From 03cc01dfc5af72be38dcb7d2222a83fa9cf79227 Mon Sep 17 00:00:00 2001
From: Falko Timme <ft@falkotimme.com>
Date: Tue, 18 Feb 2014 14:10:29 -0500
Subject: [PATCH] - Fixed FS#3320 - Improve php.ini parser.

---
 server/plugins-available/apache2_plugin.inc.php |    2 +-
 interface/web/sites/lib/lang/de_web_domain.lng  |    1 +
 interface/web/sites/lib/lang/en_web_domain.lng  |    1 +
 interface/web/sites/web_domain_edit.php         |   29 +++++++++++++++++++++++++++++
 server/plugins-available/nginx_plugin.inc.php   |    2 +-
 5 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/interface/web/sites/lib/lang/de_web_domain.lng b/interface/web/sites/lib/lang/de_web_domain.lng
index 986b64e..f7d002e 100644
--- a/interface/web/sites/lib/lang/de_web_domain.lng
+++ b/interface/web/sites/lib/lang/de_web_domain.lng
@@ -126,4 +126,5 @@
 $wb['backup_excludes_txt'] = 'Auszuschließende Verzeichnisse';
 $wb['backup_excludes_note_txt'] = '(Mehrere Verzeichnisse mit Kommas trennen. Beispiel: web/cache/*,web/backup)';
 $wb['backup_excludes_error_regex'] = 'Die auszuschließenden Verzeichnisse enthalten ungültige Zeichen.';
+$wb['invalid_custom_php_ini_settings_txt'] = 'Unzulässige php.ini-Einstellungen';
 ?>
\ No newline at end of file
diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng
index 330b820..8c8f90e 100644
--- a/interface/web/sites/lib/lang/en_web_domain.lng
+++ b/interface/web/sites/lib/lang/en_web_domain.lng
@@ -126,4 +126,5 @@
 $wb['backup_excludes_txt'] = 'Excluded Directories';
 $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)';
 $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
+$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
 ?>
\ No newline at end of file
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index f372303..630c9bc 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -726,6 +726,35 @@
 				$app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
 			}
 		}
+		
+		// check custom php.ini settings
+		if(isset($this->dataRecord['custom_php_ini']) && trim($this->dataRecord['custom_php_ini']) != '') {
+			$custom_php_ini_settings = trim($this->dataRecord['custom_php_ini']);
+			$custom_php_ini_settings_are_valid = true;
+			// Make sure we only have Unix linebreaks
+			$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+			$custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+			$custom_php_ini_settings_lines = explode("\n", $custom_php_ini_settings);
+			if(is_array($custom_php_ini_settings_lines) && !empty($custom_php_ini_settings_lines)){
+				foreach($custom_php_ini_settings_lines as $custom_php_ini_settings_line){
+					if(trim($custom_php_ini_settings_line) == '') continue;
+					if(substr(trim($custom_php_ini_settings_line),0,1) == ';') continue;
+					// empty value
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					// value inside ""
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*".*"\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					// value inside ''
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*\'.*\'\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					// everything else
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*[-a-zA-Z0-9~&=_\@/,.#\s]*\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					$custom_php_ini_settings_are_valid = false;
+					break;
+				}
+			}
+			if(!$custom_php_ini_settings_are_valid){
+				$app->tform->errorMessage .= $app->tform->lng("invalid_custom_php_ini_settings_txt").'<br>';
+			}
+		}
 
 		parent::onSubmit();
 	}
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 3c83dc1..c6a253a 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -2668,7 +2668,7 @@
 					if(substr($ini_setting, 0, 1) == ';') continue;
 					if(substr($ini_setting, 0, 1) == '#') continue;
 					if(substr($ini_setting, 0, 2) == '//') continue;
-					list($key, $value) = explode('=', $ini_setting);
+					list($key, $value) = explode('=', $ini_setting, 2);
 					if($value){
 						$value = trim($value);
 						$key = trim($key);
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index d66521b..594629c 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -2367,7 +2367,7 @@
 					if(substr($ini_setting, 0, 1) == ';') continue;
 					if(substr($ini_setting, 0, 1) == '#') continue;
 					if(substr($ini_setting, 0, 2) == '//') continue;
-					list($key, $value) = explode('=', $ini_setting);
+					list($key, $value) = explode('=', $ini_setting, 2);
 					if($value){
 						$value = trim($value);
 						$key = trim($key);

--
Gitblit v1.9.1