Skip to content
GitLab
Commit 2c08dfea authored by mcramer's avatar mcramer
Browse files

Implemented: FS#1933 - Folder Protection feature may destroy existing .htaccess file

parent a9d0b212
Hide whitespace changes
Inline Side-by-side
server/plugins-available/apache2_plugin.inc.php
View file @ 2c08dfea
...@@ -1744,12 +1744,26 @@ class apache2_plugin { ...@@ -1744,12 +1744,26 @@ class apache2_plugin {
//* Create the .htaccess file //* Create the .htaccess file
//if(!is_file($folder_path.'.htaccess')) { //if(!is_file($folder_path.'.htaccess')) {
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user"; $begin_marker = '### ISPConfig folder protection begin ###';
$app->system->file_put_contents($folder_path.'.htaccess',$ht_file); $end_marker = '### ISPConfig folder protection end ###';
$ht_file = $begin_marker."\nAuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user\n".$end_marker."\n\n";
if(file_exists($folder_path.'.htaccess')) {
$old_content = $app->system->file_get_contents($folder_path.'.htaccess');
if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $old_content, $matches)) {
$ht_file = str_replace($matches[0], $ht_file, $old_content);
} else {
$ht_file .= $old_content;
}
}
unset($old_content);
$app->system->file_put_contents($folder_path.'.htaccess',$ht_file);
$app->system->chmod($folder_path.'.htaccess',0755); $app->system->chmod($folder_path.'.htaccess',0755);
$app->system->chown($folder_path.'.htaccess',$website['system_user']); $app->system->chown($folder_path.'.htaccess',$website['system_user']);
$app->system->chgrp($folder_path.'.htaccess',$website['system_group']); $app->system->chgrp($folder_path.'.htaccess',$website['system_group']);
$app->log('Created file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG); $app->log('Created/modified file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
//} //}
} }
...@@ -1791,8 +1805,22 @@ class apache2_plugin { ...@@ -1791,8 +1805,22 @@ class apache2_plugin {
//* Remove .htaccess file //* Remove .htaccess file
if(is_file($folder_path.'.htaccess')) { if(is_file($folder_path.'.htaccess')) {
$app->system->unlink($folder_path.'.htaccess'); $begin_marker = '### ISPConfig folder protection begin ###';
$app->log('Removed file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG); $end_marker = '### ISPConfig folder protection end ###';
$ht_file = $app->system->file_get_contents($folder_path.'.htaccess');
if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $ht_file, $matches)) {
$ht_file = str_replace($matches[0], '', $ht_file);
}
if(trim($ht_file) == '') {
$app->system->unlink($folder_path.'.htaccess');
$app->log('Removed file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
} else {
$app->system->file_put_contents($folder_path.'.htaccess', $ht_file);
$app->log('Removed protection content from file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
}
} }
} }
...@@ -1844,6 +1872,9 @@ class apache2_plugin { ...@@ -1844,6 +1872,9 @@ class apache2_plugin {
//* Create the folder path, if it does not exist //* Create the folder path, if it does not exist
if(!is_dir($new_folder_path)) $app->system->mkdirpath($new_folder_path); if(!is_dir($new_folder_path)) $app->system->mkdirpath($new_folder_path);
$begin_marker = '### ISPConfig folder protection begin ###';
$end_marker = '### ISPConfig folder protection end ###';
if($data['old']['path'] != $data['new']['path']) { if($data['old']['path'] != $data['new']['path']) {
...@@ -1855,26 +1886,59 @@ class apache2_plugin { ...@@ -1855,26 +1886,59 @@ class apache2_plugin {
//* delete old .htaccess file //* delete old .htaccess file
if(is_file($old_folder_path.'.htaccess')) { if(is_file($old_folder_path.'.htaccess')) {
$app->system->unlink($old_folder_path.'.htaccess'); $ht_file = $app->system->file_get_contents($old_folder_path.'.htaccess');
$app->log('Deleted file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $ht_file, $matches)) {
$ht_file = str_replace($matches[0], '', $ht_file);
}
if(trim($ht_file) == '') {
$app->system->unlink($old_folder_path.'.htaccess');
$app->log('Removed file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
} else {
$app->system->file_put_contents($old_folder_path.'.htaccess', $ht_file);
$app->log('Removed protection content from file '.$old_folder_path.'.htaccess',LOGLEVEL_DEBUG);
}
} }
} }
//* Create the .htaccess file //* Create the .htaccess file
if($data['new']['active'] == 'y') { if($data['new']['active'] == 'y') {
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user"; $ht_file = $begin_marker."\nAuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user\n".$end_marker."\n\n";
$app->system->file_put_contents($new_folder_path.'.htaccess',$ht_file);
$app->system->chmod($new_folder_path.'.htpasswd',0755); if(file_exists($new_folder_path.'.htaccess')) {
$app->system->chown($folder_path.'.htpasswd',$website['system_user']); $old_content = $app->system->file_get_contents($new_folder_path.'.htaccess');
$app->system->chgrp($folder_path.'.htpasswd',$website['system_group']);
$app->log('Created file '.$new_folder_path.'.htpasswd',LOGLEVEL_DEBUG); if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $old_content, $matches)) {
$ht_file = str_replace($matches[0], $ht_file, $old_content);
} else {
$ht_file .= $old_content;
}
}
$app->system->file_put_contents($new_folder_path.'.htaccess',$ht_file);
$app->system->chmod($new_folder_path.'.htaccess',0755);
$app->system->chown($new_folder_path.'.htaccess',$website['system_user']);
$app->system->chgrp($new_folder_path.'.htaccess',$website['system_group']);
$app->log('Created/modified file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
} }
//* Remove .htaccess file //* Remove .htaccess file
if($data['new']['active'] == 'n' && is_file($new_folder_path.'.htaccess')) { if($data['new']['active'] == 'n' && is_file($new_folder_path.'.htaccess')) {
$app->system->unlink($new_folder_path.'.htaccess'); $ht_file = $app->system->file_get_contents($new_folder_path.'.htaccess');
$app->log('Removed file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
if(preg_match('/' . preg_quote($begin_marker, '/') . '(.*?)' . preg_quote($end_marker, '/') . '/s', $ht_file, $matches)) {
$ht_file = str_replace($matches[0], '', $ht_file);
}
if(trim($ht_file) == '') {
$app->system->unlink($new_folder_path.'.htaccess');
$app->log('Removed file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
} else {
$app->system->file_put_contents($new_folder_path.'.htaccess', $ht_file);
$app->log('Removed protection content from file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
}
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment