From bf356a4021ee40e79392cb0c670bdfb192d2c529 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 05 Jun 2012 10:04:40 -0400
Subject: [PATCH] Fixed: FS#2262 - open_basedir not working with PHP on SUPHP mode.

---
 server/plugins-available/apache2_plugin.inc.php |   38 ++++++++++++++++++++++++++++++--------
 1 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 9724317..bac1dcf 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -110,6 +110,13 @@
 
 		//* Create a SSL Certificate
 		if($data['new']['ssl_action'] == 'create') {
+			
+			//* Rename files if they exist
+			if(file_exists($key_file)) rename($key_file,$key_file.'.bak');
+			if(file_exists($key_file2)) rename($key_file2,$key_file2.'.bak');
+			if(file_exists($csr_file)) rename($csr_file,$csr_file.'.bak');
+			if(file_exists($crt_file)) rename($crt_file,$crt_file.'.bak');
+			
 			$rand_file = $ssl_dir.'/random_file';
 			$rand_data = md5(uniqid(microtime(),1));
 			for($i=0; $i<1000; $i++) {
@@ -133,11 +140,11 @@
         output_password        = $ssl_password
 
         [ req_distinguished_name ]
-        C                      = ".$data['new']['ssl_country']."
-        ST                     = ".$data['new']['ssl_state']."
-        L                      = ".$data['new']['ssl_locality']."
-        O                      = ".$data['new']['ssl_organisation']."
-        OU                     = ".$data['new']['ssl_organisation_unit']."
+        C                      = ".trim($data['new']['ssl_country'])."
+        ST                     = ".trim($data['new']['ssl_state'])."
+        L                      = ".trim($data['new']['ssl_locality'])."
+        O                      = ".trim($data['new']['ssl_organisation'])."
+        OU                     = ".trim($data['new']['ssl_organisation_unit'])."
         CN                     = $domain
         emailAddress           = webmaster@".$data['new']['domain']."
 
@@ -286,6 +293,10 @@
 		}
 		if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
 			$app->log('Websites cannot be owned by the root user or group.',LOGLEVEL_WARN);
+			return 0;
+		}
+		if(trim($data['new']['domain']) == '') {
+			$app->log('domain is empty',LOGLEVEL_WARN);
 			return 0;
 		}
 		
@@ -665,9 +676,15 @@
 		$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
 
 
-		//* Write the custom php.ini file, if custom_php_ini filed is not empty
+		//* Write the custom php.ini file, if custom_php_ini fieled is not empty
 		$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
 		if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
+		
+		//* add open_basedir restriction to custom php.ini content, required for suphp only
+		if(!stristr($data['new']['custom_php_ini'],'open_basedir') && $data['new']['php'] == 'suphp') {
+			$data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";
+		}
+		//* Create custom php.ini
 		if(trim($data['new']['custom_php_ini']) != '') {
 			$has_custom_php_ini = true;
 			if(!is_dir($custom_php_ini_dir)) mkdir($custom_php_ini_dir);
@@ -709,6 +726,11 @@
 		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
 		$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
 		$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
+		
+		// Custom Apache directives
+		// Make sure we only have Unix linebreaks
+		$vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
+		$vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
 
 		// Check if a SSL cert exists
 		$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -750,7 +772,7 @@
 
 		// Rewrite rules
 		$rewrite_rules = array();
-		if($data['new']['redirect_type'] != '') {
+		if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
 			if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
 			if(substr($data['new']['redirect_path'],0,8) == '[scheme]'){
 				$rewrite_target = 'http'.substr($data['new']['redirect_path'],8);
@@ -816,7 +838,7 @@
 				}
 				$app->log('Add server alias: '.$alias['domain'],LOGLEVEL_DEBUG);
 				// Rewriting
-				if($alias['redirect_type'] != '') {
+				if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {
 					if(substr($alias['redirect_path'],-1) != '/') $alias['redirect_path'] .= '/';
 					if(substr($alias['redirect_path'],0,8) == '[scheme]'){
 						$rewrite_target = 'http'.substr($alias['redirect_path'],8);

--
Gitblit v1.9.1