diff --git a/install/update.php b/install/update.php
index b30021f8128b4e7db44046066238f73bbed2766f..bb21a98eeb8700b789b4f20395134d242b46e397 100644
--- a/install/update.php
+++ b/install/update.php
@@ -111,7 +111,7 @@ $dist = get_distname();
include_once "/usr/local/ispconfig/server/lib/config.inc.php";
$conf_old = $conf;
unset($conf);
-define('ISPC_LOG_FILE', $old_conf['ispconfig_log_dir'] . '/update.log');
+define('ISPC_LOG_FILE', $conf_old['ispconfig_log_dir'] . '/update.log');
if($dist['id'] == '') die('Linux distribution or version not recognized.');
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
index ee665ec72abbeca4c0fd9899c3386724ba7a80dd..bbcc8be1d90e69cdd16db22b3e413992721b03a8 100644
--- a/interface/lib/classes/remote.d/sites.inc.php
+++ b/interface/lib/classes/remote.d/sites.inc.php
@@ -433,10 +433,10 @@ class remoting_sites extends remoting {
if($params['log_retention'] == '') $params['log_retention'] = 30;
//* Set a few defaults for nginx servers
- if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
- if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
- if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_vhost_domain:on_after_insert');
if ($readonly === true)
@@ -455,10 +455,10 @@ class remoting_sites extends remoting {
if($params['log_retention'] == '') $params['log_retention'] = 30;
//* Set a few defaults for nginx servers
- if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
- if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
- if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params);
return $affected_rows;
@@ -507,10 +507,10 @@ class remoting_sites extends remoting {
if($params['log_retention'] == '') $params['log_retention'] = 30;
//* Set a few defaults for nginx servers
- if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
- if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
- if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_vhost_aliasdomain:on_after_insert');
return $domain_id;
@@ -527,10 +527,10 @@ class remoting_sites extends remoting {
if($params['log_retention'] == '') $params['log_retention'] = 30;
//* Set a few defaults for nginx servers
- if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
- if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
- if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params, 'sites:web_vhost_aliasdomain:on_after_insert');
return $affected_rows;
@@ -579,10 +579,10 @@ class remoting_sites extends remoting {
if($params['log_retention'] == '') $params['log_retention'] = 30;
//* Set a few defaults for nginx servers
- if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
- if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
- if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_vhost_subdomain:on_after_insert');
return $domain_id;
@@ -599,10 +599,10 @@ class remoting_sites extends remoting {
if($params['log_retention'] == '') $params['log_retention'] = 30;
//* Set a few defaults for nginx servers
- if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
- if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
- if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params, 'sites:web_vhost_subdomain:on_after_insert');
return $affected_rows;
diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php
index 913b73914a497e6f71e3e3e025a5ede7682eb6f7..983172b88c8c8f51474f7ac4013af1efa4253ef7 100644
--- a/interface/lib/classes/validate_cron.inc.php
+++ b/interface/lib/classes/validate_cron.inc.php
@@ -76,6 +76,10 @@ class validate_cron {
if(preg_match("'^([a-z0-9][a-z0-9\-]{0,62}\.)+([A-Za-z0-9\-]{2,63})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
+
+ if(strpos($field_value, '\\') !== false) {
+ return $this->get_error($validator['errmsg']);
+ }
}
if(strpos($field_value, "\n") !== false || strpos($field_value, "\r") !== false || strpos($field_value, chr(0)) !== false) {
diff --git a/interface/web/mail/form/mail_domain.tform.php b/interface/web/mail/form/mail_domain.tform.php
index 805d223feb0829e42a1390f3a8d0e0c8d53c9dc1..1257242ea57621b6c389834d54162836550b8d57 100644
--- a/interface/web/mail/form/mail_domain.tform.php
+++ b/interface/web/mail/form/mail_domain.tform.php
@@ -87,9 +87,7 @@ $form["tabs"]['domain'] = array (
),
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'domain_error_empty'),
- 1 => array ( 'type' => 'UNIQUE',
- 'errmsg'=> 'domain_error_unique'),
- 2 => array ( 'type' => 'ISDOMAIN',
+ 1 => array ( 'type' => 'ISDOMAIN',
'errmsg'=> 'domain_error_regex'),
),
'default' => '',
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index c306d29db6f4df99ef97e6483ffdc06b9ec818c1..3075a468cc07f2e102d65e63d7f856f6526232e1 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -295,6 +295,12 @@ class page_action extends tform_actions {
}
}
+ // Check uniqueness per server.
+ $tmp = $app->db->queryOneRecord("SELECT domain_id FROM mail_domain WHERE domain = ? AND server_id = ? AND domain_id != ?", $this->dataRecord['domain'], $this->dataRecord['server_id'], $this->id);
+ if (!empty($tmp)) {
+ $app->tform->errorMessage .= $app->tform->lng("domain_error_unique")."<br />";
+ }
+
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
diff --git a/server/lib/classes/cron.d/100-mailbox_stats_hourly.inc.php b/server/lib/classes/cron.d/100-mailbox_stats_hourly.inc.php
index a23d2a41287b6844104db92ba0688c3d8c37dbcd..33acf5fa5cef20603f6acbe879cb57b4b1223250 100644
--- a/server/lib/classes/cron.d/100-mailbox_stats_hourly.inc.php
+++ b/server/lib/classes/cron.d/100-mailbox_stats_hourly.inc.php
@@ -96,7 +96,7 @@ class cronjob_mailbox_stats_hourly extends cronjob {
$matches = [];
// Match pop3/imap logings, or alternately smtp logins.
if (preg_match('/(.*) (imap|pop3)-login: Login: user=\<([\w\.@-]+)\>/', $line, $matches) || preg_match('/(.*) sasl_method=PLAIN, sasl_username=([\w\.@-]+)/', $line, $matches)) {
- $user = $matches[3] ?? $matches[2];
+ $user = isset($matches[3]) ? $matches[3] : $matches[2];
$updatedUsers[] = $user;
}
diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
index 76de9d84d6403609bed608bb4d249e4629654361..367b48ff2f906813635b29ed40848614d2ece066 100644
--- a/server/plugins-available/cron_jailkit_plugin.inc.php
+++ b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -137,9 +137,9 @@ class cron_jailkit_plugin {
$this->_add_jailkit_user();
- //$this->_setup_php_jailkit();
+ $this->_setup_php_jailkit();
- $command .= 'usermod -U ? 2>/dev/null';
+ $command = 'usermod -U ? 2>/dev/null';
$app->system->exec_safe($command, $parent_domain["system_user"]);
$this->_update_website_security_level();
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index c4fb02d9e2f20d47549944d5b88d6e7e2277f150..4442dc131a67e65a11b692e6e9f0e747a2835ff1 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -224,6 +224,12 @@ class cron_plugin {
$cmd_count = 0;
$chr_cmd_count = 0;
+ // Check if parentDomain array is empty
+ if(!is_array($this->parent_domain) || count($this->parent_domain) == 0) {
+ $app->log("Parent domain not found", LOGLEVEL_WARN);
+ return 0;
+ }
+
//* read all active cron jobs from database and write them to file
$cron_jobs = $app->db->queryAllRecords("SELECT c.`id`, c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain`
FROM `cron` as c
@@ -249,7 +255,11 @@ class cron_plugin {
$log_wget_target = $log_root . '/cron_wget.log';
}
-
+ // Check if command contains invalid chars
+ if(strpos($job['command'], "\n") !== false || strpos($job['command'], "\r") !== false || strpos($job['command'], chr(0)) !== false) {
+ $app->log("Insecure Cron job SKIPPED: " . $job['command'], LOGLEVEL_WARN);
+ continue;
+ }
$cron_line .= "\t{$this->parent_domain['system_user']}"; //* running as user
if($job['type'] == 'url') {
@@ -259,18 +269,13 @@ class cron_plugin {
$job['command'] = strtr($job['command'], $trans);
- $cron_line .= "\t{$cron_config['wget']} --no-check-certificate --user-agent='Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0' -q -t 1 -T 7200 -O " . $log_wget_target . " " . escapeshellarg($job['command']) . " " . $log_target;
- } else {
- if(strpos($job['command'], "\n") !== false || strpos($job['command'], "\r") !== false || strpos($job['command'], chr(0)) !== false) {
+ // Check that command does not contain a backslash
+ if (strpos($job['command'], '\\') !== false) {
$app->log("Insecure Cron job SKIPPED: " . $job['command'], LOGLEVEL_WARN);
continue;
}
- $web_docroot_client = '';
-
- // web folder is hardcoded to /web:
- $web_folder = '/web';
-
+ $web_root = '';
if($job['type'] == 'chrooted') {
if(substr($job['command'], 0, strlen($this->parent_domain['document_root'])) == $this->parent_domain['document_root']) {
//* delete the unneeded path part