Commit c8cf71f8 authored by tbrehm's avatar tbrehm

made php open_basdir configurable per website.

Added a global default for the .htaccess allow_override setting.
parent 812f6e9a
...@@ -1057,8 +1057,9 @@ CREATE TABLE `web_domain` ( ...@@ -1057,8 +1057,9 @@ CREATE TABLE `web_domain` (
`ssl_bundle` mediumtext NULL, `ssl_bundle` mediumtext NULL,
`ssl_action` varchar(16) NULL, `ssl_action` varchar(16) NULL,
`stats_password` varchar(255) default NULL, `stats_password` varchar(255) default NULL,
`allow_override` varchar(32) NOT NULL default 'All', `allow_override` varchar(255) NOT NULL default 'All',
`apache_directives` text, `apache_directives` text,
`php_open_basedir` text,
`active` enum('n','y') NOT NULL default 'y', `active` enum('n','y') NOT NULL default 'y',
PRIMARY KEY (`domain_id`) PRIMARY KEY (`domain_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1; ) ENGINE=MyISAM AUTO_INCREMENT=1;
......
...@@ -44,6 +44,8 @@ group=www-data ...@@ -44,6 +44,8 @@ group=www-data
apps_vhost_port=8081 apps_vhost_port=8081
apps_vhost_ip=_default_ apps_vhost_ip=_default_
apps_vhost_servername= apps_vhost_servername=
php_open_basedir=[website_path]/web:[website_path]/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
htaccess_allow_override=All
[dns] [dns]
bind_user=root bind_user=root
......
...@@ -387,6 +387,28 @@ $form["tabs"]['web'] = array ( ...@@ -387,6 +387,28 @@ $form["tabs"]['web'] = array (
'width' => '40', 'width' => '40',
'maxlength' => '255' 'maxlength' => '255'
), ),
'php_open_basedir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'php_open_basedir_error_empty'),
),
'value' => '',
'width' => '40',
'maxlength' => '255'
),
'htaccess_allow_override' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'htaccess_allow_override_error_empty'),
),
'value' => '',
'width' => '40',
'maxlength' => '255'
),
'apps_vhost_port' => array ( 'apps_vhost_port' => array (
'datatype' => 'VARCHAR', 'datatype' => 'VARCHAR',
'formtype' => 'TEXT', 'formtype' => 'TEXT',
......
...@@ -61,4 +61,8 @@ $wb["named_conf_path_error_empty"] = 'BIND named.conf path is empty.'; ...@@ -61,4 +61,8 @@ $wb["named_conf_path_error_empty"] = 'BIND named.conf path is empty.';
$wb["named_conf_local_path_error_empty"] = 'BIND named.conf.local path is empty.'; $wb["named_conf_local_path_error_empty"] = 'BIND named.conf.local path is empty.';
$wb["mail_filter_syntax_txt"] = 'Mailfilter Syntax'; $wb["mail_filter_syntax_txt"] = 'Mailfilter Syntax';
$wb["pop3_imap_daemon_txt"] = 'POP3/IMAP Daemon'; $wb["pop3_imap_daemon_txt"] = 'POP3/IMAP Daemon';
$wb["php_open_basedir_txt"] = 'PHP open_basedir';
$wb["php_open_basedir_error_empty"] = 'PHP open_basedir is empty.';
$wb["htaccess_allow_override_txt"] = '.htaccess AllowOverride';
$wb["htaccess_allow_override_error_empty"] = '.htaccess AllowOverride is empty.';
?> ?>
\ No newline at end of file
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="website_symlinks">{tmpl_var name='website_symlinks_txt'}</label> <label for="website_symlinks">{tmpl_var name='website_symlinks_txt'}</label>
<input name="website_symlinks" id="website_symlinks" value="{tmpl_var name='website_symlinks'}" size="40" maxlength="255" type="text" class="textInput" /> <input name="website_symlinks" id="website_symlinks" value="{tmpl_var name='website_symlinks'}" size="40" maxlength="255" type="text" class="textInput" />
</div> </div>
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="vhost_conf_dir">{tmpl_var name='vhost_conf_dir_txt'}</label> <label for="vhost_conf_dir">{tmpl_var name='vhost_conf_dir_txt'}</label>
<input name="vhost_conf_dir" id="vhost_conf_dir" value="{tmpl_var name='vhost_conf_dir'}" size="40" maxlength="255" type="text" class="textInput" /> <input name="vhost_conf_dir" id="vhost_conf_dir" value="{tmpl_var name='vhost_conf_dir'}" size="40" maxlength="255" type="text" class="textInput" />
...@@ -42,6 +42,14 @@ ...@@ -42,6 +42,14 @@
<input name="group" id="group" value="{tmpl_var name='group'}" size="40" maxlength="255" type="text" class="textInput" /> <input name="group" id="group" value="{tmpl_var name='group'}" size="40" maxlength="255" type="text" class="textInput" />
</div> </div>
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="php_open_basedir">{tmpl_var name='php_open_basedir_txt'}</label>
<input name="php_open_basedir" id="php_open_basedir" value="{tmpl_var name='php_open_basedir'}" size="40" maxlength="255" type="text" class="textInput" />
</div>
<div class="ctrlHolder">
<label for="htaccess_allow_override">{tmpl_var name='htaccess_allow_override_txt'}</label>
<input name="htaccess_allow_override" id="htaccess_allow_override" value="{tmpl_var name='htaccess_allow_override'}" size="40" maxlength="255" type="text" class="textInput" />
</div>
<div class="ctrlHolder">
<label for="apps_vhost_port">{tmpl_var name='apps_vhost_port_txt'}</label> <label for="apps_vhost_port">{tmpl_var name='apps_vhost_port_txt'}</label>
<input name="apps_vhost_port" id="apps_vhost_port" value="{tmpl_var name='apps_vhost_port'}" size="40" maxlength="255" type="text" class="textInput" /> <input name="apps_vhost_port" id="apps_vhost_port" value="{tmpl_var name='apps_vhost_port'}" size="40" maxlength="255" type="text" class="textInput" />
</div> </div>
......
