gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 812f6e9a | patch | commit | ignore whitespace

made php open_basdir configurable per website. Added a global default for t...

tbrehm

2010-01-22 c8cf71f8d56acc757d7a9c7540215c88318f41dd

made php open_basdir configurable per website.
Added a global default for the .htaccess allow_override setting.

12 files modified

	install/sql/ispconfig3.sql	3 ●●●●● patch \| view \| raw \| blame \| history
	install/tpl/server.ini.master	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/form/server_config.tform.php	22 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/lib/lang/en_server_config.lng	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/templates/server_config_web_edit.htm	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/form/web_domain.tform.php	13 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/templates/web_domain_advanced.htm	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_domain_edit.php	27 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/php-cgi-starter.master	4 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/php-fcgi-starter.master	2 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/vhost.conf.master	4 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/apache2_plugin.inc.php	21 ●●●●● patch \| view \| raw \| blame \| history

 install/sql/ispconfig3.sql

@@ -1057,8 +1057,9 @@
  `ssl_bundle` mediumtext NULL,
  `ssl_action` varchar(16) NULL,
  `stats_password` varchar(255) default NULL,
  `allow_override` varchar(32) NOT NULL default 'All',
  `allow_override` varchar(255) NOT NULL default 'All',
  `apache_directives` text,
  `php_open_basedir` text,
  `active` enum('n','y') NOT NULL default 'y',
  PRIMARY KEY  (`domain_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1;

 install/tpl/server.ini.master

@@ -44,6 +44,8 @@
apps_vhost_port=8081
apps_vhost_ip=_default_
apps_vhost_servername=
php_open_basedir=[website_path]/web:[website_path]/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
htaccess_allow_override=All

[dns]
bind_user=root

 interface/web/admin/form/server_config.tform.php

@@ -387,6 +387,28 @@
            'width'        => '40',
            'maxlength'    => '255'
        ),
        'php_open_basedir' => array (
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',
            'default'    => '',
            'validators'    => array (     0 => array (    'type'    => 'NOTEMPTY',
                                                        'errmsg'=> 'php_open_basedir_error_empty'),
                                    ),
            'value'        => '',
            'width'        => '40',
            'maxlength'    => '255'
        ),
        'htaccess_allow_override' => array (
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',
            'default'    => '',
            'validators'    => array (     0 => array (    'type'    => 'NOTEMPTY',
                                                        'errmsg'=> 'htaccess_allow_override_error_empty'),
                                    ),
            'value'        => '',
            'width'        => '40',
            'maxlength'    => '255'
        ),
        'apps_vhost_port' => array (
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',

 interface/web/admin/lib/lang/en_server_config.lng

@@ -61,4 +61,8 @@
$wb["named_conf_local_path_error_empty"] = 'BIND named.conf.local path is empty.';
$wb["mail_filter_syntax_txt"] = 'Mailfilter Syntax';
$wb["pop3_imap_daemon_txt"] = 'POP3/IMAP Daemon';
$wb["php_open_basedir_txt"] = 'PHP open_basedir';
$wb["php_open_basedir_error_empty"] = 'PHP open_basedir is empty.';
$wb["htaccess_allow_override_txt"] = '.htaccess AllowOverride';
$wb["htaccess_allow_override_error_empty"] = '.htaccess AllowOverride is empty.';
?>

 interface/web/admin/templates/server_config_web_edit.htm

@@ -16,7 +16,7 @@
      <div class="ctrlHolder">
          <label for="website_symlinks">{tmpl_var name='website_symlinks_txt'}</label>
        <input name="website_symlinks" id="website_symlinks" value="{tmpl_var name='website_symlinks'}" size="40" maxlength="255" type="text" class="textInput" />
            </div>
      </div>
      <div class="ctrlHolder">
          <label for="vhost_conf_dir">{tmpl_var name='vhost_conf_dir_txt'}</label>
        <input name="vhost_conf_dir" id="vhost_conf_dir" value="{tmpl_var name='vhost_conf_dir'}" size="40" maxlength="255" type="text" class="textInput" />
@@ -42,6 +42,14 @@
        <input name="group" id="group" value="{tmpl_var name='group'}" size="40" maxlength="255" type="text" class="textInput" />
      </div>
      <div class="ctrlHolder">
          <label for="php_open_basedir">{tmpl_var name='php_open_basedir_txt'}</label>
        <input name="php_open_basedir" id="php_open_basedir" value="{tmpl_var name='php_open_basedir'}" size="40" maxlength="255" type="text" class="textInput" />
      </div>
      <div class="ctrlHolder">
          <label for="htaccess_allow_override">{tmpl_var name='htaccess_allow_override_txt'}</label>
        <input name="htaccess_allow_override" id="htaccess_allow_override" value="{tmpl_var name='htaccess_allow_override'}" size="40" maxlength="255" type="text" class="textInput" />
      </div>
      <div class="ctrlHolder">
          <label for="apps_vhost_port">{tmpl_var name='apps_vhost_port_txt'}</label>
        <input name="apps_vhost_port" id="apps_vhost_port" value="{tmpl_var name='apps_vhost_port'}" size="40" maxlength="255" type="text" class="textInput" />
      </div>

 interface/web/sites/form/web_domain.tform.php

@@ -403,7 +403,18 @@
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',
            'validators'    => array (     0 => array (    'type'    => 'NOTEMPTY',
                                                        'errmsg'=> 'documentroot_error_empty'),
                                                        'errmsg'=> 'allow_override_error_empty'),
                                    ),
            'default'    => 'All',
            'value'        => '',
            'width'        => '30',
            'maxlength'    => '255'
        ),
        'php_open_basedir' => array (
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',
            'validators'    => array (     0 => array (    'type'    => 'NOTEMPTY',
                                                        'errmsg'=> 'php_open_basedir_error_empty'),
                                    ),
            'default'    => 'All',
            'value'        => '',

 interface/web/sites/templates/web_domain_advanced.htm

@@ -19,7 +19,11 @@
      <div class="ctrlHolder">
          <label for="allow_override">{tmpl_var name='allow_override_txt'}</label>
        <input name="allow_override" id="allow_override" value="{tmpl_var name='allow_override'}" size="30" maxlength="255" type="text" class="textInput" />
            </div
      </div>
      <div class="ctrlHolder">
          <label for="php_open_basedir">{tmpl_var name='php_open_basedir_txt'}</label>
        <input name="php_open_basedir" id="php_open_basedir" value="{tmpl_var name='php_open_basedir'}" size="30" maxlength="255" type="text" class="textInput" />
      </div>
      <div class="ctrlHolder">
          <label for="apache_directives">{tmpl_var name='apache_directives_txt'}</label>
          <textarea name="apache_directives" id="apache_directives" rows='10' cols='30'>{tmpl_var name='apache_directives'}</textarea>

 interface/web/sites/web_domain_edit.php

@@ -293,11 +293,13 @@
        }
        
        // Set the values for document_root, system_user and system_group
        $system_user = 'web'.$this->id;
        $system_group = 'client'.$client_id;
        $document_root = str_replace("[client_id]",$client_id,$document_root);
        $system_user = $app->db->quote('web'.$this->id);
        $system_group = $app->db->quote('client'.$client_id);
        $document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
        $php_open_basedir = $app->db->quote(str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]));
        $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);
        
        $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
        $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$this->id;
        $app->db->query($sql);
    }
    
@@ -372,9 +374,9 @@
        
        if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) &&  isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["client_group_id"]) {
            // Set the values for document_root, system_user and system_group
            $system_user = 'web'.$this->id;
            $system_group = 'client'.$client_id;
            $document_root = str_replace("[client_id]",$client_id,$document_root);
            $system_user = $app->db->quote('web'.$this->id);
            $system_group = $app->db->quote('client'.$client_id);
            $document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
        
            $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
            //$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group' WHERE domain_id = ".$this->id;
@@ -393,6 +395,17 @@
            unset($subdomain);
        }
        
        //* Set allow_override and php_open_basedir if empty
        if($web_rec['allow_override'] == '') {
            $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$this->id;
            $app->db->query($sql);
        }
        if($web_rec['php_open_basedir'] == '') {
            $php_open_basedir = $app->db->quote(str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]));
            $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
            $app->db->query($sql);
        }
		
    }
    
    function onAfterDelete() {

 server/conf/php-cgi-starter.master

@@ -2,6 +2,6 @@

exec <tmpl_var name='php_cgi_bin'> \
-d open_basedir=<tmpl_var name='open_basedir'> \
-d upload_tmp_dir=<tmpl_var name='open_basedir'>/tmp \
-d session.save_path=<tmpl_var name='open_basedir'>/tmp
-d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
-d session.save_path=<tmpl_var name='document_root'>/tmp
# -d safe_mode=${SAFE_MODE}

 server/conf/php-fcgi-starter.master

@@ -10,7 +10,7 @@
PHP_FCGI_MAX_REQUESTS=<tmpl_var name='php_fcgi_max_requests'>
export PHP_FCGI_MAX_REQUESTS
exec <tmpl_var name='php_fcgi_bin'> \
<tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='document_root'>:/usr/share/php5:/tmp:/usr/share/phpmyadmin" \
<tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='open_basedir'>" \
-d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
-d session.save_path=<tmpl_var name='document_root'>/tmp \
</tmpl_if> $1

 server/conf/vhost.conf.master

@@ -96,7 +96,7 @@
    php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
    php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
    php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
@@ -257,7 +257,7 @@
    php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
    php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
    php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>

 server/plugins-available/apache2_plugin.inc.php

@@ -555,6 +555,7 @@
        $vhost_data["web_basedir"] = $web_config["website_basedir"];
        $vhost_data["security_level"] = $web_config["security_level"];
        $vhost_data["allow_override"] = ($data["new"]["allow_override"] == '')?'All':$data["new"]["allow_override"];
        $vhost_data["php_open_basedir"] = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
        
        // Check if a SSL cert exists
        $ssl_dir = $data["new"]["document_root"]."/ssl";
@@ -706,12 +707,15 @@
            $fcgi_tpl = new tpl();
            $fcgi_tpl->newTemplate("php-fcgi-starter.master");
                
            $fcgi_tpl->setVar('php_ini_path',$fastcgi_config["fastcgi_phpini_path"]);
            $fcgi_tpl->setVar('document_root',$data["new"]["document_root"]);
            $fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]);
            $fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
            $fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
            $fcgi_tpl->setVar('security_level',$web_config["security_level"]);
            $fcgi_tpl->setVar('php_ini_path',escapeshellcmd($fastcgi_config["fastcgi_phpini_path"]));
            $fcgi_tpl->setVar('document_root',escapeshellcmd($data["new"]["document_root"]));
            $fcgi_tpl->setVar('php_fcgi_children',escapeshellcmd($fastcgi_config["fastcgi_children"]));
            $fcgi_tpl->setVar('php_fcgi_max_requests',escapeshellcmd($fastcgi_config["fastcgi_max_requests"]));
            $fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($fastcgi_config["fastcgi_bin"]));
            $fcgi_tpl->setVar('security_level',intval($web_config["security_level"]));
			
            $php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
            $cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));
                
            $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
            file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
@@ -759,7 +763,10 @@
            $cgi_tpl->newTemplate("php-cgi-starter.master");

            // This works, because php "rewrites" a symlink to the physical path
            $cgi_tpl->setVar('open_basedir', $data["new"]["document_root"]); 
            $php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
            $cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir)); 
            $cgi_tpl->setVar('document_root', escapeshellcmd($data["new"]["document_root"]));
			
            // This will NOT work!
            //$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]);
            $cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]);

			@@ -1057,8 +1057,9 @@
			`ssl_bundle` mediumtext NULL,
			`ssl_action` varchar(16) NULL,
			`stats_password` varchar(255) default NULL,
			`allow_override` varchar(32) NOT NULL default 'All',
			`allow_override` varchar(255) NOT NULL default 'All',
			`apache_directives` text,
			`php_open_basedir` text,
			`active` enum('n','y') NOT NULL default 'y',
			PRIMARY KEY (`domain_id`)
			) ENGINE=MyISAM AUTO_INCREMENT=1;

			@@ -44,6 +44,8 @@
			apps_vhost_port=8081
			apps_vhost_ip=_default_
			apps_vhost_servername=
			php_open_basedir=[website_path]/web:[website_path]/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
			htaccess_allow_override=All

			[dns]
			bind_user=root

			@@ -387,6 +387,28 @@
			'width' => '40',
			'maxlength' => '255'
			),
			'php_open_basedir' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'default' => '',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'php_open_basedir_error_empty'),
			),
			'value' => '',
			'width' => '40',
			'maxlength' => '255'
			),
			'htaccess_allow_override' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'default' => '',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'htaccess_allow_override_error_empty'),
			),
			'value' => '',
			'width' => '40',
			'maxlength' => '255'
			),
			'apps_vhost_port' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',

			@@ -61,4 +61,8 @@
			$wb["named_conf_local_path_error_empty"] = 'BIND named.conf.local path is empty.';
			$wb["mail_filter_syntax_txt"] = 'Mailfilter Syntax';
			$wb["pop3_imap_daemon_txt"] = 'POP3/IMAP Daemon';
			$wb["php_open_basedir_txt"] = 'PHP open_basedir';
			$wb["php_open_basedir_error_empty"] = 'PHP open_basedir is empty.';
			$wb["htaccess_allow_override_txt"] = '.htaccess AllowOverride';
			$wb["htaccess_allow_override_error_empty"] = '.htaccess AllowOverride is empty.';
			?>

			@@ -16,7 +16,7 @@
			<div class="ctrlHolder">
			<label for="website_symlinks">{tmpl_var name='website_symlinks_txt'}</label>
			<input name="website_symlinks" id="website_symlinks" value="{tmpl_var name='website_symlinks'}" size="40" maxlength="255" type="text" class="textInput" />
			</div>
			</div>
			<div class="ctrlHolder">
			<label for="vhost_conf_dir">{tmpl_var name='vhost_conf_dir_txt'}</label>
			<input name="vhost_conf_dir" id="vhost_conf_dir" value="{tmpl_var name='vhost_conf_dir'}" size="40" maxlength="255" type="text" class="textInput" />
			@@ -42,6 +42,14 @@
			<input name="group" id="group" value="{tmpl_var name='group'}" size="40" maxlength="255" type="text" class="textInput" />
			</div>
			<div class="ctrlHolder">
			<label for="php_open_basedir">{tmpl_var name='php_open_basedir_txt'}</label>
			<input name="php_open_basedir" id="php_open_basedir" value="{tmpl_var name='php_open_basedir'}" size="40" maxlength="255" type="text" class="textInput" />
			</div>
			<div class="ctrlHolder">
			<label for="htaccess_allow_override">{tmpl_var name='htaccess_allow_override_txt'}</label>
			<input name="htaccess_allow_override" id="htaccess_allow_override" value="{tmpl_var name='htaccess_allow_override'}" size="40" maxlength="255" type="text" class="textInput" />
			</div>
			<div class="ctrlHolder">
			<label for="apps_vhost_port">{tmpl_var name='apps_vhost_port_txt'}</label>
			<input name="apps_vhost_port" id="apps_vhost_port" value="{tmpl_var name='apps_vhost_port'}" size="40" maxlength="255" type="text" class="textInput" />
			</div>

			@@ -403,7 +403,18 @@
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'documentroot_error_empty'),
			'errmsg'=> 'allow_override_error_empty'),
			),
			'default' => 'All',
			'value' => '',
			'width' => '30',
			'maxlength' => '255'
			),
			'php_open_basedir' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'php_open_basedir_error_empty'),
			),
			'default' => 'All',
			'value' => '',

			@@ -19,7 +19,11 @@
			<div class="ctrlHolder">
			<label for="allow_override">{tmpl_var name='allow_override_txt'}</label>
			<input name="allow_override" id="allow_override" value="{tmpl_var name='allow_override'}" size="30" maxlength="255" type="text" class="textInput" />
			</div
			</div>
			<div class="ctrlHolder">
			<label for="php_open_basedir">{tmpl_var name='php_open_basedir_txt'}</label>
			<input name="php_open_basedir" id="php_open_basedir" value="{tmpl_var name='php_open_basedir'}" size="30" maxlength="255" type="text" class="textInput" />
			</div>
			<div class="ctrlHolder">
			<label for="apache_directives">{tmpl_var name='apache_directives_txt'}</label>
			<textarea name="apache_directives" id="apache_directives" rows='10' cols='30'>{tmpl_var name='apache_directives'}</textarea>

			@@ -293,11 +293,13 @@
			}

			// Set the values for document_root, system_user and system_group
			$system_user = 'web'.$this->id;
			$system_group = 'client'.$client_id;
			$document_root = str_replace("[client_id]",$client_id,$document_root);
			$system_user = $app->db->quote('web'.$this->id);
			$system_group = $app->db->quote('client'.$client_id);
			$document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
			$php_open_basedir = $app->db->quote(str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]));
			$htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);

			$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
			$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
			$app->db->query($sql);
			}

			@@ -372,9 +374,9 @@

			if(($_SESSION["s"]["user"]["typ"] == 'admin' \|\| $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["client_group_id"]) {
			// Set the values for document_root, system_user and system_group
			$system_user = 'web'.$this->id;
			$system_group = 'client'.$client_id;
			$document_root = str_replace("[client_id]",$client_id,$document_root);
			$system_user = $app->db->quote('web'.$this->id);
			$system_group = $app->db->quote('client'.$client_id);
			$document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));

			$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$this->id;
			//$sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group' WHERE domain_id = ".$this->id;
			@@ -393,6 +395,17 @@
			unset($subdomain);
			}

			//* Set allow_override and php_open_basedir if empty
			if($web_rec['allow_override'] == '') {
			$sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$this->id;
			$app->db->query($sql);
			}
			if($web_rec['php_open_basedir'] == '') {
			$php_open_basedir = $app->db->quote(str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]));
			$sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
			$app->db->query($sql);
			}

			}

			function onAfterDelete() {

			@@ -2,6 +2,6 @@

			exec <tmpl_var name='php_cgi_bin'> \
			-d open_basedir=<tmpl_var name='open_basedir'> \
			-d upload_tmp_dir=<tmpl_var name='open_basedir'>/tmp \
			-d session.save_path=<tmpl_var name='open_basedir'>/tmp
			-d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
			-d session.save_path=<tmpl_var name='document_root'>/tmp
			# -d safe_mode=${SAFE_MODE}

			@@ -10,7 +10,7 @@
			PHP_FCGI_MAX_REQUESTS=<tmpl_var name='php_fcgi_max_requests'>
			export PHP_FCGI_MAX_REQUESTS
			exec <tmpl_var name='php_fcgi_bin'> \
			<tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='document_root'>:/usr/share/php5:/tmp:/usr/share/phpmyadmin" \
			<tmpl_if name="security_level" op="==" value="20"> -d open_basedir="<tmpl_var name='open_basedir'>" \
			-d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
			-d session.save_path=<tmpl_var name='document_root'>/tmp \
			</tmpl_if> $1

			@@ -96,7 +96,7 @@
			php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
			php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
			<tmpl_if name='security_level' op='==' value='20'>
			php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
			php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
			</tmpl_if>
			</tmpl_if>
			<tmpl_if name='php' op='==' value='suphp'>
			@@ -257,7 +257,7 @@
			php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
			php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
			<tmpl_if name='security_level' op='==' value='20'>
			php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/share/phpmyadmin
			php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
			</tmpl_if>
			</tmpl_if>
			<tmpl_if name='php' op='==' value='suphp'>

			@@ -555,6 +555,7 @@
			$vhost_data["web_basedir"] = $web_config["website_basedir"];
			$vhost_data["security_level"] = $web_config["security_level"];
			$vhost_data["allow_override"] = ($data["new"]["allow_override"] == '')?'All':$data["new"]["allow_override"];
			$vhost_data["php_open_basedir"] = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];

			// Check if a SSL cert exists
			$ssl_dir = $data["new"]["document_root"]."/ssl";
			@@ -706,12 +707,15 @@
			$fcgi_tpl = new tpl();
			$fcgi_tpl->newTemplate("php-fcgi-starter.master");

			$fcgi_tpl->setVar('php_ini_path',$fastcgi_config["fastcgi_phpini_path"]);
			$fcgi_tpl->setVar('document_root',$data["new"]["document_root"]);
			$fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]);
			$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
			$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
			$fcgi_tpl->setVar('security_level',$web_config["security_level"]);
			$fcgi_tpl->setVar('php_ini_path',escapeshellcmd($fastcgi_config["fastcgi_phpini_path"]));
			$fcgi_tpl->setVar('document_root',escapeshellcmd($data["new"]["document_root"]));
			$fcgi_tpl->setVar('php_fcgi_children',escapeshellcmd($fastcgi_config["fastcgi_children"]));
			$fcgi_tpl->setVar('php_fcgi_max_requests',escapeshellcmd($fastcgi_config["fastcgi_max_requests"]));
			$fcgi_tpl->setVar('php_fcgi_bin',escapeshellcmd($fastcgi_config["fastcgi_bin"]));
			$fcgi_tpl->setVar('security_level',intval($web_config["security_level"]));

			$php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
			$cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));

			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
			file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
			@@ -759,7 +763,10 @@
			$cgi_tpl->newTemplate("php-cgi-starter.master");

			// This works, because php "rewrites" a symlink to the physical path
			$cgi_tpl->setVar('open_basedir', $data["new"]["document_root"]);
			$php_open_basedir = ($data["new"]["php_open_basedir"] == '')?$data["new"]["document_root"]:$data["new"]["php_open_basedir"];
			$cgi_tpl->setVar('open_basedir', escapeshellcmd($php_open_basedir));
			$cgi_tpl->setVar('document_root', escapeshellcmd($data["new"]["document_root"]));

			// This will NOT work!
			//$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]);
			$cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]);