diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index b9c05623838ebb5c46eab91f84fa6824e6f7ede7..919f8d480135128ac942da3edae51bc71f2853d4 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -144,7 +144,7 @@ ALTER TABLE `directive_snippets` ADD `required_php_snippets` VARCHAR(255) NOT NU
ALTER TABLE `dns_rr` CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
ALTER TABLE `dns_soa` CHANGE `minimum` `minimum` INT(11) UNSIGNED NOT NULL DEFAULT '3600', CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
ALTER TABLE `client` CHANGE `web_php_options` `web_php_options` VARCHAR(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm';
-ALTER TABLE `web_domain` ADD COLUMN `enable_pagespeed` ENUM('y','n') NULL DEFAULT 'n' AFTER `directive_snippets_id`;
+ALTER TABLE `web_domain` ADD COLUMN `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n' AFTER `directive_snippets_id`;
ALTER TABLE openvz_template ADD COLUMN `features` varchar(255) DEFAULT NULL AFTER `capability`;
ALTER TABLE openvz_vm ADD COLUMN `features` TEXT DEFAULT NULL AFTER `capability`;
@@ -165,3 +165,4 @@ CREATE TABLE `server_ip_map` (
PRIMARY KEY (`server_ip_map_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+ALTER TABLE `web_domain` ADD COLUMN `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n' AFTER `seo_redirect`;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index a55ff21c64f7ff7d0457e7b1f2af94b5783c91af..df45246e64a1b01e64b2b777d1e31ae87488a794 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1884,6 +1884,7 @@ CREATE TABLE `web_domain` (
`redirect_type` varchar(255) default NULL,
`redirect_path` varchar(255) default NULL,
`seo_redirect` varchar(255) default NULL,
+ `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n',
`ssl` enum('n','y') NOT NULL default 'n',
`ssl_state` varchar(255) NULL,
`ssl_locality` varchar(255) NULL,
@@ -1924,7 +1925,7 @@ CREATE TABLE `web_domain` (
`added_date` date NOT NULL DEFAULT '0000-00-00',
`added_by` varchar(255) DEFAULT NULL,
`directive_snippets_id` int(11) unsigned NOT NULL default '0',
- `enable_pagespeed` ENUM('y','n') NULL DEFAULT 'n',
+ `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n',
`http_port` int(11) unsigned NOT NULL DEFAULT '80',
`https_port` int(11) unsigned NOT NULL DEFAULT '443',
PRIMARY KEY (`domain_id`),
diff --git a/install/tpl/authmysqlrc.master b/install/tpl/authmysqlrc.master
index 214c40f82c337710388f217ba9c5354833846d98..c35aca82f8183ef92c7d5755d6c48ec0c88cc9b7 100644
--- a/install/tpl/authmysqlrc.master
+++ b/install/tpl/authmysqlrc.master
@@ -16,4 +16,4 @@ MYSQL_QUOTA_FIELD quota
#MYSQL_QUOTA_FIELD concat(quota,'S')
#MYSQL_WHERE_CLAUSE access='y'
#MYSQL_AUXOPTIONS_FIELD concat('disableimap=',disableimap,',disablepop3=',disablepop3)
-MYSQL_AUXOPTIONS_FIELD concat('disableimap=',(replace(disableimap,'y',1)),',','disablepop3=',(replace(disablepop3,'y',1)))
+MYSQL_AUXOPTIONS_FIELD concat('disableimap=', if(disableimap = 'y', 1, 0), ',', 'disablepop3=', if(disablepop3 = 'y', 1, 0))
\ No newline at end of file
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index e281c032db662aa1ee63f30d6bb1a52625d9b8dd..4c977572267277c6add039dd5f0b282446ad26ea 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -222,6 +222,56 @@ class auth {
$salt.="$";
return crypt($cleartext_password, $salt);
}
+
+ public function csrf_token_get($form_name) {
+ /* CSRF PROTECTION */
+ // generate csrf protection id and key
+ $_csrf_id = uniqid($form_name . '_'); // form id
+ $_csrf_key = sha1(uniqid(microtime(true), true)); // the key
+ if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
+ if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
+ $_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+
+ return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
+ }
+
+ public function csrf_token_check() {
+ global $app;
+
+ if(isset($_POST) && is_array($_POST)) {
+ $_csrf_valid = false;
+ if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
+ $_csrf_id = trim($_POST['_csrf_id']);
+ $_csrf_key = trim($_POST['_csrf_key']);
+ if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
+ if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
+ }
+ }
+ if($_csrf_valid !== true) {
+ $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+ $app->error($app->lng('err_csrf_attempt_blocked'));
+ }
+ $_SESSION['_csrf'][$_csrf_id] = null;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = null;
+ unset($_SESSION['_csrf'][$_csrf_id]);
+ unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+
