From e1b4cacb8d66891ce11dd4203bd92aa265fffcde Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 29 Mar 2016 04:34:43 -0400
Subject: [PATCH] Fixed issue: #3812 Insufficient validation of PHP version selector.

---
 interface/web/sites/web_aliasdomain_edit.php     |   26 +++++++++++++
 interface/web/sites/web_vhost_subdomain_edit.php |   26 +++++++++++++
 interface/web/sites/web_subdomain_edit.php       |   26 +++++++++++++
 interface/web/sites/web_domain_edit.php          |   27 +++++++++++++
 4 files changed, 105 insertions(+), 0 deletions(-)

diff --git a/interface/web/sites/web_aliasdomain_edit.php b/interface/web/sites/web_aliasdomain_edit.php
index 008e707..bdd19db 100644
--- a/interface/web/sites/web_aliasdomain_edit.php
+++ b/interface/web/sites/web_aliasdomain_edit.php
@@ -162,6 +162,32 @@
 		//* make sure that the domain is lowercase
 		if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
 		
+		// Check custom PHP version
+		if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
+			// Check php-fpm mode
+			if($this->dataRecord['php'] == 'php-fpm'){
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			// Check fast-cgi mode
+			} elseif($this->dataRecord['php'] == 'fast-cgi') {
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			} else {
+				// Other PHP modes do not have custom versions, so we force the value to be empty
+				$this->dataRecord['fastcgi_php_version'] = '';
+			}
+		}
+		
 		parent::onSubmit();
 	}
 
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index a757700..f2fbf72 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -767,6 +767,33 @@
 				$app->tform->errorMessage .= $app->tform->lng("invalid_custom_php_ini_settings_txt").'<br>';
 			}
 		}
+		
+		// Check custom PHP version
+		if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
+			// Check php-fpm mode
+			if($this->dataRecord['php'] == 'php-fpm'){
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			// Check fast-cgi mode
+			} elseif($this->dataRecord['php'] == 'fast-cgi') {
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			} else {
+				// Other PHP modes do not have custom versions, so we force the value to be empty
+				$this->dataRecord['fastcgi_php_version'] = '';
+			}
+		}
+		
 
 		parent::onSubmit();
 	}
diff --git a/interface/web/sites/web_subdomain_edit.php b/interface/web/sites/web_subdomain_edit.php
index 4d079ff..bd86fed 100644
--- a/interface/web/sites/web_subdomain_edit.php
+++ b/interface/web/sites/web_subdomain_edit.php
@@ -170,6 +170,32 @@
 		//* make sure that the domain is lowercase
 		if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
 		
+		// Check custom PHP version
+		if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
+			// Check php-fpm mode
+			if($this->dataRecord['php'] == 'php-fpm'){
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			// Check fast-cgi mode
+			} elseif($this->dataRecord['php'] == 'fast-cgi') {
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			} else {
+				// Other PHP modes do not have custom versions, so we force the value to be empty
+				$this->dataRecord['fastcgi_php_version'] = '';
+			}
+		}
+		
 		parent::onSubmit();
 	}
 
diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index ef1fc4c..225e489 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -562,6 +562,32 @@
 				$app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
 			}
 		}
+		
+		// Check custom PHP version
+		if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
+			// Check php-fpm mode
+			if($this->dataRecord['php'] == 'php-fpm'){
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			// Check fast-cgi mode
+			} elseif($this->dataRecord['php'] == 'fast-cgi') {
+				$tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
+				if(is_array($tmp)) {
+					$this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
+				} else {
+					$this->dataRecord['fastcgi_php_version'] = '';
+				}
+				unset($tmp);
+			} else {
+				// Other PHP modes do not have custom versions, so we force the value to be empty
+				$this->dataRecord['fastcgi_php_version'] = '';
+			}
+		}
 
 		parent::onSubmit();
 	}

--
Gitblit v1.9.1