- Fixed FS#3320 - Improve php.ini parser.

Author: falkotimme

interface/web/sites/lib/lang/de_web_domain.lng

@@ -126,4 +126,5 @@ $wb['added_date_txt'] = 'Hinzugefügt am';
 $wb['backup_excludes_txt'] = 'Auszuschließende Verzeichnisse';
 $wb['backup_excludes_note_txt'] = '(Mehrere Verzeichnisse mit Kommas trennen. Beispiel: web/cache/*,web/backup)';
 $wb['backup_excludes_error_regex'] = 'Die auszuschließenden Verzeichnisse enthalten ungültige Zeichen.';
+$wb['invalid_custom_php_ini_settings_txt'] = 'Unzulässige php.ini-Einstellungen';
 ?>

interface/web/sites/lib/lang/en_web_domain.lng

@@ -126,4 +126,5 @@ $wb['added_date_txt'] = 'Added date';
 $wb['backup_excludes_txt'] = 'Excluded Directories';
 $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)';
 $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.';
+$wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings';
 ?>

interface/web/sites/web_domain_edit.php

@@ -726,6 +726,35 @@ function onSubmit() {
 				$app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
 			}
 		}
+		
+		// check custom php.ini settings
+		if(isset($this->dataRecord['custom_php_ini']) && trim($this->dataRecord['custom_php_ini']) != '') {
+			$custom_php_ini_settings = trim($this->dataRecord['custom_php_ini']);
+			$custom_php_ini_settings_are_valid = true;
+			// Make sure we only have Unix linebreaks
+			$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+			$custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+			$custom_php_ini_settings_lines = explode("\n", $custom_php_ini_settings);
+			if(is_array($custom_php_ini_settings_lines) && !empty($custom_php_ini_settings_lines)){
+				foreach($custom_php_ini_settings_lines as $custom_php_ini_settings_line){
+					if(trim($custom_php_ini_settings_line) == '') continue;
+					if(substr(trim($custom_php_ini_settings_line),0,1) == ';') continue;
+					// empty value
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					// value inside ""
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*".*"\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					// value inside ''
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*\'.*\'\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					// everything else
+					if(preg_match('@^\s*;*\s*[a-zA-Z0-9._]*\s*=\s*[-a-zA-Z0-9~&=_\@/,.#\s]*\s*;*\s*$@', $custom_php_ini_settings_line)) continue;
+					$custom_php_ini_settings_are_valid = false;
+					break;
+				}
+			}
+			if(!$custom_php_ini_settings_are_valid){
+				$app->tform->errorMessage .= $app->tform->lng("invalid_custom_php_ini_settings_txt").'<br>';
+			}
+		}
 
 		parent::onSubmit();
 	}

server/plugins-available/apache2_plugin.inc.php

@@ -2668,7 +2668,7 @@ private function php_fpm_pool_update ($data, $web_config, $pool_dir, $pool_name,
 					if(substr($ini_setting, 0, 1) == ';') continue;
 					if(substr($ini_setting, 0, 1) == '#') continue;
 					if(substr($ini_setting, 0, 2) == '//') continue;
-					list($key, $value) = explode('=', $ini_setting);
+					list($key, $value) = explode('=', $ini_setting, 2);
 					if($value){
 						$value = trim($value);
 						$key = trim($key);

server/plugins-available/nginx_plugin.inc.php

@@ -2367,7 +2367,7 @@ private function php_fpm_pool_update ($data, $web_config, $pool_dir, $pool_name,
 					if(substr($ini_setting, 0, 1) == ';') continue;
 					if(substr($ini_setting, 0, 1) == '#') continue;
 					if(substr($ini_setting, 0, 2) == '//') continue;
-					list($key, $value) = explode('=', $ini_setting);
+					list($key, $value) = explode('=', $ini_setting, 2);
 					if($value){
 						$value = trim($value);
 						$key = trim($key);