...@@ -403,7 +403,18 @@ $form["tabs"]['advanced'] = array ( ...@@ -403,7 +403,18 @@ $form["tabs"]['advanced'] = array (
'datatype' => 'VARCHAR', 'datatype' => 'VARCHAR',
'formtype' => 'TEXT', 'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'documentroot_error_empty'), 'errmsg'=> 'allow_override_error_empty'),
),
'default' => 'All',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'php_open_basedir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'php_open_basedir_error_empty'),
), ),
'default' => 'All', 'default' => 'All',
'value' => '', 'value' => '',
......
...@@ -19,7 +19,11 @@ ...@@ -19,7 +19,11 @@
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="allow_override">{tmpl_var name='allow_override_txt'}</label> <label for="allow_override">{tmpl_var name='allow_override_txt'}</label>
<input name="allow_override" id="allow_override" value="{tmpl_var name='allow_override'}" size="30" maxlength="255" type="text" class="textInput" /> <input name="allow_override" id="allow_override" value="{tmpl_var name='allow_override'}" size="30" maxlength="255" type="text" class="textInput" />
</div </div>
<div class="ctrlHolder">
<label for="php_open_basedir">{tmpl_var name='php_open_basedir_txt'}</label>
<input name="php_open_basedir" id="php_open_basedir" value="{tmpl_var name='php_open_basedir'}" size="30" maxlength="255" type="text" class="textInput" />
</div>
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="apache_directives">{tmpl_var name='apache_directives_txt'}</label> <label for="apache_directives">{tmpl_var name='apache_directives_txt'}</label>
<textarea name="apache_directives" id="apache_directives" rows='10' cols='30'>{tmpl_var name='apache_directives'}</textarea> <textarea name="apache_directives" id="apache_directives" rows='10' cols='30'>{tmpl_var name='apache_directives'}</textarea>
......
...@@ -293,11 +293,13 @@ class page_action extends tform_actions { ...@@ -293,11 +293,13 @@ class page_action extends tform_actions {
} }
// Set the values for document_root, system_user and system_group // Set the values for document_root, system_user and system_group
$system_user = 'web'.$this->id; $system_user = $app->db->quote('web'.$this->id);
$system_group = 'client'.$client_id; $system_group = $app->db->quote('client'.$client_id);
$document_root = str_replace("[client_id]",$client_id,$document_root); $document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
$php_open_basedir = $app->db->quote(str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]));
$htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);
$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id; $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
$app->db->query($sql); $app->db->query($sql);
} }
...@@ -372,9 +374,9 @@ class page_action extends tform_actions { ...@@ -372,9 +374,9 @@ class page_action extends tform_actions {
if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["client_group_id"]) { if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["client_group_id"]) {
// Set the values for document_root, system_user and system_group // Set the values for document_root, system_user and system_group
$system_user = 'web'.$this->id; $system_user = $app->db->quote('web'.$this->id);
$system_group = 'client'.$client_id; $system_group = $app->db->quote('client'.$client_id);
$document_root = str_replace("[client_id]",$client_id,$document_root); $document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id; $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
//$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group' WHERE domain_id = ".$this->id; //$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group' WHERE domain_id = ".$this->id;
...@@ -393,6 +395,17 @@ class page_action extends tform_actions { ...@@ -393,6 +395,17 @@ class page_action extends tform_actions {
unset($subdomain); unset($subdomain);
} }
//* Set allow_override and php_open_basedir if empty
if($web_rec['allow_override'] == '') {
$sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$this->id;
$app->db->query($sql);
}
if($web_rec['php_open_basedir'] == '') {
$php_open_basedir = $app->db->quote(str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]));
$sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
$app->db->query($sql);
}
} }
function onAfterDelete() { function onAfterDelete() {
......
