From 4f6eb2c277e6d06e24ed7b974d3535f911b697b1 Mon Sep 17 00:00:00 2001
From: Michael Seevogel <git@michaelseevogel.de>
Date: Sun, 11 Feb 2024 00:13:37 +0100
Subject: [PATCH] Transform the domain placeholder in command_format function
---
interface/lib/classes/validate_cron.inc.php | 24 ++++++++++++++++++-
interface/web/sites/templates/cron_edit.htm | 8 +++----
server/plugins-available/cron_plugin.inc.php | 11 +++++++--
.../shelluser_jailkit_plugin.inc.php | 1 +
4 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php
index 888fdd5cb7..c99f13ef52 100644
--- a/interface/lib/classes/validate_cron.inc.php
+++ b/interface/lib/classes/validate_cron.inc.php
@@ -45,15 +45,37 @@ class validate_cron {
Validator function to check if a given cron command is in correct form (url only).
*/
function command_format($field_name, $field_value, $validator) {
+ global $app, $page;
+
if(preg_match("'^(\w+):\/\/'", $field_value, $matches)) {
+ if(preg_match("/\{DOMAIN\}/", $field_value)) {
+ if(isset($app->remoting_lib->primary_id)) {
+ $domain = $app->remoting_lib->dataRecord;
+ } else {
+ $domain = $page->dataRecord;
+ }
+
+ if($domain['parent_domain_id'] > 0){
+ $parent_domain = $app->db->queryOneRecord("SELECT `domain` FROM `web_domain` WHERE `domain_id` = ?", $domain['parent_domain_id']);
+ }
+
+ $trans = array(
+ '{DOMAIN}' => $parent_domain['domain']
+ );
+
+ $field_value = strtr($field_value, $trans);
+ }
$parsed = parse_url($field_value);
+
if($parsed === false) return $this->get_error($validator['errmsg']);
if($parsed["scheme"] != "http" && $parsed["scheme"] != "https") return $this->get_error($validator['errmsg']);
+ if(preg_match("'^([a-z0-9][a-z0-9\-]{0,62}\.)+([A-Za-z0-9\-]{2,63})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
+
- if(preg_match("'^([a-z0-9][a-z0-9_\-]{0,62}\.)+([A-Za-z0-9\-]{2,63})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
}
+
if(strpos($field_value, "\n") !== false || strpos($field_value, "\r") !== false || strpos($field_value, chr(0)) !== false) {
return $this->get_error($validator['errmsg']);
}
diff --git a/interface/web/sites/templates/cron_edit.htm b/interface/web/sites/templates/cron_edit.htm
index 9eef8091d8..20417849fb 100644
--- a/interface/web/sites/templates/cron_edit.htm
+++ b/interface/web/sites/templates/cron_edit.htm
@@ -1,7 +1,8 @@
<div class="form-group">
<tmpl_if name="edit_disabled">
+
<label for="parent_domain_id" class="col-sm-3 control-label">{tmpl_var name='parent_domain_id_txt'}</label>
- <div class="col-sm-9"><select name="parent_domain_id" id="parent_domain_id" class="form-control" disabled="disabled">
+ <div class="col-sm-9"><i class="fa-solid fa-circle-info"></i><select name="parent_domain_id" id="parent_domain_id" class="form-control" disabled="disabled">
{tmpl_var name='parent_domain_id'}
</select></div>
<input type="hidden" name="parent_domain_id" value="{tmpl_var name='parent_domain_id_value'}" />
@@ -12,6 +13,7 @@
</select></div>
</tmpl_if>
</div>
+
<div class="form-group">
<label for="run_min" class="col-sm-3 control-label">{tmpl_var name='run_min_txt'}</label>
<div class="col-sm-9">
@@ -70,8 +72,6 @@
{tmpl_var name='active'}
</div>
</div>
-
-
<input type="hidden" name="id" value="{tmpl_var name='id'}">
<div class="clear"><div class="right">
@@ -85,7 +85,7 @@
jQuery('#parent_domain_id').trigger('change');
});
// Reload cron placeholders if a different domain was selected
- jQuery('#parent_domain_id').change(function(){
+ jQuery('#parent_domain_id').change(function() {
reloadCronPlaceholders();
});
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index b0bc507b5e..c11b4b06af 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -231,6 +231,7 @@ class cron_plugin {
$cron_line = str_replace(" ", "", $job['run_min']) . "\t" . str_replace(" ", "", $job['run_hour']) . "\t" . str_replace(" ", "", $job['run_mday']) . "\t" . str_replace(" ", "", $job['run_month']) . "\t" . str_replace(" ", "", $job['run_wday']);
}
+ $web_domain = $this->parent_domain['domain'];
$log_target = "";
$log_wget_target = '/dev/null';
$log_root = '';
@@ -242,8 +243,16 @@ class cron_plugin {
$log_wget_target = $log_root . '/cron_wget.log';
}
+
+
$cron_line .= "\t{$this->parent_domain['system_user']}"; //* running as user
if($job['type'] == 'url') {
+ $trans = array(
+ '{DOMAIN}' => $web_domain
+ );
+
+ $job['command'] = strtr($job['command'], $trans);
+
$cron_line .= "\t{$cron_config['wget']} --no-check-certificate --user-agent='Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0' -q -t 1 -T 7200 -O " . $log_wget_target . " " . escapeshellarg($job['command']) . " " . $log_target;
} else {
if(strpos($job['command'], "\n") !== false || strpos($job['command'], "\r") !== false || strpos($job['command'], chr(0)) !== false) {
@@ -253,8 +262,6 @@ class cron_plugin {
$web_docroot_client = '';
- $web_domain = $this->parent_domain['domain'];
-
// web folder is hardcoded to /web:
$web_folder = '/web';
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index d462e4a693..05e0315f0a 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -726,6 +726,7 @@ class shelluser_jailkit_plugin {
}
if($app->system->is_redhat_os() == true) {
+ //$bashrc = $this->web['document_root'] . '/home/' . $this->web['system_user'] . '/.bashrc';
$bashrc = $this->web['document_root'] . '/etc/bashrc';
} else {
$bashrc = $this->web['document_root'] . '/etc/bash.bashrc';
--
GitLab