Commit 33ed536e authored by Marius Burkard's avatar Marius Burkard

Merge remote-tracking branch 'ispc3/stable-3.1' into rspamd

Client can create global whitelists and blacklists for email, fixes #5356
parents 1eb51aa6 709638f1
......@@ -30,3 +30,8 @@ UPDATE `spamfilter_policy` SET `rspamd_spam_kill_level` = '999.00' WHERE id = 3;
UPDATE `spamfilter_policy` SET `rspamd_spam_kill_level` = '8.00' WHERE id = 6;
UPDATE `spamfilter_policy` SET `rspamd_spam_kill_level` = '20.00' WHERE id = 7;
-- end of rspamd
ALTER TABLE `client` CHANGE COLUMN `password` `password` VARCHAR(200) DEFAULT NULL;
ALTER TABLE `ftp_user` CHANGE COLUMN `password` `password` VARCHAR(200) DEFAULT NULL;
ALTER TABLE `shell_user` CHANGE COLUMN `password` `password` VARCHAR(200) DEFAULT NULL;
ALTER TABLE `sys_user` CHANGE COLUMN `passwort` `passwort` VARCHAR(200) DEFAULT NULL;
ALTER TABLE `webdav_user` CHANGE COLUMN `password` `password` VARCHAR(200) DEFAULT NULL;
......@@ -243,7 +243,7 @@ CREATE TABLE `client` (
`limit_openvz_vm_template_id` int(11) NOT NULL DEFAULT '0',
`parent_client_id` int(11) unsigned NOT NULL DEFAULT '0',
`username` varchar(64) DEFAULT NULL,
`password` varchar(64) DEFAULT NULL,
`password` varchar(200) DEFAULT NULL,
`language` char(2) NOT NULL DEFAULT 'en',
`usertheme` varchar(32) NOT NULL DEFAULT 'default',
`template_master` int(11) unsigned NOT NULL DEFAULT '0',
......@@ -705,7 +705,7 @@ CREATE TABLE `ftp_user` (
`parent_domain_id` int(11) unsigned NOT NULL default '0',
`username` varchar(64) default NULL,
`username_prefix` varchar(50) NOT NULL default '',
`password` varchar(64) default NULL,
`password` varchar(200) default NULL,
`quota_size` bigint(20) NOT NULL default '-1',
`active` enum('n','y') NOT NULL default 'y',
`uid` varchar(64) default NULL,
......@@ -1440,7 +1440,7 @@ CREATE TABLE `shell_user` (
`parent_domain_id` int(11) unsigned NOT NULL default '0',
`username` varchar(64) default NULL,
`username_prefix` varchar(50) NOT NULL default '',
`password` varchar(64) default NULL,
`password` varchar(200) default NULL,
`quota_size` bigint(20) NOT NULL default '-1',
`active` enum('n','y') NOT NULL default 'y',
`puser` varchar(255) default NULL,
......@@ -1869,7 +1869,7 @@ CREATE TABLE `sys_user` (
`sys_perm_group` varchar(5) NOT NULL default 'riud',
`sys_perm_other` varchar(5) NOT NULL default '',
`username` varchar(64) NOT NULL default '',
`passwort` varchar(64) NOT NULL default '',
`passwort` varchar(200) NOT NULL default '',
`modules` varchar(255) NOT NULL default '',
`startmodule` varchar(255) NOT NULL default '',
`app_theme` varchar(32) NOT NULL default 'default',
......@@ -1904,7 +1904,7 @@ CREATE TABLE `webdav_user` (
`parent_domain_id` int(11) unsigned NOT NULL DEFAULT '0',
`username` varchar(64) DEFAULT NULL,
`username_prefix` varchar(50) NOT NULL default '',
`password` varchar(64) DEFAULT NULL,
`password` varchar(200) DEFAULT NULL,
`active` enum('n','y') NOT NULL DEFAULT 'y',
`dir` varchar(255) DEFAULT NULL,
PRIMARY KEY (`webdav_user_id`)
......
......@@ -78,7 +78,7 @@ class app {
$this->uses($prop);
if(property_exists($this, $prop)) return $this->{$prop};
else return null;
else trigger_error('Undefined property ' . $name . ' of class app', E_USER_WARNING);
}
public function __destruct() {
......
......@@ -231,12 +231,27 @@ class auth {
if($charset != 'UTF-8') {
$cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
}
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
$salt = '$6$rounds=5000$';
$salt_length = 16;
} elseif(defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) {
$salt = '$5$rounds=5000$';
$salt_length = 16;
} else {
$salt = '$1$';
$salt_length = 12;
}
if(function_exists('openssl_random_pseudo_bytes')) {
$salt .= substr(bin2hex(openssl_random_pseudo_bytes($salt_length)), 0, $salt_length);
} else {
$base64_alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
for($n = 0; $n < $salt_length; $n++) {
$salt .= $base64_alphabet[mt_rand(0, 63)];
}
}
$salt.="$";
$salt .= "$";
return crypt($cleartext_password, $salt);
}
......
......@@ -451,9 +451,9 @@ class functions {
if(file_exists($id_rsa_file)) unset($id_rsa_file);
if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file);
if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) {
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f '.$id_rsa_file.' -N ""');
$app->system->exec_safe('ssh-keygen -t rsa -C ? -f ? -N ""', $username.'-rsa-key-'.time(), $id_rsa_file);
$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents($id_rsa_file), @file_get_contents($id_rsa_pub_file), $client_id);
exec('rm -f '.$id_rsa_file.' '.$id_rsa_pub_file);
$app->system->exec_safe('rm -f ? ?', $id_rsa_file, $id_rsa_pub_file);
} else {
$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
}
......
......@@ -604,11 +604,9 @@ class remoting_client extends remoting {
if($user) {
$saved_password = stripslashes($user['password']);
if(substr($saved_password, 0, 3) == '$1$') {
//* The password is crypt-md5 encrypted
$salt = '$1$'.substr($saved_password, 3, 8).'$';
if(crypt(stripslashes($password), $salt) != $saved_password) {
if(preg_match('/^\$[156]\$/', $saved_password)) {
//* The password is crypt encrypted
if(crypt(stripslashes($password), $saved_password) !== $saved_password) {
$user = false;
}
} else {
......@@ -636,11 +634,9 @@ class remoting_client extends remoting {
if($user) {
$saved_password = stripslashes($user['passwort']);
if(substr($saved_password, 0, 3) == '$1$') {
if(preg_match('/^\$[156]\$/', $saved_password)) {
//* The password is crypt-md5 encrypted
$salt = '$1$'.substr($saved_password, 3, 8).'$';
if(crypt(stripslashes($password), $salt) != $saved_password) {
if(crypt(stripslashes($password), $saved_password) != $saved_password) {
$user = false;
}
} else {
......
......@@ -99,28 +99,22 @@ class remoting {
if($user) {
$saved_password = stripslashes($user['passwort']);
if(substr($saved_password, 0, 3) == '$1$') {
if(preg_match('/^\$[156]\$/', $saved_password)) {
//* The password is crypt-md5 encrypted
$salt = '$1$'.substr($saved_password, 3, 8).'$';
if(crypt(stripslashes($password), $salt) != $saved_password) {
if(crypt(stripslashes($password), $saved_password) != $saved_password) {
throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.');
return false;
}
} else {
//* The password is md5 encrypted
if(md5($password) != $saved_password) {
throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.');
return false;
}
}
} else {
throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.');
return false;
}
if($user['active'] != 1) {
throw new SoapFault('client_login_failed', 'The login failed. User is blocked.');
return false;
}
// now we need the client data
......
......@@ -31,6 +31,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
class system {
var $client_service = null;
private $_last_exec_out = null;
private $_last_exec_retcode = null;
public function has_service($userid, $service) {
global $app;
......@@ -52,8 +54,47 @@ class system {
return false;
}
}
} //* End Class
?>
public function last_exec_out() {
return $this->_last_exec_out;
}
public function last_exec_retcode() {
return $this->_last_exec_retcode;
}
public function exec_safe($cmd) {
$arg_count = func_num_args();
if($arg_count != substr_count($cmd, '?') + 1) {
trigger_error('Placeholder count not matching argument list.', E_USER_WARNING);
return false;
}
if($arg_count > 1) {
$args = func_get_args();
$pos = 0;
$a = 0;
foreach($args as $value) {
$a++;
$pos = strpos($cmd, '?', $pos);
if($pos === false) {
break;
}
$value = escapeshellarg($value);
$cmd = substr_replace($cmd, $value, $pos, 1);
$pos += strlen($value);
}
}
$this->_last_exec_out = null;
$this->_last_exec_retcode = null;
return exec($cmd, $this->_last_exec_out, $this->_last_exec_retcode);
}
public function system_safe($cmd) {
call_user_func_array(array($this, 'exec_safe'), func_get_args());
return implode("\n", $this->_last_exec_out);
}
} //* End Class
......@@ -49,10 +49,13 @@ class validate_dkim {
* Validator function for private DKIM-Key
*/
function check_private_key($field_name, $field_value, $validator) {
global $app;
$dkim_enabled=$_POST['dkim'];
if ($dkim_enabled == 'y') {
if (empty($field_value)) return $this->get_error($validator['errmsg']);
exec('echo '.escapeshellarg($field_value).'|openssl rsa -check', $output, $result);
$app->system->exec_safe('echo ?|openssl rsa -check', $field_value);
$result = $app->system->last_exec_retcode();
if($result != 0) return $this->get_error($validator['errmsg']);
}
}
......
......@@ -104,6 +104,8 @@ class page_action extends tform_actions {
function onAfterUpdate() {
global $app, $conf;
$app->uses('auth');
$client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $this->id);
$client_id = $app->functions->intval($client['client_id']);
$username = $this->dataRecord["username"];
......@@ -121,13 +123,7 @@ class page_action extends tform_actions {
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["passwort"]) && $this->dataRecord["passwort"] != '') {
$password = $this->dataRecord["passwort"];
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
$password = crypt(stripslashes($password), $salt);
$password = $app->auth->crypt_password($password);
$sql = "UPDATE client SET password = ? WHERE client_id = ? AND username = ?";
$app->db->query($sql, $password, $client_id, $username);
}
......
......@@ -200,6 +200,9 @@ class page_action extends tform_actions {
*/
function onAfterInsert() {
global $app, $conf;
$app->uses('auth');
// Create the group for the reseller
$groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');
$groups = $groupid;
......@@ -213,14 +216,8 @@ class page_action extends tform_actions {
$active = 1;
$language = $this->dataRecord["language"];
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
$password = crypt(stripslashes($password), $salt);
$password = $app->auth->crypt_password(stripslashes($password));
// Create the controlpaneluser for the reseller
$sql = "INSERT INTO sys_user (`username`,`passwort`,`modules`,`startmodule`,`app_theme`,`typ`, `active`,`language`,`groups`,`default_group`,`client_id`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
......@@ -313,6 +310,8 @@ class page_action extends tform_actions {
function onAfterUpdate() {
global $app, $conf;
$app->uses('auth');
// username changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
$username = $this->dataRecord["username"];
......@@ -329,13 +328,8 @@ class page_action extends tform_actions {
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $this->dataRecord["password"];
$client_id = $this->id;
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
$password = crypt(stripslashes($password), $salt);
$password = $app->auth->crypt_password(stripslashes($password));
$sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";
$app->db->query($sql, $password, $client_id);
}
......
......@@ -54,8 +54,8 @@ if($type == 'create_dkim' && $domain_id != ''){
if ($dkim_strength=='') $dkim_strength = 2048;
$rnd_val = $dkim_strength * 10;
exec('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
exec('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
$app->system->exec_safe('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
$app->system->exec_safe('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
unlink("../../temp/random-data.bin");
$dkim_private='';
foreach($privkey as $values) $dkim_private=$dkim_private.$values."\n";
......@@ -79,12 +79,14 @@ if($type == 'create_dkim' && $domain_id != ''){
$selector = 'invalid domain or selector';
}
unset($dkim_public);
exec('echo '.escapeshellarg($dkim_private).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
$app->system->exec_safe('echo ?|openssl rsa -pubout -outform PEM 2> /dev/null', $dkim_private);
$pubkey = $app->system->last_exec_out();
foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n";
$selector = $dkim_selector;
} else {
unset($dkim_public);
exec('echo '.escapeshellarg($dkim_private).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
$app->system->exec_safe('echo ?|openssl rsa -pubout -outform PEM 2> /dev/null', $dkim_private);
$pubkey = $app->system->last_exec_out();
foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n";
$selector = $dkim_selector;
}
......
......@@ -42,6 +42,9 @@ $tform_def_file = "form/mail_blacklist.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin priveliges');
//* Check permissions for module
$app->auth->check_module_permissions('mail');
......