...@@ -2,6 +2,6 @@ ...@@ -2,6 +2,6 @@
exec <tmpl_var name='php_cgi_bin'> \ exec <tmpl_var name='php_cgi_bin'> \
-d open_basedir=<tmpl_var name='open_basedir'> \ -d open_basedir=<tmpl_var name='open_basedir'> \
-d upload_tmp_dir=<tmpl_var name='open_basedir'>/tmp \ -d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
-d session.save_path=<tmpl_var name='open_basedir'>/tmp -d session.save_path=<tmpl_var name='document_root'>/tmp
# -d safe_mode=${SAFE_MODE} # -d safe_mode=${SAFE_MODE}
\ No newline at end of file
...@@ -10,7 +10,7 @@ export PHP_DOCUMENT_ROOT ...@@ -10,7 +10,7 @@ export PHP_DOCUMENT_ROOT
PHP_FCGI_MAX_REQUESTS=<tmpl_var name='php_fcgi_max_requests'> PHP_FCGI_MAX_REQUESTS=<tmpl_var name='php_fcgi_max_requests'>
export PHP_FCGI_MAX_REQUESTS export PHP_FCGI_MAX_REQUESTS
exec <tmpl_var name='php_fcgi_bin'> \ exec <tmpl_var name='php_fcgi_bin'> \
<tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='document_root'>:/usr/share/php5:/tmp:/usr/share/phpmyadmin" \ <tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='open_basedir'>" \
-d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \ -d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
-d session.save_path=<tmpl_var name='document_root'>/tmp \ -d session.save_path=<tmpl_var name='document_root'>/tmp \
</tmpl_if> $1 </tmpl_if> $1
\ No newline at end of file
...@@ -96,7 +96,7 @@ ...@@ -96,7 +96,7 @@
php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
php_admin_value session.save_path <tmpl_var name='document_root'>/tmp php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'> <tmpl_if name='security_level' op='==' value='20'>
php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if> </tmpl_if>
</tmpl_if> </tmpl_if>
<tmpl_if name='php' op='==' value='suphp'> <tmpl_if name='php' op='==' value='suphp'>
...@@ -257,7 +257,7 @@ ...@@ -257,7 +257,7 @@
php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
php_admin_value session.save_path <tmpl_var name='document_root'>/tmp php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'> <tmpl_if name='security_level' op='==' value='20'>
php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if> </tmpl_if>
</tmpl_if> </tmpl_if>
<tmpl_if name='php' op='==' value='suphp'> <tmpl_if name='php' op='==' value='suphp'>
......
...@@ -555,6 +555,7 @@ class apache2_plugin { ...@@ -555,6 +555,7 @@ class apache2_plugin {
$vhost_data["web_basedir"] = $web_config["website_basedir"]; $vhost_data["web_basedir"] = $web_config["website_basedir"];
$vhost_data["security_level"] = $web_config["security_level"]; $vhost_data["security_level"] = $web_config["security_level"];
$vhost_data["allow_override"] = ($data["new"]["allow_override"] == '')?'All':$data["new"]["allow_override"]; $vhost_data["allow_override"] = ($data["new"]["allow_override"] == '')?'All':$data["new"]["allow_override"];
$vhost_data["php_open_basedir"] = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
// Check if a SSL cert exists // Check if a SSL cert exists
$ssl_dir = $data["new"]["document_root"]."/ssl"; $ssl_dir = $data["new"]["document_root"]."/ssl";
...@@ -706,12 +707,15 @@ class apache2_plugin { ...@@ -706,12 +707,15 @@ class apache2_plugin {
$fcgi_tpl = new tpl(); $fcgi_tpl = new tpl();
$fcgi_tpl->newTemplate("php-fcgi-starter.master"); $fcgi_tpl->newTemplate("php-fcgi-starter.master");
$fcgi_tpl->setVar('php_ini_path',$fastcgi_config["fastcgi_phpini_path"]); $fcgi_tpl->setVar('php_ini_path',escapeshellcmd($fastcgi_config["fastcgi_phpini_path"]));
$fcgi_tpl->setVar('document_root',$data["new"]["document_root"]); $fcgi_tpl->setVar('document_root',escapeshellcmd($data["new"]["document_root"]));
$fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]); $fcgi_tpl->setVar('php_fcgi_children',escapeshellcmd($fastcgi_config["fastcgi_children"]));
$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]); $fcgi_tpl->setVar('php_fcgi_max_requests',escapeshellcmd($fastcgi_config["fastcgi_max_requests"]));
$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]); $fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($fastcgi_config["fastcgi_bin"]));
$fcgi_tpl->setVar('security_level',$web_config["security_level"]); $fcgi_tpl->setVar('security_level',intval($web_config["security_level"]));
$php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
$cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));
$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]); $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
file_put_contents($fcgi_starter_script,$fcgi_tpl->grab()); file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
...@@ -759,7 +763,10 @@ class apache2_plugin { ...@@ -759,7 +763,10 @@ class apache2_plugin {
$cgi_tpl->newTemplate("php-cgi-starter.master"); $cgi_tpl->newTemplate("php-cgi-starter.master");
// This works, because php "rewrites" a symlink to the physical path // This works, because php "rewrites" a symlink to the physical path
$cgi_tpl->setVar('open_basedir', $data["new"]["document_root"]); $php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
$cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));
$cgi_tpl->setVar('document_root', escapeshellcmd($data["new"]["document_root"]));
// This will NOT work! // This will NOT work!
//$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]); //$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]);
$cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]); $cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment