Merge branch 'stable-3.1'

Author: Marius Burkard

TODO.txt

@@ -1,96 +1,4 @@
 
----------------------------------------
-- ISPConfig 3 ToDo list
----------------------------------------
+Please see issue tracker for feature requests and bug reports.
 
-Please feel free to edit this file, add new tasks,
-remove done tasks or assign yourself to a task.
-
-Form Validators
---------------------------------------
-
-Installer
---------------------------------------
-
-- Add a function to let a server join a existing installation.
-- Add Package haveged to requirements (at least if entropy is low) as it raises available entropy significantly which is very needed for DNSSEC Key-generation
-	If it is not installed and entropy is low generating dnssec-keys lasts minutes (and would time out the server thus is not done) and new signing keys are not generated.
-	If there are no keys the zones can not be signed and will only be availableas a unsigned copy.
-
-Uninstaller
---------------------------------------
-
-- Add a function to remove ispconfig user
-
-Server
---------------------------------------
-
-
-Mail module
---------------------------------------
-
-
-Administration module
---------------------------------------
-
-
-- Firewall Solution -- Andrew lathama Latham lathama@gmail.com
-	* Monitor existing IPTABLES rules is done and in the monitor page.
-	* Add IPTABLES rules
-		semi-functional and in development also functional in multiserver
-	* Delete IPTABLES rules
-		semi-functional and in development also functional in multiserver
-	* Merge IPTABLES rules made from the CLI with those made from ISPConfig3
-		Interesting topic about merging control with with the GUI and the CLI
-		interface for a systems adminitstrator who might add a rule during an
-		attack or for trouble shooting and forget to remove it.
-	* Fail2Ban
-		Add configuration for fail2ban on certian systems.  Imagine an admin
-		wishes to use fail2ban on one service but not others. Rare but an issue
-		when a large number of clients use a single NAT for all users and failed
-		logins and traffic looks like an attack.  Maybe a whitelist configuration
-		as an optional setting.
-	* Remoting
-		Enable remoting hooks for updating IPTABLES
-	* Service Checks
-		Adding saftey checks to make sure that the admin does not lock his/herself
-		out of the system by accident.  We all make mistakes.
-
--- Note: I'd love a pure iptables firewall as well. I've made such a script for
-   my work, which uses a simple config file to open/close ports and support for 
-   ip exclusions. I think we could use it as a base to start with, it's up on the dev forum
-   url: http://www.howtoforge.com/forums/showthread.php?p=261311 (Mark_NL)
-
-Clients module
---------------------------------------
-
-
-Sites (web) module
---------------------------------------
-
-
-BE-Designer module
---------------------------------------
-
-WARNING: Please do not use the BE Designer at the moment, the serializing
- function of the module editor may break some of the existing modules.
-
-
-Remoting framework
---------------------------------------
-- Add more connections to other data.  Remoting hooks for FS and Email Quota
-
-Interface
---------------------------------------
-- Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10])
-- DNS: Add Checkbox to switch dnssec_wanted between Y and N to templates and/or wizard. I recommend doing it in the wizard though.
-
-General tasks
---------------------------------------
-
-- Add, extend or modify comments in PEAR syntax so that they can be read with
-  phpdocumentor.
-
-- Doxygen might be a good idea (phpdocumentor looks nice but no active development)
--- http://drupal.org/node/1354 may have some good ideas.
--- http://engineeredweb.com/blog/10/9/4-reasons-consider-doxygen-over-phpdocumentor
+http://git.ispconfig.org/ispconfig/ispconfig3/issues

install/lib/installer_base.lib.php

@@ -217,7 +217,12 @@ public function configure_database() {
 		//* check sql-mode
 		$check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode");
 
-		if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+		if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
+			echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
+			echo "    sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
+			echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
+			die();
+		}
 
 		//** Create the database
 		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {

install/lib/update.lib.php

@@ -125,7 +125,12 @@ function updateDbAndIni() {
 
 	//* check sql-mode
 	$check_sql_mode = $inst->db->queryOneRecord("SELECT @@sql_mode");
-	if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
+	if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
+		echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
+		echo "    sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
+		echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
+		die();
+	}
 
 	//* Update $conf array with values from the server.ini that shall be preserved
 	$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);

install/uninstall.php

@@ -36,7 +36,7 @@
 
 require_once "/usr/local/ispconfig/server/lib/config.inc.php";
 require_once "/usr/local/ispconfig/server/lib/app.inc.php";
-require "/usr/local/ispconfig/server/mysql_clientdb.conf";
+require "/usr/local/ispconfig/server/lib/mysql_clientdb.conf";
 
 //** The banner on the command line
 echo "\n\n".str_repeat('-', 80)."\n";
@@ -51,7 +51,7 @@
 echo "\n".str_repeat('-', 80)."\n";
 echo "\n\n>> Uninstall  \n\n";
 
-echo "Are you sure you want to uninsatll ISPConfig? [no]";
+echo "Are you sure you want to uninstall ISPConfig? [no]";
 $input = fgets(STDIN);
 $do_uninstall = rtrim($input);
 
@@ -62,11 +62,11 @@
 
 	$link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
 	if (!$link) {
-		echo "Unable to connect to the database'.mysql_error($link)";
+		echo "Unable to connect to the database. mysql_error($link)";
 	} else {
-		$result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
+		$result=mysqli_query($link,"DROP DATABASE ".$conf['db_database'].";");
 		if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
-		$result=mysqli_query($link,"DROP USER '".$conf['db_user'] ."';");
+		$result=mysqli_query($link,"DROP USER '".$conf['db_user']."'@'".$conf['db_host']."';");
 	        if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
 	}
 	mysqli_close($link);

interface/lib/classes/validate_server.inc.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ Copyright (c) 2016, Florian Schaal, schaal @it
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ @author Florian Schaal, info@schaal-24.de
+*/
+
+
+class validate_server {
+
+	function get_error($errmsg) {
+		global $app;
+		if(isset($app->tform->wordbook[$errmsg])) {
+			return $app->tform->wordbook[$errmsg]."<br>\r\n";
+		} else {
+			 return $errmsg."<br>\r\n";
+		}
+	}
+
+	/**
+	 * Validator function for server-ip
+	*/
+	function check_server_ip($field_name, $field_value, $validator) {
+		if($_POST['ip_type'] == 'IPv4') {
+			if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+				return $this->get_error($validator['errmsg']);
+			}
+		} elseif ($_POST['ip_type'] == 'IPv6') {
+			if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+				return $this->get_error($validator['errmsg']);
+			}
+		} else return $this->get_error($validator['errmsg']);
+	}
+
+}
+

interface/web/admin/form/server_ip.tform.php

@@ -121,7 +121,7 @@
 		'ip_address' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'TEXT',
-			'validators' => array (  0 => array ( 'type' => 'ISIP',
+			'validators' => array (  0 => array ( 'type' => 'CUSTOM', 'class' => 'validate_server', 'function' => 'check_server_ip',
 					'errmsg'=> 'ip_error_wrong'),
 				1 => array ( 'type' => 'UNIQUE',
 					'errmsg'=> 'ip_error_unique'),

interface/web/admin/form/server_ip_map.tform.php

@@ -69,7 +69,7 @@
 			'datatype' => 'VARCHAR',
 			'formtype' => 'TEXT',
 			'validators' => array (  
-				0 => array ( 'type' => 'ISIP', 'errmsg'=> 'ip_error_wrong'),
+				0 => array ( 'type' => 'ISIPV4', 'errmsg'=> 'ip_error_wrong'),
 				1 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'destination_ip_empty'),
             ),
 			'default' => '',

server/plugins-available/apache2_plugin.inc.php

@@ -1119,14 +1119,7 @@ function update($event_name, $data) {
 		}
 		*/
 
-		//* Generate Let's Encrypt SSL certificat
-		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
-			($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
-			|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
-			|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
-			|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
-			|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
-		)) {
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
 			if(substr($domain, 0, 2) === '*.') {
 				// wildcard domain not yet supported by letsencrypt!
 				$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
@@ -1135,7 +1128,16 @@ function update($event_name, $data) {
 
 			$data['new']['ssl_domain'] = $domain;
 			$vhost_data['ssl_domain'] = $domain;
+		}
 
+		//* Generate Let's Encrypt SSL certificat
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+			($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+			|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+			|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+			|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+			|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
+		)) {
 			// default values
 			$temp_domains = array();
 			$lddomain = $domain;
@@ -1709,7 +1711,7 @@ function update($event_name, $data) {
 					$data['new']['ipv6_address'] = implode(':', $explode_v6);
 				}
 			}
-
+			if($data['new']['ipv6_address'] == '*') $data['new']['ipv6_address'] = '::';
 			$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
 			if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
 			if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);

server/plugins-available/network_settings_plugin.inc.php

@@ -110,7 +110,7 @@ function update($event_name, $data) {
 						/*
 						 * don't insert the main-ip again!
 						 */
-						if ($rec['ip_address'] != $server_config['ip_address'])
+						if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
 						{
 							$ip_records[$n] = array(
 								'id' => $n,
@@ -188,7 +188,7 @@ function update($event_name, $data) {
 						/*
 						 * don't insert the main-ip again!
 						 */
-						if ($rec['ip_address'] != $server_config['ip_address'])
+						if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
 						{
 							$ip_records[$n] = array(
 								'id' => $n,

server/plugins-available/nginx_plugin.inc.php

@@ -1232,15 +1232,7 @@ function update($event_name, $data) {
 
 		$tpl->setVar('ssl_letsencrypt', "n");
 
-		//* Generate Let's Encrypt SSL certificat
-		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
-			($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
-			|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
-			|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
-			|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
-			|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
-		)) {
-
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
 			//* be sure to have good domain
 			if(substr($domain, 0, 2) === '*.') {
 				// wildcard domain not yet supported by letsencrypt!
@@ -1250,7 +1242,16 @@ function update($event_name, $data) {
 
 			$data['new']['ssl_domain'] = $domain;
 			$vhost_data['ssl_domain'] = $domain;
-			
+		}
+		
+		//* Generate Let's Encrypt SSL certificat
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+			($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+			|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+			|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+			|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+			|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
+		)) {
 			// default values
 			$temp_domains = array();
 			$lddomain     = $domain;