From bf356a4021ee40e79392cb0c670bdfb192d2c529 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 05 Jun 2012 10:04:40 -0400
Subject: [PATCH] Fixed: FS#2262 - open_basedir not working with PHP on SUPHP mode.

---
 server/plugins-available/apache2_plugin.inc.php |   29 +++++++++++++++++++++++------
 1 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 650b843..bac1dcf 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -110,6 +110,13 @@
 
 		//* Create a SSL Certificate
 		if($data['new']['ssl_action'] == 'create') {
+			
+			//* Rename files if they exist
+			if(file_exists($key_file)) rename($key_file,$key_file.'.bak');
+			if(file_exists($key_file2)) rename($key_file2,$key_file2.'.bak');
+			if(file_exists($csr_file)) rename($csr_file,$csr_file.'.bak');
+			if(file_exists($crt_file)) rename($crt_file,$crt_file.'.bak');
+			
 			$rand_file = $ssl_dir.'/random_file';
 			$rand_data = md5(uniqid(microtime(),1));
 			for($i=0; $i<1000; $i++) {
@@ -133,11 +140,11 @@
         output_password        = $ssl_password
 
         [ req_distinguished_name ]
-        C                      = ".$data['new']['ssl_country']."
-        ST                     = ".$data['new']['ssl_state']."
-        L                      = ".$data['new']['ssl_locality']."
-        O                      = ".$data['new']['ssl_organisation']."
-        OU                     = ".$data['new']['ssl_organisation_unit']."
+        C                      = ".trim($data['new']['ssl_country'])."
+        ST                     = ".trim($data['new']['ssl_state'])."
+        L                      = ".trim($data['new']['ssl_locality'])."
+        O                      = ".trim($data['new']['ssl_organisation'])."
+        OU                     = ".trim($data['new']['ssl_organisation_unit'])."
         CN                     = $domain
         emailAddress           = webmaster@".$data['new']['domain']."
 
@@ -286,6 +293,10 @@
 		}
 		if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
 			$app->log('Websites cannot be owned by the root user or group.',LOGLEVEL_WARN);
+			return 0;
+		}
+		if(trim($data['new']['domain']) == '') {
+			$app->log('domain is empty',LOGLEVEL_WARN);
 			return 0;
 		}
 		
@@ -665,9 +676,15 @@
 		$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
 
 
-		//* Write the custom php.ini file, if custom_php_ini filed is not empty
+		//* Write the custom php.ini file, if custom_php_ini fieled is not empty
 		$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
 		if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
+		
+		//* add open_basedir restriction to custom php.ini content, required for suphp only
+		if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
+			$data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
+		}
+		//* Create custom php.ini
 		if(trim($data['new']['custom_php_ini']) != '') {
 			$has_custom_php_ini = true;
 			if(!is_dir($custom_php_ini_dir)) mkdir($custom_php_ini_dir);

--
Gitblit v1.9.1