""; $used = @($rec['additional']=='y')?'CHECKED':''; - $temp .= " ".$rec['ip_address']."
    "; + $temp .= " ".$app->functions->htmlentities($rec['ip_address'])."
    "; } $app->tpl->setVar("additional_ip", $temp); unset($used); @@ -198,8 +198,8 @@ class page_action extends tform_actions { if($this->id > 0) { //* we are editing a existing record $app->tpl->setVar("edit_disabled", 1); - $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]); - $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"]); + $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true); + $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"], true); } else { $app->tpl->setVar("edit_disabled", 0); } diff --git a/security/apache_directives.blacklist b/security/apache_directives.blacklist index edb4b503d387c0ced2be822740ef110e3a5977b5..6dd376d643cac4d52f2885b9da68d043b08821f2 100644 --- a/security/apache_directives.blacklist +++ b/security/apache_directives.blacklist @@ -1,3 +1,3 @@ -/^\s*(LoadModule|LoadFile|Include)(\s+|[\\\\])/mi +/^\s*(LoadModule|LoadFile|Include|IncludeOptional)(\s+|[\\\\])/mi /^\s*(SuexecUserGroup|suPHP_UserGroup|suPHP_PHPPath|suPHP_ConfigPath)(\s+|[\\\\])/mi /^\s*(FCGIWrapper|FastCgiExternalServer)(\s+|[\\\\])/mi \ No newline at end of file diff --git a/security/nginx_directives.blacklist b/security/nginx_directives.blacklist new file mode 100644 index 0000000000000000000000000000000000000000..2f7122a14856d8bbdac6fad782b84557f851a5c4 --- /dev/null +++ b/security/nginx_directives.blacklist @@ -0,0 +1 @@ +/^\s*(load_module)(\s+|[\\\\])/mi \ No newline at end of file diff --git a/security/security_settings.ini b/security/security_settings.ini index 5cc381e3cde02bd8da1c69e14af5d9cad9a7c8b2..d7b65ba48ec23aac32b1d6296f66962ea3ae662e 100644 --- a/security/security_settings.ini +++ b/security/security_settings.ini @@ -19,13 +19,22 @@ password_reset_allowed=yes session_regenerate_id=yes [ids] -ids_enabled=no -ids_log_level=1 -ids_warn_level=5 -ids_block_level=100 +ids_anon_enabled=yes +ids_anon_log_level=1 +ids_anon_warn_level=5 +ids_anon_block_level=20 +ids_user_enabled=yes +ids_user_log_level=1 +ids_user_warn_level=10 +ids_user_block_level=25 +ids_admin_enabled=no +ids_admin_log_level=1 +ids_admin_warn_level=5 +ids_admin_block_level=100 sql_scan_enabled=yes sql_scan_action=warn apache_directives_scan_enabled=yes +nginx_directives_scan_enabled=yes [systemcheck] security_admin_email=root@localhost diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master index 812e8e0fcc9aec596e90c73a52903c442ad8591c..145f3b7cfc22a26b959d9a1ba8da0f3f98337612 100644 --- a/server/conf/vhost.conf.master +++ b/server/conf/vhost.conf.master @@ -188,6 +188,13 @@ + + + SetHandler mod_python + + PythonHandler mod_python.publisher + PythonDebug On + SetHandler mod_python diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index e7718b0c1c855e060f9cbe7dc2818b61f6632b4f..c40574e2b91f3faec6045e993b8609ebdee4cb0a 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -394,6 +394,26 @@ class apache2_plugin { $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); } } + + //* and check that SSL cert does not contain subdomain of domain acme.invalid + if($data["new"]["ssl_action"] == 'save') { + $tmp = array(); + $crt_data = ''; + exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp); + $crt_data = implode("\n",$tmp); + if(stristr($crt_data,'.acme.invalid')) { + $data["new"]["ssl_action"] = ''; + + $app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN); + $app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.'); + + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + } + } //* Save a SSL certificate to disk if($data["new"]["ssl_action"] == 'save') { @@ -457,11 +477,11 @@ class apache2_plugin { $app->system->unlink($crt_file); $app->system->unlink($bundle_file); /* Update the DB of the (local) Server */ - $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); /* Update also the master-DB of the Server-Farm */ - $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG); } @@ -681,10 +701,10 @@ class apache2_plugin { $fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind'; if($web_config['network_filesystem'] == 'y') { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail,_netdev 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } else { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index 477eeaace0d54f261b2ef5f3a31464fccb944556..0cbb6c13764985999b73f9414f818173409c8dd2 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -235,6 +235,26 @@ class nginx_plugin { $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); } } + + //* and check that SSL cert does not contain subdomain of domain acme.invalid + if($data["new"]["ssl_action"] == 'save') { + $tmp = array(); + $crt_data = ''; + exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp); + $crt_data = implode("\n",$tmp); + if(stristr($crt_data,'.acme.invalid')) { + $data["new"]["ssl_action"] = ''; + + $app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN); + $app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.'); + + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + } + } //* Save a SSL certificate to disk if($data["new"]["ssl_action"] == 'save') { @@ -289,11 +309,11 @@ class nginx_plugin { $app->system->unlink($csr_file); $app->system->unlink($crt_file); /* Update the DB of the (local) Server */ - $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); /* Update also the master-DB of the Server-Farm */ - $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']); - $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']); + $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']); $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG); } @@ -528,10 +548,10 @@ class nginx_plugin { $fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind'; if($web_config['network_filesystem'] == 'y') { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail,_netdev 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } else { - $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0'; + $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail 0 0'; $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1); } @@ -2862,7 +2882,17 @@ class nginx_plugin { return $location; } - private function nginx_merge_locations($vhost_conf){ + private function nginx_merge_locations($vhost_conf) { + global $app, $conf; + + if(preg_match('/##subroot (.+?)\s*##/', $vhost_conf, $subroot)) { + if(!preg_match('/^(?:[a-z0-9\/_-]|\.(?!\.))+$/iD', $subroot[1])) { + $app->log('Token ##subroot is unsecure (server ID: '.$conf['server_id'].').', LOGLEVEL_WARN); + } else { + $insert_pos = strpos($vhost_conf, ';', strpos($vhost_conf, 'root ')); + $vhost_conf = substr_replace($vhost_conf, ltrim($subroot[1], '/'), $insert_pos, 0); + } + } $lines = explode("\n", $vhost_conf); diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php index 74c6fa364f77611c77096ef7b53570690e1c00c1..9c4568901deef3e73b8051929ca94247070e6fd2 100755 --- a/server/plugins-available/shelluser_base_plugin.inc.php +++ b/server/plugins-available/shelluser_base_plugin.inc.php @@ -226,6 +226,9 @@ class shelluser_base_plugin { $homedir_old = $data['old']['dir'].'/home/'.$data['old']['username']; } + $app->log("Homedir New: ".$homedir, LOGLEVEL_DEBUG); + $app->log("Homedir Old: ".$homedir_old, LOGLEVEL_DEBUG); + // Check if the user that we want to update exists, if not, we insert it if($app->system->is_user($data['old']['username'])) { //* Remove webfolder protection @@ -246,16 +249,27 @@ class shelluser_base_plugin { $app->log("Executed command: $command ",LOGLEVEL_DEBUG); */ //$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']); - if($homedir != $homedir_old && !is_dir($homedir)){ + if($homedir != $homedir_old){ $app->system->web_folder_protection($web['document_root'], false); - if(!is_dir($data['new']['dir'].'/home')){ + // Rename dir, in case the new directory exists already. + if(is_dir($homedir)) { + $app->log("New Homedir exists, renaming it to ".$homedir.'_bak', LOGLEVEL_DEBUG); + $app->system->rename(escapeshellcmd($homedir),escapeshellcmd($homedir.'_bak')); + } + /*if(!is_dir($data['new']['dir'].'/home')){ $app->file->mkdirs(escapeshellcmd($data['new']['dir'].'/home'), '0750'); $app->system->chown(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['puser'])); $app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup'])); } $app->file->mkdirs(escapeshellcmd($homedir), '0755'); $app->system->chown(escapeshellcmd($homedir),'root'); - $app->system->chgrp(escapeshellcmd($homedir),'root'); + $app->system->chgrp(escapeshellcmd($homedir),'root');*/ + + // Move old directory to new path + $app->system->rename(escapeshellcmd($homedir_old),escapeshellcmd($homedir)); + $app->file->mkdirs(escapeshellcmd($homedir), '0750'); + $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser'])); + $app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup'])); $app->system->web_folder_protection($web['document_root'], true); } else { if(!is_dir($homedir)){ diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php index 69a041c037e4c2f96907ae2bd58b3ff8c09ee287..295112d4230e1f77ad55b862b78f5bba577d6506 100755 --- a/server/plugins-available/shelluser_jailkit_plugin.inc.php +++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php @@ -350,6 +350,11 @@ class shelluser_jailkit_plugin { //add the user to the chroot $jailkit_chroot_userhome = $this->_get_home_dir($this->data['new']['username']); + if(isset($this->data['old']['username'])) { + $jailkit_chroot_userhome_old = $this->_get_home_dir($this->data['old']['username']); + } else { + $jailkit_chroot_userhome_old = ''; + } $jailkit_chroot_puserhome = $this->_get_home_dir($this->data['new']['puser']); if(!is_dir($this->data['new']['dir'].'/etc')) mkdir($this->data['new']['dir'].'/etc', 0755); @@ -398,13 +403,19 @@ class shelluser_jailkit_plugin { $this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG); - if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0755, true); + if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) { + if(is_dir($this->data['old']['dir'].$jailkit_chroot_userhome_old)) { + $app->system->rename(escapeshellcmd($this->data['old']['dir'].$jailkit_chroot_userhome_old),escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome)); + } else { + mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0750, true); + } + } $app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['username']); $app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['pgroup']); $this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG); - if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0755, true); + if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0750, true); $app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['puser']); $app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);