diff --git a/TODO.txt b/TODO.txt
index 5c6fe384c94fd4ef2c9c888401929021402450b9..17f2a20ceb5c3e4cb8a4f9f0d10cabee190d4aaa 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -1,96 +1,4 @@
----------------------------------------
-- ISPConfig 3 ToDo list
----------------------------------------
+Please see issue tracker for feature requests and bug reports.
-Please feel free to edit this file, add new tasks,
-remove done tasks or assign yourself to a task.
-
-Form Validators
---------------------------------------
-
-Installer
---------------------------------------
-
-- Add a function to let a server join a existing installation.
-- Add Package haveged to requirements (at least if entropy is low) as it raises available entropy significantly which is very needed for DNSSEC Key-generation
- If it is not installed and entropy is low generating dnssec-keys lasts minutes (and would time out the server thus is not done) and new signing keys are not generated.
- If there are no keys the zones can not be signed and will only be availableas a unsigned copy.
-
-Uninstaller
---------------------------------------
-
-- Add a function to remove ispconfig user
-
-Server
---------------------------------------
-
-
-Mail module
---------------------------------------
-
-
-Administration module
---------------------------------------
-
-
-- Firewall Solution -- Andrew lathama Latham lathama@gmail.com
- * Monitor existing IPTABLES rules is done and in the monitor page.
- * Add IPTABLES rules
- semi-functional and in development also functional in multiserver
- * Delete IPTABLES rules
- semi-functional and in development also functional in multiserver
- * Merge IPTABLES rules made from the CLI with those made from ISPConfig3
- Interesting topic about merging control with with the GUI and the CLI
- interface for a systems adminitstrator who might add a rule during an
- attack or for trouble shooting and forget to remove it.
- * Fail2Ban
- Add configuration for fail2ban on certian systems. Imagine an admin
- wishes to use fail2ban on one service but not others. Rare but an issue
- when a large number of clients use a single NAT for all users and failed
- logins and traffic looks like an attack. Maybe a whitelist configuration
- as an optional setting.
- * Remoting
- Enable remoting hooks for updating IPTABLES
- * Service Checks
- Adding saftey checks to make sure that the admin does not lock his/herself
- out of the system by accident. We all make mistakes.
-
--- Note: I'd love a pure iptables firewall as well. I've made such a script for
- my work, which uses a simple config file to open/close ports and support for
- ip exclusions. I think we could use it as a base to start with, it's up on the dev forum
- url: http://www.howtoforge.com/forums/showthread.php?p=261311 (Mark_NL)
-
-Clients module
---------------------------------------
-
-
-Sites (web) module
---------------------------------------
-
-
-BE-Designer module
---------------------------------------
-
-WARNING: Please do not use the BE Designer at the moment, the serializing
- function of the module editor may break some of the existing modules.
-
-
-Remoting framework
---------------------------------------
-- Add more connections to other data. Remoting hooks for FS and Email Quota
-
-Interface
---------------------------------------
-- Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10])
-- DNS: Add Checkbox to switch dnssec_wanted between Y and N to templates and/or wizard. I recommend doing it in the wizard though.
-
-General tasks
---------------------------------------
-
-- Add, extend or modify comments in PEAR syntax so that they can be read with
- phpdocumentor.
-
-- Doxygen might be a good idea (phpdocumentor looks nice but no active development)
--- http://drupal.org/node/1354 may have some good ideas.
--- http://engineeredweb.com/blog/10/9/4-reasons-consider-doxygen-over-phpdocumentor
+http://git.ispconfig.org/ispconfig/ispconfig3/issues
\ No newline at end of file
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 363a38cb99e2d2799db8f0cc66a6c2c3ef3d3be6..bbf8cfd3b794fda0f2677b16c252716a41870d34 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -217,7 +217,12 @@ class installer_base {
//* check sql-mode
$check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode");
- if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+ if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
+ echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
+ echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
+ echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
+ die();
+ }
//** Create the database
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index 9fb57cb655862c26c8a6b6ad3212cf2d85f4ce97..a6bb42d2d4cbda15137bd6f540958adf21d60756 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -125,7 +125,12 @@ function updateDbAndIni() {
//* check sql-mode
$check_sql_mode = $inst->db->queryOneRecord("SELECT @@sql_mode");
- if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+ if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
+ echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
+ echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
+ echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
+ die();
+ }
//* Update $conf array with values from the server.ini that shall be preserved
$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
diff --git a/install/uninstall.php b/install/uninstall.php
index 198a145a5ad7ef2e0fd1f89226f5591f73485398..c565d4653d71c2667dfc6c8e6cef70fcfb502450 100644
--- a/install/uninstall.php
+++ b/install/uninstall.php
@@ -36,7 +36,7 @@ error_reporting(E_ALL|E_STRICT);
require_once "/usr/local/ispconfig/server/lib/config.inc.php";
require_once "/usr/local/ispconfig/server/lib/app.inc.php";
-require "/usr/local/ispconfig/server/mysql_clientdb.conf";
+require "/usr/local/ispconfig/server/lib/mysql_clientdb.conf";
//** The banner on the command line
echo "\n\n".str_repeat('-', 80)."\n";
@@ -51,7 +51,7 @@ echo " _____ ___________ _____ __ _ ____
echo "\n".str_repeat('-', 80)."\n";
echo "\n\n>> Uninstall \n\n";
-echo "Are you sure you want to uninsatll ISPConfig? [no]";
+echo "Are you sure you want to uninstall ISPConfig? [no]";
$input = fgets(STDIN);
$do_uninstall = rtrim($input);
@@ -62,11 +62,11 @@ if($do_uninstall == 'yes') {
$link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
- echo "Unable to connect to the database'.mysql_error($link)";
+ echo "Unable to connect to the database. mysql_error($link)";
} else {
- $result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
+ $result=mysqli_query($link,"DROP DATABASE ".$conf['db_database'].";");
if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
- $result=mysqli_query($link,"DROP USER '".$conf['db_user'] ."';");
+ $result=mysqli_query($link,"DROP USER '".$conf['db_user']."'@'".$conf['db_host']."';");
if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
}
mysqli_close($link);
diff --git a/interface/lib/classes/validate_server.inc.php b/interface/lib/classes/validate_server.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..6361fb471ce063867cbbe1e8bcc267ed56e7dd92
--- /dev/null
+++ b/interface/lib/classes/validate_server.inc.php
@@ -0,0 +1,61 @@
+tform->wordbook[$errmsg])) {
+ return $app->tform->wordbook[$errmsg]."
