ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Cramer
2013-10-14 d9bcf68e395d6156645a7974b1a992aa6e6c00aa 
 interface/web/sites/web_vhost_subdomain_edit.php


@@ -131,7 +131,7 @@




         // Get the limits of the client


         $client_group_id = $_SESSION["s"]["user"]["default_group"];


         $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, '(', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


         $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


         


         //* Get global web config


         $web_config = $app->getconf->get_server_config($parent_domain['server_id'], 'web');


@@ -321,7 +321,8 @@


            unset($tmp);


        }


        


      $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));


      $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");




      // Set a few fixed values


      $this->dataRecord["type"] = 'vhostsubdomain';


@@ -481,6 +482,62 @@


            $app->tform->errorMessage .= $app->tform->lng("error_php_fpm_pm_settings_txt").'<br>';


         }


      }


		


      // Check rewrite rules


      $server_type = $web_config['server_type'];


		


      if($server_type == 'nginx' && isset($this->dataRecord['rewrite_rules']) && trim($this->dataRecord['rewrite_rules']) != '') {


         $rewrite_rules = trim($this->dataRecord['rewrite_rules']);


         $rewrites_are_valid = true;


         // use this counter to make sure all curly brackets are properly closed


         $if_level = 0;


         // Make sure we only have Unix linebreaks


         $rewrite_rules = str_replace("\r\n", "\n", $rewrite_rules);


         $rewrite_rules = str_replace("\r", "\n", $rewrite_rules);


         $rewrite_rule_lines = explode("\n", $rewrite_rules);


         if(is_array($rewrite_rule_lines) && !empty($rewrite_rule_lines)){


            foreach($rewrite_rule_lines as $rewrite_rule_line){


               // ignore comments


               if(substr(ltrim($rewrite_rule_line),0,1) == '#') continue;


               // empty lines


               if(trim($rewrite_rule_line) == '') continue;


               // rewrite


               if(preg_match('@^\s*rewrite\s+(^/)?\S+(\$)?\s+\S+(\s+(last|break|redirect|permanent|))?\s*;\s*$@', $rewrite_rule_line)) continue;


               // if


               if(preg_match('@^\s*if\s+\(\s*\$\S+(\s+(\!?(=|~|~\*))\s+(\S+|\".+\"))?\s*\)\s*\{\s*$@', $rewrite_rule_line)){


                  $if_level += 1;


                  continue;


               }


               // if - check for files, directories, etc.


               if(preg_match('@^\s*if\s+\(\s*\!?-(f|d|e|x)\s+\S+\s*\)\s*\{\s*$@', $rewrite_rule_line)){


                  $if_level += 1;


                  continue;


               }


               // break


               if(preg_match('@^\s*break\s*;\s*$@', $rewrite_rule_line)){


                  continue;


               }


               // return code [ text ]


               if(preg_match('@^\s*return\s+\d\d\d.*;\s*$@', $rewrite_rule_line)) continue;


               // return code URL


               // return URL


               if(preg_match('@^\s*return(\s+\d\d\d)?\s+(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*\@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))(\:[0-9]+)*(/($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+))*\s*;\s*$@', $rewrite_rule_line)) continue;


               // set


               if(preg_match('@^\s*set\s+\$\S+\s+\S+\s*;\s*$@', $rewrite_rule_line)) continue;


               // closing curly bracket


               if(trim($rewrite_rule_line) == '}'){


                  $if_level -= 1;


                  continue;


               }


               $rewrites_are_valid = false;


               break;


            }


         }


			


         if(!$rewrites_are_valid || $if_level != 0){


            $app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';


         }


      }




      parent::onSubmit();


   }