......@@ -53,16 +53,7 @@ class page_action extends tform_actions {
function onShowNew() {
global $app, $conf;
// we will check only users, not admins
if($_SESSION["s"]["user"]["typ"] == 'user') {
if(!$app->tform->checkClientLimit('limit_mailfilter')) {
$app->error($app->tform->wordbook["limit_mailfilter_txt"]);
}
if(!$app->tform->checkResellerLimit('limit_mailfilter')) {
$app->error('Reseller: '.$app->tform->wordbook["limit_mailfilter_txt"]);
}
}
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
parent::onShowNew();
}
......@@ -70,6 +61,8 @@ class page_action extends tform_actions {
function onBeforeUpdate() {
global $app, $conf;
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
......@@ -86,24 +79,10 @@ class page_action extends tform_actions {
function onSubmit() {
global $app, $conf;
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
if(substr($this->dataRecord['source'], 0, 1) === '@') $this->dataRecord['source'] = substr($this->dataRecord['source'], 1);
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?" , $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]."<br>";
}
unset($tmp);
}
} // end if user is not admin
parent::onSubmit();
}
......
......@@ -12,6 +12,8 @@ $list_def_file = "list/mail_blacklist.list.php";
* End Form configuration
******************************************/
if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin priveliges');
//* Check permissions for module
$app->auth->check_module_permissions('mail');
......
......@@ -42,6 +42,8 @@ $tform_def_file = "form/mail_whitelist.tform.php";
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin priveliges');
//* Check permissions for module
$app->auth->check_module_permissions('mail');
......
......@@ -53,55 +53,33 @@ class page_action extends tform_actions {
function onShowNew() {
global $app, $conf;
// we will check only users, not admins
if($_SESSION["s"]["user"]["typ"] == 'user') {
if(!$app->tform->checkClientLimit('limit_mailfilter')) {
$app->error($app->tform->wordbook["limit_mailfilter_txt"]);
}
if(!$app->tform->checkResellerLimit('limit_mailfilter')) {
$app->error('Reseller: '.$app->tform->wordbook["limit_mailfilter_txt"]);
}
}
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
parent::onShowNew();
}
function onBeforeUpdate() {
global $app, $conf;
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
$this->dataRecord["server_id"] = $rec['server_id'];
}
unset($rec);
$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
if($rec['server_id'] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
$this->dataRecord["server_id"] = $rec['server_id'];
}
unset($rec);
}
function onSubmit() {
global $app, $conf;
if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
if(substr($this->dataRecord['source'], 0, 1) === '@') $this->dataRecord['source'] = substr($this->dataRecord['source'], 1);
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_mailfilter"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_mailfilter"]) {
$app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]."<br>";
}
unset($tmp);
}
} // end if user is not admin
parent::onSubmit();
}
......
......@@ -12,6 +12,8 @@ $list_def_file = "list/mail_whitelist.list.php";
* End Form configuration
******************************************/
if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin priveliges');
//* Check permissions for module
$app->auth->check_module_permissions('mail');
......
......@@ -276,7 +276,10 @@ if($app->auth->is_admin()) {
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'directory_error_empty'),
1 => array ( 'type' => 'CUSTOM',
1 => array ( 'type' => 'REGEX',
'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
'errmsg'=> 'directory_error_regex'),
2 => array ( 'type' => 'CUSTOM',
'class' => 'validate_ftpuser',
'function' => 'ftp_dir',
'errmsg' => 'directory_error_notinweb'),
......
......@@ -69,6 +69,22 @@ class app {
}
public function __get($name) {
$valid_names = array('functions', 'getconf', 'letsencrypt', 'modules', 'plugins', 'services', 'system');
if(!in_array($name, $valid_names)) {
trigger_error('Undefined property ' . $name . ' of class app', E_USER_WARNING);
}
if(property_exists($this, $name)) {
return $this->{$name};
}
$this->uses($name);
if(property_exists($this, $name)) {
return $this->{$name};
} else {
trigger_error('Undefined property ' . $name . ' of class app', E_USER_WARNING);
}
}
function setCaller($caller) {
$this->_calling_script = $caller;
}
......
......@@ -395,7 +395,7 @@ class ApsInstaller extends ApsBase
mkdir($this->document_root, 0777, true);
}
} else {
exec("rm -Rf ".escapeshellarg($this->local_installpath).'*');
$app->system->exec_safe("rm -Rf ?*", $this->local_installpath);
}
} else {
mkdir($this->local_installpath, 0777, true);
......@@ -412,7 +412,7 @@ class ApsInstaller extends ApsBase
|| ($this->extractZip($this->packages_dir.'/'.$task['path'], 'scripts', $this->local_installpath.'install_scripts/') === false) )
{
// Clean already extracted data
exec("rm -Rf ".escapeshellarg($this->local_installpath).'*');
$app->system->exec_safe("rm -Rf ?*", $this->local_installpath);
throw new Exception('Unable to extract the package '.$task['path']);
}
......@@ -423,11 +423,11 @@ class ApsInstaller extends ApsBase
$owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = ?", $main_domain['value']);
$this->file_owner_user = $owner_res['system_user'];
$this->file_owner_group = $owner_res['system_group'];
exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath));
$app->system->exec_safe('chown -R ?:? ?', $this->file_owner_user, $this->file_owner_group, $this->local_installpath);
//* Chown stats directory back
if(is_dir($this->local_installpath.'stats')) {
exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats'));
$app->system->exec_safe('chown -R root:root ?', $this->local_installpath.'stats');
}
}
}
......@@ -544,7 +544,6 @@ class ApsInstaller extends ApsBase
chmod($this->local_installpath.'install_scripts/'.$cfgscript, 0755);
// Change to the install folder (import for the exec() below!)
//exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath));
chdir($this->local_installpath.'install_scripts/');
// Set the enviroment variables
......@@ -554,7 +553,9 @@ class ApsInstaller extends ApsBase
$shell_retcode = true;
$shell_ret = array();
exec('php '.escapeshellarg($this->local_installpath.'install_scripts/'.$cfgscript).' install 2>&1', $shell_ret, $shell_retcode);
$app->system->exec_safe('php ? install 2>&1', $this->local_installpath.'install_scripts/'.$cfgscript);
$shell_ret = $app->system->last_exec_out();
$shell_retcode = $app->system->last_exec_retcode();
$shell_ret = array_filter($shell_ret);
$shell_ret_str = implode("\n", $shell_ret);
......@@ -566,11 +567,11 @@ class ApsInstaller extends ApsBase
else
{
// The install succeeded, chown newly created files too
exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath));
$app->system->exec_safe('chown -R ?:? ?', $this->file_owner_user, $this->file_owner_group, $this->local_installpath);
//* Chown stats directory back
if(is_dir($this->local_installpath.'stats')) {
exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats'));
$app->system->exec_safe('chown -R root:root ?', $this->local_installpath.'stats');
}
$app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_SUCCESS, $task['instance_id']);
......@@ -597,8 +598,9 @@ class ApsInstaller extends ApsBase
*/
private function cleanup($task, $sxe)
{
global $app;
chdir($this->local_installpath);
exec("rm -Rf ".escapeshellarg($this->local_installpath).'install_scripts');
$app->system->exec_safe("rm -Rf ?", $this->local_installpath.'install_scripts');
}
......
......@@ -90,7 +90,7 @@ class cronjob_monitor_email_quota extends cronjob {
$email_parts = explode('@', $mb['email']);
$filename = $mb['maildir'].'/.quotausage';
if(!file_exists($filename) && $dovecot) {
exec('doveadm quota recalc -u '.$email);
$app->system->exec_safe('doveadm quota recalc -u ?', $email);
}
if(file_exists($filename) && !is_link($filename)) {
$quotafile = file($filename);
......@@ -99,7 +99,8 @@ class cronjob_monitor_email_quota extends cronjob {
$app->log("Mail storage $email: " . $storage_value[1], LOGLEVEL_DEBUG);
unset($quotafile);
} else {
exec('du -s '.escapeshellcmd($mb['maildir']), $out);
$app->system->exec_safe('du -s ?', $mb['maildir']);
$out = $app->system->last_exec_out();
$parts = explode(' ', $out[0]);
$data[$email]['used'] = intval($parts[0])*1024;
unset($out);
......
......@@ -71,16 +71,16 @@ class cronjob_awstats extends cronjob {
$log_folder .= '/' . $subdomain_host;
unset($tmp);
}
$logfile = escapeshellcmd($rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log');
$logfile = $rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log';
if(!@is_file($logfile)) {
$logfile = escapeshellcmd($rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log.gz');
$logfile = $rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log.gz';
if(!@is_file($logfile)) {
continue;
}
}
$web_folder = (($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') ? $rec['web_folder'] : 'web');
$domain = escapeshellcmd($rec['domain']);
$statsdir = escapeshellcmd($rec['document_root'].'/'.$web_folder.'/stats');
$domain = $rec['domain'];
$statsdir = $rec['document_root'].'/'.$web_folder.'/stats';
$awstats_pl = $web_config['awstats_pl'];
$awstats_buildstaticpages_pl = $web_config['awstats_buildstaticpages_pl'];
......@@ -117,8 +117,8 @@ class cronjob_awstats extends cronjob {
}