\r\n";
+ } else {
+ return $errmsg."
\r\n";
+ }
+ }
+
+ /**
+ * Validator function for server-ip
+ */
+ function check_server_ip($field_name, $field_value, $validator) {
+ if($_POST['ip_type'] == 'IPv4') {
+ if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+ return $this->get_error($validator['errmsg']);
+ }
+ } elseif ($_POST['ip_type'] == 'IPv6') {
+ if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+ return $this->get_error($validator['errmsg']);
+ }
+ } else return $this->get_error($validator['errmsg']);
+ }
+
+}
+
diff --git a/interface/web/admin/form/server_ip.tform.php b/interface/web/admin/form/server_ip.tform.php
index 0dbdfe190d12c81540e31a24cdb31fdd2ef4c594..cd7190ebc6923c74d82f8abddd3aa2421e8f381f 100644
--- a/interface/web/admin/form/server_ip.tform.php
+++ b/interface/web/admin/form/server_ip.tform.php
@@ -121,7 +121,7 @@ $form["tabs"]['server_ip'] = array (
'ip_address' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
- 'validators' => array ( 0 => array ( 'type' => 'ISIP',
+ 'validators' => array ( 0 => array ( 'type' => 'CUSTOM', 'class' => 'validate_server', 'function' => 'check_server_ip',
'errmsg'=> 'ip_error_wrong'),
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'ip_error_unique'),
diff --git a/interface/web/admin/form/server_ip_map.tform.php b/interface/web/admin/form/server_ip_map.tform.php
index fb61022ad2cd77fed5ed7235155ac2a991ba89f9..4f7ed3d28c55e3744605d2d390da8e0eeec1006a 100644
--- a/interface/web/admin/form/server_ip_map.tform.php
+++ b/interface/web/admin/form/server_ip_map.tform.php
@@ -69,7 +69,7 @@ $form["tabs"]['server_ip_map'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array (
- 0 => array ( 'type' => 'ISIP', 'errmsg'=> 'ip_error_wrong'),
+ 0 => array ( 'type' => 'ISIPV4', 'errmsg'=> 'ip_error_wrong'),
1 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'destination_ip_empty'),
),
'default' => '',
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 3237bb574b763046b5797ad1023fac76e9808e46..a8377f5f01f3ac7342bda3ca3e4b5509199694f6 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1119,14 +1119,7 @@ class apache2_plugin {
}
*/
- //* Generate Let's Encrypt SSL certificat
- if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
- ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
- || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
- || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
- || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
- || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
- )) {
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
@@ -1135,7 +1128,16 @@ class apache2_plugin {
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
+ }
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+ ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+ || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+ || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+ || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
+ )) {
// default values
$temp_domains = array();
$lddomain = $domain;
@@ -1709,7 +1711,7 @@ class apache2_plugin {
$data['new']['ipv6_address'] = implode(':', $explode_v6);
}
}
-
+ if($data['new']['ipv6_address'] == '*') $data['new']['ipv6_address'] = '::';
$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
diff --git a/server/plugins-available/network_settings_plugin.inc.php b/server/plugins-available/network_settings_plugin.inc.php
index 13dbf3c8c1f0595515b72b1f211e2217f79d2e0c..5ce6f934b810c64148b997690f57fc4263b41f9c 100644
--- a/server/plugins-available/network_settings_plugin.inc.php
+++ b/server/plugins-available/network_settings_plugin.inc.php
@@ -110,7 +110,7 @@ class network_settings_plugin {
/*
* don't insert the main-ip again!
*/
- if ($rec['ip_address'] != $server_config['ip_address'])
+ if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip_records[$n] = array(
'id' => $n,
@@ -188,7 +188,7 @@ class network_settings_plugin {
/*
* don't insert the main-ip again!
*/
- if ($rec['ip_address'] != $server_config['ip_address'])
+ if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip_records[$n] = array(
'id' => $n,
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index b50d4eb47475d101f132d98e86f882bb9be382ca..b3276e4c25c2e8980aac888dc5ab50419b6d3893 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1232,15 +1232,7 @@ class nginx_plugin {
$tpl->setVar('ssl_letsencrypt', "n");
- //* Generate Let's Encrypt SSL certificat
- if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
- ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
- || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
- || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
- || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
- || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
- )) {
-
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
//* be sure to have good domain
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
@@ -1250,7 +1242,16 @@ class nginx_plugin {
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
-
+ }
+
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+ ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+ || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+ || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+ || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
+ )) {
// default values
$temp_domains = array();
$lddomain = $domain;