+ if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
+ $to_unset = array();
+ foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
+ if($timeout < time()) $to_unset[] = $_csrf_id;
+ }
+ foreach($to_unset as $_csrf_id) {
+ $_SESSION['_csrf'][$_csrf_id] = null;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = null;
+ unset($_SESSION['_csrf'][$_csrf_id]);
+ unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+ }
+ unset($to_unset);
+ }
+ }
+ }
}
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 104217db57eb7ff99fd91a38143cd8627b134ff5..784e96a448fe49f2407987cb2f080480edc717cf 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -416,12 +416,10 @@ class tform_base {
/* CSRF PROTECTION */
// generate csrf protection id and key
- $_csrf_id = uniqid($this->formDef['name'] . '_');
- $_csrf_value = sha1(uniqid(microtime(true), true));
- if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
- if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
- $_SESSION['_csrf'][$_csrf_id] = $_csrf_value;
- $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+ $csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
+ $_csrf_id = $csrf_token['csrf_id'];
+ $_csrf_value = $csrf_token['csrf_key'];
+
$this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
@@ -714,10 +712,6 @@ class tform_base {
unset($_POST);
unset($record);
}
- $_SESSION['_csrf'][$_csrf_id] = null;
- $_SESSION['_csrf_timeout'][$_csrf_id] = null;
- unset($_SESSION['_csrf'][$_csrf_id]);
- unset($_SESSION['_csrf_timeout'][$_csrf_id]);
if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
$to_unset = array();
diff --git a/interface/lib/lang/de.lng b/interface/lib/lang/de.lng
index 1fc1152558a023be746430c57791445239ace5c2..fb35c30bda012869f3cc84b1f69cd7a1a5adfb4e 100644
--- a/interface/lib/lang/de.lng
+++ b/interface/lib/lang/de.lng
@@ -43,6 +43,7 @@ $wb['top_menu_dashboard'] = 'Ãœbersicht';
$wb['latest_news_txt'] = 'Neuigkeiten';
$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['top_menu_vm'] = 'vServer';
+$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['daynamesmin_su'] = 'So';
$wb['daynamesmin_mo'] = 'Mo';
$wb['daynamesmin_tu'] = 'Di';
diff --git a/interface/web/admin/language_add.php b/interface/web/admin/language_add.php
index 8c488c34c97618ca2c23f9bb0948f00645157906..f58a2db16dbb6ce159149a8a6e17e86e9a7b6ddc 100644
--- a/interface/web/admin/language_add.php
+++ b/interface/web/admin/language_add.php
@@ -65,6 +65,10 @@ $app->tpl->setVar('language_option', $language_option);
$app->tpl->setVar('error', $error);
if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$lng_new = $_POST['lng_new'];
if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.');
@@ -94,6 +98,11 @@ if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_add');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng';
include $lng_file;
diff --git a/interface/web/admin/language_complete.php b/interface/web/admin/language_complete.php
index d8f4bbda8616a57a8ce563564e6be70a0aaa90a0..d28e89aa2576ee51d8b6e41030c10fdbded2c3c4 100644
--- a/interface/web/admin/language_complete.php
+++ b/interface/web/admin/language_complete.php
@@ -67,6 +67,9 @@ $app->tpl->setVar('error', $error);
// Export the language file
if(isset($_POST['lng_select']) && $error == '') {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
// complete the global langauge file
merge_langfile(ISPC_LIB_PATH."/lang/".$selected_language.".lng", ISPC_LIB_PATH."/lang/en.lng");
@@ -157,6 +160,11 @@ function merge_langfile($langfile, $masterfile) {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_merge');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng';
include $lng_file;
diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index 7d83b9bb7479dc1276f912d933dd68210b768aef..c94a5eb2804ed1ef0323a960d49ef58e2c621f5e 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -55,6 +55,10 @@ $msg = '';
//* Save data
if(isset($_POST['records']) && is_array($_POST['records'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$file_content = "<?php\n";
foreach($_POST['records'] as $key => $val) {
$val = stripslashes($val);
@@ -93,6 +97,11 @@ if(isset($wb) && is_array($wb)) {
unset($wb);
}
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_edit');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';
diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index d53575ba26d456e073dd06fdc7d417f7a2537ac0..00d105cc67e7b8260703361971b4bfefb732bd9f 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -129,6 +129,10 @@ $error = '';
// Export the language file
if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$lines = file($_FILES['file']['tmp_name']);
// initial check
$parts = explode('|', $lines[0]);
@@ -183,6 +187,11 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
include $lng_file;
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 263400665873c71a00137bcfb8d2e8d423e7bd5a..f22661e1d47282215c4921f04241f7bfe9407154 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -66,6 +66,10 @@ $msg = '';
//* Note: Disabled post action
if (1 == 0 && isset($_POST['server_select'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -88,6 +92,11 @@ if (1 == 0 && isset($_POST['server_select'])) {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar($wb);
$app->tpl_defaults();
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 8f48e29f2d472d6937c37e73af54237c3f0f8bd3..5e73cdfd0f874bccc5d3ee780112ea56113cff35 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -62,6 +62,10 @@ $msg = '';
* If the user wants to do the action, write this to our db
*/
if (isset($_POST['server_select'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -84,6 +88,11 @@ if (isset($_POST['server_select'])) {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('osupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar($wb);
$app->tpl_defaults();
diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index d64b6dd7dbae3b45eeb9c7133268c4689d9c9889..4c03e7ee431ef77f8358bfee0b98d1b59048f49b 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -93,10 +93,14 @@ class page_action extends tform_actions {
}
}
- $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
- $server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+ if($app->tform->errorMessage == '') {
+ $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
+ $server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+ $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+ } else {
+ $app->error('Security breach!');
+ }
}
}
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 0e3bd2e9fec9f0885eac5b11baf5fd949266534c..eb8bcdbae244e1e5a93958cd2a3f8cabf042ffb6 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -51,7 +51,10 @@ $error = '';
//* Save data
if(isset($_POST) && count($_POST) > 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
//* Check values
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
@@ -161,6 +164,11 @@ if(!empty($field_names) && is_array($field_names)){
}
$app->tpl->setVar('message_variables', trim($message_variables));
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar('okmsg', $msg);
$app->tpl->setVar('error', $error);
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 198245b29315a69218356c82b316da67c4a2b5a0..18002593dffb2561c8fb58606b900957504bb2dd 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -197,7 +197,10 @@ if ($domains_settings['use_domain_module'] == 'y') {
}
if($_POST['create'] == 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$error = '';
if ($post_server_id)
@@ -430,6 +433,11 @@ if($_POST['create'] == 1) {
$app->tpl->setVar("title", 'DNS Wizard');
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index b457be7bdd66e1b2af4b778a7a6ebabb8fe7c22a..d232f125574b44e4c4d6363b07928d5d7b3c38e3 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -400,6 +400,15 @@ $form["tabs"]['redirect'] = array (
'width' => '30',
'maxlength' => '255'
),
+ 'rewrite_to_https' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'n',
+ 'value' => array (
+ 0 => 'n',
+ 1 => 'y'
+ )
+ ),
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/sites/lib/lang/ar_shell_user.lng b/interface/web/sites/lib/lang/ar_shell_user.lng
index 0b274d33aa34dc0c3e0b4f4ed4c688ea39bf9672..eac85fd35b33884f45c66e07e3c16a728b3e35c1 100644
--- a/interface/web/sites/lib/lang/ar_shell_user.lng
+++ b/interface/web/sites/lib/lang/ar_shell_user.lng
@@ -1,6 +1,6 @@
<?php
$wb['shell_txt'] = 'Shell';
-$wb['dir_txt'] = 'Dir';
+$wb['dir_txt'] = 'Base Dir';
$wb['server_id_txt'] = 'Server';
$wb['parent_domain_id_txt'] = 'Site';
$wb['username_txt'] = 'Username';
diff --git a/interface/web/sites/lib/lang/de_shell_user.lng b/interface/web/sites/lib/lang/de_shell_user.lng
index 4ae442cf6451010805029f6f486cfcbf4c78fa41..9130b456e345e32b661ff72b78b8d39d7a217a49 100644
--- a/interface/web/sites/lib/lang/de_shell_user.lng
+++ b/interface/web/sites/lib/lang/de_shell_user.lng
@@ -1,6 +1,6 @@
<?php
$wb['shell_txt'] = 'Shell';
-$wb['dir_txt'] = 'Verzeichnis';
+$wb['dir_txt'] = 'Basis Verzeichnis';
$wb['server_id_txt'] = 'Server';
$wb['parent_domain_id_txt'] = 'Webseite';
$wb['username_txt'] = 'Benutzername';
diff --git a/interface/web/sites/lib/lang/en_shell_user.lng b/interface/web/sites/lib/lang/en_shell_user.lng
index 66d33678fbd6e218bc14102c8a6ec6cd94db2a91..1b605b5702ac118d3a177f3a1080a045b2747ae6 100644
--- a/interface/web/sites/lib/lang/en_shell_user.lng
+++ b/interface/web/sites/lib/lang/en_shell_user.lng
@@ -2,7 +2,7 @@
$wb['puser_txt'] = "Web Username";
$wb['pgroup_txt'] = "Web Group";
$wb['shell_txt'] = "Shell";
-$wb['dir_txt'] = "Dir";
+$wb['dir_txt'] = "Base Dir";
$wb['server_id_txt'] = "Server";
$wb['parent_domain_id_txt'] = "Site";
$wb['username_txt'] = "Username";
diff --git a/interface/web/sites/templates/web_vhost_domain_redirect.htm b/interface/web/sites/templates/web_vhost_domain_redirect.htm
index 1bdcf006e5727ab689b8ad5c958038ba38b7eee5..06cc8a136e6402903b675f90d42174020bc24c48 100644
--- a/interface/web/sites/templates/web_vhost_domain_redirect.htm
+++ b/interface/web/sites/templates/web_vhost_domain_redirect.htm
@@ -33,6 +33,12 @@
<label for="rewrite_rules" class="col-sm-3 control-label">{tmpl_var name='rewrite_rules_txt'}</label>
<div class="col-sm-9"><textarea class="form-control" name="rewrite_rules" id="rewrite_rules" rows='10' cols='50'>{tmpl_var name='rewrite_rules'}</textarea></div> <b>{tmpl_var name="allowed_rewrite_rule_directives_txt"}</b><br><br> break<br> if<br> return<br> rewrite<br> set<br><br> <a href="http://wiki.nginx.org/HttpRewriteModule" target="_blank">http://wiki.nginx.org/HttpRewriteModule</a>
</div>
+ <div class="form-group">
+ <label class="col-sm-3 control-label">{tmpl_var name='rewrite_to_https_txt'}</label>
+ <div class="col-sm-9">
+ {tmpl_var name="rewrite_to_https"}
+ </div>
+ </div>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/themes/default/templates/form.tpl.htm b/interface/web/themes/default/templates/form.tpl.htm
index 429bfd9f2497cae91ebd8b996f6897c6950ee1c0..a2d3dfc447d43d14180166cd5476257c44abb774 100644
--- a/interface/web/themes/default/templates/form.tpl.htm
+++ b/interface/web/themes/default/templates/form.tpl.htm
@@ -1 +1,3 @@
-<tmpl_dyninclude name="content_tpl">
\ No newline at end of file
+<tmpl_dyninclude name="content_tpl">
+<input type="hidden" name="_csrf_id" value="{tmpl_var name='_csrf_id'}" />
+<input type="hidden" name="_csrf_key" value="{tmpl_var name='_csrf_key'}" />
\ No newline at end of file
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index b81a83bdec6277f32bcf5842312a49842fea5ac3..849a097680f74a6f7bd68584340f3fc4c76fa1f0 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -45,6 +45,9 @@ $error = '';
// Resyncing dns zones
if(isset($_POST['start']) && $_POST['start'] == 1) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
//* Set variable sin template
$app->tpl->setVar('dbhost', $_POST['dbhost']);
@@ -181,6 +184,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php
index 0998d1840ef049e43116858636089f0cec814ccd..efcf022506e91230df23b9e3c668f32c74c81c75 100644
--- a/interface/web/tools/import_ispconfig.php
+++ b/interface/web/tools/import_ispconfig.php
@@ -49,6 +49,10 @@ include $lng_file;
$app->tpl->setVar($wb);
if(isset($_POST['connected'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$connected = $app->functions->intval($_POST['connected']);
if($connected == 0) {
@@ -133,6 +137,11 @@ $app->tpl->setVar('remote_session_id', $remote_session_id);
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispconfig_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 2ae778493d2ef7acefa49a64a9ed606cb42b0fbe..8425a12c42397852ccecdca73c92b6d23b01d43d 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -379,6 +379,10 @@ class page_action extends tform_actions {
}
}
+ $csrf_token = $app->auth->csrf_token_get('tools_resync');
+ $app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+ $app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
+
parent::onShowEnd();
}
@@ -429,7 +433,12 @@ class page_action extends tform_actions {
function onSubmit() {
global $app;
-
+
+ if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+ }
+
//* all services
if($this->dataRecord['resync_all'] == 1) {
$this->dataRecord['resync_sites'] = 1;
diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 757f55e8b63d3006016a6aea1395767fbf60bca8..4b429eb44d5cdd889a0f79f5b564e53eb89deb1a 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,6 +17,10 @@ $notify_msg = '';
if($vm_id == 0) die('Invalid VM ID');
+if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+}
$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
$veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']);
@@ -112,6 +116,11 @@ if($action == 'show') {
$app->tpl->setVar($options);
$app->tpl->setVar('error', $error_msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('openvz_action');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 040af2151e3e35aab3226872f85d741ec03a2c05..4a775cec255bde0ee1b3979be01fc5b530b0ab32 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -33,6 +33,13 @@ server {
rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
}
</tmpl_loop>
+<tmpl_if name='ssl_enabled'>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+ if ($scheme != "https") {
+ rewrite ^ https://$http_host$request_uri? permanent;
+ }
+</tmpl_if>
+</tmpl_if>
<tmpl_loop name="own_redirects">
<tmpl_if name='use_rewrite'>
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index 279cbc52f1f4ca181ca2c6d4cc7f1254a6babb3f..bdfc761fdac5a093dba5601c33d2c931589c0b56 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -412,6 +412,12 @@
RewriteRule ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
</tmpl_loop>
+<tmpl_if name='ssl_enabled'>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+</tmpl_if>
+</tmpl_if>
</tmpl_if>
# add support for apache mpm_itk
diff --git a/server/cron.sh b/server/cron.sh
index 3670e68d463318742b1d73c132a4909feff23aab..98f0ddfd30d4443382e0b77a5d1a9145bb503544 100644
--- a/server/cron.sh
+++ b/server/cron.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
diff --git a/server/lib/classes/cron.d/150-awstats.inc.php b/server/lib/classes/cron.d/150-awstats.inc.php
index ea0c64f67a6de621b3b1482803e49394233c92bc..2d281c7d39acdaee7c736522fc81792e2754de65 100644
--- a/server/lib/classes/cron.d/150-awstats.inc.php
+++ b/server/lib/classes/cron.d/150-awstats.inc.php
@@ -117,6 +117,10 @@ class cronjob_awstats extends cronjob {
}
if(!@is_dir($statsdir)) mkdir($statsdir);
+ $username = escapeshellcmd($rec['system_user']);
+ $groupname = escapeshellcmd($rec['system_group']);
+ chown($statsdir, $username);
+ chgrp($statsdir, $groupname);
if(is_link('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log')) unlink('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log');
symlink($logfile, '/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log');
@@ -174,6 +178,7 @@ class cronjob_awstats extends cronjob {
chgrp($rec['document_root']."/".$web_folder."/stats/index.php", $rec['system_group']);
}
+ exec('chown -R '.$username.':'.$groupname.' '.$statsdir);
}
diff --git a/server/lib/classes/cron.d/150-webalizer.inc.php b/server/lib/classes/cron.d/150-webalizer.inc.php
index b85000320059ce4da949f7c640dcf584c485a107..0ae05dd6823e3d6762360957f9e7859244a92070 100644
--- a/server/lib/classes/cron.d/150-webalizer.inc.php
+++ b/server/lib/classes/cron.d/150-webalizer.inc.php
@@ -79,7 +79,7 @@ class cronjob_webalizer extends cronjob {
}
- $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";
+ $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id, system_user, system_group FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";
$records = $app->db->queryAllRecords($sql, $conf['server_id']);
foreach($records as $rec) {
@@ -122,7 +122,13 @@ class cronjob_webalizer extends cronjob {
if(!@is_dir($statsdir)) mkdir($statsdir);
+ $username = escapeshellcmd($rec['system_user']);
+ $groupname = escapeshellcmd($rec['system_group']);
+ chown($statsdir, $username);
+ chgrp($statsdir, $groupname);
exec("$webalizer -c $webalizer_conf -n $domain -s $domain -r $domain -q -T -p -o $statsdir $logfile");
+
+ exec('chown -R '.$username.':'.$groupname.' '.$statsdir);
}
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index b2f211570e8cc89ba29f6b1439231f70db92aa90..4bacf07e762a55ede48716cc3297a35c30c610bd 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -650,6 +650,7 @@ class apache2_plugin {
if(!is_dir($data['new']['document_root'].'/' . $web_folder)) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder);
if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/error');
+ if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/stats');
//if(!is_dir($data['new']['document_root'].'/'.$log_folder)) exec('mkdir -p '.$data['new']['document_root'].'/'.$log_folder);
if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
@@ -771,27 +772,31 @@ class apache2_plugin {
}
if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2))) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
if(is_file($conf['rootpath'] . '/conf-custom/index/favicon.ico')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
}
if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
}
if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
}
- }
- else {
+ } else {
if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
- }
- else {
- exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
- if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
- if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
- if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+ } else {
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+ if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')){
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ }
+ if(is_file($conf['rootpath'] . '/conf/index/robots.txt')){
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ }
+ if(is_file($conf['rootpath'] . '/conf/index/.htaccess')){
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ }
}
}
exec('chmod -R a+r '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 24c46baeb6c275c5efd0b1b4b68ca148fa27cb67..9ce9de83f015d1e731206eec0510caaf122c704e 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -531,6 +531,7 @@ class nginx_plugin {
if(!is_dir($data['new']['document_root'].'/' . $web_folder)) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder);
if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/error');
+ if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/stats');
//if(!is_dir($data['new']['document_root'].'/'.$log_folder)) exec('mkdir -p '.$data['new']['document_root'].'/'.$log_folder);
if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
@@ -652,26 +653,28 @@ class nginx_plugin {
}
if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2))) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
if(is_file($conf['rootpath'] . '/conf-custom/index/favicon.ico')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
}
if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
}
//if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {
// exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
//}
- }
- else {
+ } else {
if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {
- exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
- }
- else {
- exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
- if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
- if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+ } else {
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+ if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')){
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ }
+ if(is_file($conf['rootpath'] . '/conf/index/robots.txt')){
+ if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+ }
//if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
}
}
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index a0ae9a51f1eec6e3fb54a115627cb34a72ec3aef..d66428b78195c15b246310cecfac2e8b87013b03 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -237,7 +237,7 @@ class shelluser_base_plugin {
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
}
$app->file->mkdirs(escapeshellcmd($homedir), '0750');
- $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['username']));
+ $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
$app->system->web_folder_protection($web['document_root'], true);
} else {
@@ -407,6 +407,12 @@ class shelluser_base_plugin {
}
$sshrsa = trim($sshrsa);
$usrdir = escapeshellcmd($this->data['new']['dir']);
+ //* Home directory of the new shell user
+ if($this->data['new']['chroot'] == 'jailkit') {
+ $usrdir = escapeshellcmd($this->data['new']['dir']);
+ } else {
+ $usrdir = escapeshellcmd($this->data['new']['dir'].'/home/'.$this->data['new']['username']);
+ }
$sshdir = $usrdir.'/.ssh';
$sshkeys= $usrdir.'/.ssh/authorized_keys';
diff --git a/server/scripts/run-getmail.sh b/server/scripts/run-getmail.sh
index 81f897a884d00e40166eda50e171c3a04b83f488..3eac5ec194033c69b9029d0df144c616b837ae08 100644
--- a/server/scripts/run-getmail.sh
+++ b/server/scripts/run-getmail.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
set -e
cd /etc/getmail
diff --git a/server/server.sh b/server/server.sh
index 2d05d4f0fd4a3e3720ed3a47e535cac407d30423..9c92a868b0532d07eb224e50da7cc07fc538b620 100755
--- a/server/server.sh
+++ b/server/server.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin