From 45e9406a0fd6e872219a09d913bdfa49bd22e87b Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 29 Feb 2016 14:25:40 -0500
Subject: [PATCH] Merge branch 'stable-3.1'
---
TODO.txt | 96 -----------------------
install/lib/installer_base.lib.php | 7 +
interface/web/admin/form/server_ip.tform.php | 2
install/lib/update.lib.php | 7 +
server/plugins-available/apache2_plugin.inc.php | 20 ++--
interface/web/admin/form/server_ip_map.tform.php | 2
interface/lib/classes/validate_server.inc.php | 61 +++++++++++++++
server/plugins-available/network_settings_plugin.inc.php | 4
server/plugins-available/nginx_plugin.inc.php | 21 ++--
install/uninstall.php | 10 +-
10 files changed, 106 insertions(+), 124 deletions(-)
diff --git a/TODO.txt b/TODO.txt
index 5c6fe38..17f2a20 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -1,96 +1,4 @@
----------------------------------------
-- ISPConfig 3 ToDo list
----------------------------------------
+Please see issue tracker for feature requests and bug reports.
-Please feel free to edit this file, add new tasks,
-remove done tasks or assign yourself to a task.
-
-Form Validators
---------------------------------------
-
-Installer
---------------------------------------
-
-- Add a function to let a server join a existing installation.
-- Add Package haveged to requirements (at least if entropy is low) as it raises available entropy significantly which is very needed for DNSSEC Key-generation
- If it is not installed and entropy is low generating dnssec-keys lasts minutes (and would time out the server thus is not done) and new signing keys are not generated.
- If there are no keys the zones can not be signed and will only be availableas a unsigned copy.
-
-Uninstaller
---------------------------------------
-
-- Add a function to remove ispconfig user
-
-Server
---------------------------------------
-
-
-Mail module
---------------------------------------
-
-
-Administration module
---------------------------------------
-
-
-- Firewall Solution -- Andrew lathama Latham lathama@gmail.com
- * Monitor existing IPTABLES rules is done and in the monitor page.
- * Add IPTABLES rules
- semi-functional and in development also functional in multiserver
- * Delete IPTABLES rules
- semi-functional and in development also functional in multiserver
- * Merge IPTABLES rules made from the CLI with those made from ISPConfig3
- Interesting topic about merging control with with the GUI and the CLI
- interface for a systems adminitstrator who might add a rule during an
- attack or for trouble shooting and forget to remove it.
- * Fail2Ban
- Add configuration for fail2ban on certian systems. Imagine an admin
- wishes to use fail2ban on one service but not others. Rare but an issue
- when a large number of clients use a single NAT for all users and failed
- logins and traffic looks like an attack. Maybe a whitelist configuration
- as an optional setting.
- * Remoting
- Enable remoting hooks for updating IPTABLES
- * Service Checks
- Adding saftey checks to make sure that the admin does not lock his/herself
- out of the system by accident. We all make mistakes.
-
--- Note: I'd love a pure iptables firewall as well. I've made such a script for
- my work, which uses a simple config file to open/close ports and support for
- ip exclusions. I think we could use it as a base to start with, it's up on the dev forum
- url: http://www.howtoforge.com/forums/showthread.php?p=261311 (Mark_NL)
-
-Clients module
---------------------------------------
-
-
-Sites (web) module
---------------------------------------
-
-
-BE-Designer module
---------------------------------------
-
-WARNING: Please do not use the BE Designer at the moment, the serializing
- function of the module editor may break some of the existing modules.
-
-
-Remoting framework
---------------------------------------
-- Add more connections to other data. Remoting hooks for FS and Email Quota
-
-Interface
---------------------------------------
-- Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10])
-- DNS: Add Checkbox to switch dnssec_wanted between Y and N to templates and/or wizard. I recommend doing it in the wizard though.
-
-General tasks
---------------------------------------
-
-- Add, extend or modify comments in PEAR syntax so that they can be read with
- phpdocumentor.
-
-- Doxygen might be a good idea (phpdocumentor looks nice but no active development)
--- http://drupal.org/node/1354 may have some good ideas.
--- http://engineeredweb.com/blog/10/9/4-reasons-consider-doxygen-over-phpdocumentor
+http://git.ispconfig.org/ispconfig/ispconfig3/issues
\ No newline at end of file
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 363a38c..bbf8cfd 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -217,7 +217,12 @@
//* check sql-mode
$check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode");
- if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+ if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
+ echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
+ echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
+ echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
+ die();
+ }
//** Create the database
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index 9fb57cb..a6bb42d 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -125,7 +125,12 @@
//* check sql-mode
$check_sql_mode = $inst->db->queryOneRecord("SELECT @@sql_mode");
- if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+ if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
+ echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
+ echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
+ echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
+ die();
+ }
//* Update $conf array with values from the server.ini that shall be preserved
$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
diff --git a/install/uninstall.php b/install/uninstall.php
index 198a145..c565d46 100644
--- a/install/uninstall.php
+++ b/install/uninstall.php
@@ -36,7 +36,7 @@
require_once "/usr/local/ispconfig/server/lib/config.inc.php";
require_once "/usr/local/ispconfig/server/lib/app.inc.php";
-require "/usr/local/ispconfig/server/mysql_clientdb.conf";
+require "/usr/local/ispconfig/server/lib/mysql_clientdb.conf";
//** The banner on the command line
echo "\n\n".str_repeat('-', 80)."\n";
@@ -51,7 +51,7 @@
echo "\n".str_repeat('-', 80)."\n";
echo "\n\n>> Uninstall \n\n";
-echo "Are you sure you want to uninsatll ISPConfig? [no]";
+echo "Are you sure you want to uninstall ISPConfig? [no]";
$input = fgets(STDIN);
$do_uninstall = rtrim($input);
@@ -62,11 +62,11 @@
$link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
- echo "Unable to connect to the database'.mysql_error($link)";
+ echo "Unable to connect to the database. mysql_error($link)";
} else {
- $result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
+ $result=mysqli_query($link,"DROP DATABASE ".$conf['db_database'].";");
if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
- $result=mysqli_query($link,"DROP USER '".$conf['db_user'] ."';");
+ $result=mysqli_query($link,"DROP USER '".$conf['db_user']."'@'".$conf['db_host']."';");
if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
}
mysqli_close($link);
diff --git a/interface/lib/classes/validate_server.inc.php b/interface/lib/classes/validate_server.inc.php
new file mode 100644
index 0000000..6361fb4
--- /dev/null
+++ b/interface/lib/classes/validate_server.inc.php
@@ -0,0 +1,61 @@
+<?php
+
+/**
+ Copyright (c) 2016, Florian Schaal, schaal @it
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ @author Florian Schaal, info@schaal-24.de
+*/
+
+
+class validate_server {
+
+ function get_error($errmsg) {
+ global $app;
+ if(isset($app->tform->wordbook[$errmsg])) {
+ return $app->tform->wordbook[$errmsg]."<br>\r\n";
+ } else {
+ return $errmsg."<br>\r\n";
+ }
+ }
+
+ /**
+ * Validator function for server-ip
+ */
+ function check_server_ip($field_name, $field_value, $validator) {
+ if($_POST['ip_type'] == 'IPv4') {
+ if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+ return $this->get_error($validator['errmsg']);
+ }
+ } elseif ($_POST['ip_type'] == 'IPv6') {
+ if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+ return $this->get_error($validator['errmsg']);
+ }
+ } else return $this->get_error($validator['errmsg']);
+ }
+
+}
+
diff --git a/interface/web/admin/form/server_ip.tform.php b/interface/web/admin/form/server_ip.tform.php
index 0dbdfe1..cd7190e 100644
--- a/interface/web/admin/form/server_ip.tform.php
+++ b/interface/web/admin/form/server_ip.tform.php
@@ -121,7 +121,7 @@
'ip_address' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
- 'validators' => array ( 0 => array ( 'type' => 'ISIP',
+ 'validators' => array ( 0 => array ( 'type' => 'CUSTOM', 'class' => 'validate_server', 'function' => 'check_server_ip',
'errmsg'=> 'ip_error_wrong'),
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'ip_error_unique'),
diff --git a/interface/web/admin/form/server_ip_map.tform.php b/interface/web/admin/form/server_ip_map.tform.php
index fb61022..4f7ed3d 100644
--- a/interface/web/admin/form/server_ip_map.tform.php
+++ b/interface/web/admin/form/server_ip_map.tform.php
@@ -69,7 +69,7 @@
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array (
- 0 => array ( 'type' => 'ISIP', 'errmsg'=> 'ip_error_wrong'),
+ 0 => array ( 'type' => 'ISIPV4', 'errmsg'=> 'ip_error_wrong'),
1 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'destination_ip_empty'),
),
'default' => '',
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 3237bb5..a8377f5 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1119,14 +1119,7 @@
}
*/
- //* Generate Let's Encrypt SSL certificat
- if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
- ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
- || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
- || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
- || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
- || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
- )) {
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
@@ -1135,7 +1128,16 @@
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
+ }
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+ ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+ || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+ || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+ || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
+ )) {
// default values
$temp_domains = array();
$lddomain = $domain;
@@ -1709,7 +1711,7 @@
$data['new']['ipv6_address'] = implode(':', $explode_v6);
}
}
-
+ if($data['new']['ipv6_address'] == '*') $data['new']['ipv6_address'] = '::';
$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
diff --git a/server/plugins-available/network_settings_plugin.inc.php b/server/plugins-available/network_settings_plugin.inc.php
index 13dbf3c..5ce6f93 100644
--- a/server/plugins-available/network_settings_plugin.inc.php
+++ b/server/plugins-available/network_settings_plugin.inc.php
@@ -110,7 +110,7 @@
/*
* don't insert the main-ip again!
*/
- if ($rec['ip_address'] != $server_config['ip_address'])
+ if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip_records[$n] = array(
'id' => $n,
@@ -188,7 +188,7 @@
/*
* don't insert the main-ip again!
*/
- if ($rec['ip_address'] != $server_config['ip_address'])
+ if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip_records[$n] = array(
'id' => $n,
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index b50d4eb..b3276e4 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1232,15 +1232,7 @@
$tpl->setVar('ssl_letsencrypt', "n");
- //* Generate Let's Encrypt SSL certificat
- if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
- ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
- || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
- || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
- || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
- || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
- )) {
-
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
//* be sure to have good domain
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
@@ -1250,7 +1242,16 @@
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
-
+ }
+
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+ ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+ || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+ || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+ || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
+ )) {
// default values
$temp_domains = array();
$lddomain = $domain;
--
Gitblit v1.9.1