Merge branch 'stable-3.1'

Author: Marius Burkard

helper_scripts/ubuntu-amavisd-new-2.11.patch

@@ -0,0 +1,18 @@
+--- amavisd-new.orig	2017-11-16 11:51:19.000000000 +0100
++++ amavisd-new	2018-05-25 16:53:45.623398108 +0200
+@@ -22829,6 +22829,7 @@
+         }
+         # load policy banks from the 'client_ipaddr_policy' lookup
+         Amavis::load_policy_bank($_,$msginfo) for @bank_names_cl;
++        $msginfo->originating(c('originating'));
+ 
+         $msginfo->client_addr($cl_ip);      # ADDR
+         $msginfo->client_port($cl_port);    # PORT
+@@ -34361,6 +34362,7 @@
+     $sig_ind++;
+   }
+   Amavis::load_policy_bank($_,$msginfo) for @bank_names;
++  $msginfo->originating(c('originating'));
+   $msginfo->dkim_signatures_valid(\@signatures_valid)  if @signatures_valid;
+ # if (ll(5) && $sig_ind > 0) {
+ #   # show which header fields are covered by which signature

install/lib/installer_base.lib.php

@@ -2371,9 +2371,9 @@ public function configure_apps_vhost() {
 			$content = str_replace('{ssl_comment}', '#', $content);
 
 			// Fix socket path on PHP 7 systems
-			if(file_exists('/var/run/php/php7.0-fpm.sock')) {
-				$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.0-fpm.sock', $content);
-			}
+			if(file_exists('/var/run/php/php7.0-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.0-fpm.sock', $content);
+			if(file_exists('/var/run/php/php7.1-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.1-fpm.sock', $content);
+			if(file_exists('/var/run/php/php7.2-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.2-fpm.sock', $content);
 
 			wf($vhost_conf_dir.'/apps.vhost', $content);
 

install/tpl/server.ini.master

@@ -103,6 +103,7 @@ php_fpm_ini_path=/etc/php5/fpm/php.ini
 php_fpm_pool_dir=/etc/php5/fpm/pool.d
 php_fpm_start_port=9010
 php_fpm_socket_dir=/var/lib/php5-fpm
+php_default_name=Default
 set_folder_permissions_on_update=n
 add_web_users_to_sshusers_group=y
 connect_userid_to_webid=n

interface/lib/classes/functions.inc.php

@@ -513,6 +513,29 @@ public function htmlentities($value) {
 
 		return $out;
 	}
+	
+	// Function to check paths before we use it as include. Use with absolute paths only.
+	public function check_include_path($path) {
+		if(strpos($path,'//') !== false) die('Include path seems to be an URL: '.$this->htmlentities($path));
+		if(strpos($path,'..') !== false) die('Two dots are not allowed in include path: '.$this->htmlentities($path));
+		if(!preg_match("/^[a-zA-Z0-9_\/\.\-]+$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path));
+		$path = realpath($path);
+		if($path == '') die('Include path does not exist.');
+		if(substr($path,0,strlen(ISPC_ROOT_PATH)) != ISPC_ROOT_PATH) die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.');
+		return $path;
+	}
+	
+	// Function to check language strings
+	public function check_language($language) {
+		global $app;
+		if(preg_match('/^[a-z]{2}$/',$language)) {
+			 return $language;
+		} else {
+			$app->log('Wrong language string: '.$this->htmlentities($language),1);
+			return 'en';	
+		}
+	}
+	
 }
 
 ?>

interface/lib/classes/listform.inc.php

@@ -60,7 +60,7 @@ public function loadListDef($file, $module = '')
 		}
 
 		//* Set local Language File
-		$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_'.$this->listDef['name'].'_list.lng';
+		$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_'.$this->listDef['name'].'_list.lng';
 		if(!file_exists($lng_file)) $lng_file = 'lib/lang/en_'.$this->listDef['name'].'_list.lng';
 		include $lng_file;
 

interface/lib/classes/listform_actions.inc.php

@@ -249,7 +249,7 @@ public function onShow()
 		global $app;
 
 		//* Set global Language File
-		$lng_file = ISPC_LIB_PATH.'/lang/'.$_SESSION['s']['language'].'.lng';
+		$lng_file = ISPC_LIB_PATH.'/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
 		if(!file_exists($lng_file))
 			$lng_file = ISPC_LIB_PATH.'/lang/en.lng';
 		include $lng_file;

interface/lib/classes/listform_tpl_generator.inc.php

@@ -153,10 +153,10 @@ function buildHTML($listDef, $module = '') {
 	}
 
 	function lng_add($lang, $listDef, $module = '') {
-		global $go_api, $go_info, $conf;
+		global $app, $conf;
 
 		if($module == '') {
-			$lng_file = "lib/lang/".$conf["language"]."_".$listDef['name']."_list.lng";
+			$lng_file = "lib/lang/".$app->functions->check_language($conf["language"])."_".$listDef['name']."_list.lng";
 		} else {
 			$lng_file = '../'.$module."/lib/lang/en_".$listDef['name']."_list.lng";
 		}

interface/lib/classes/plugin_backuplist.inc.php

@@ -45,7 +45,7 @@ function onShow() {
 		$listTpl->newTemplate('templates/web_backup_list.htm');
 
 		//* Loading language file
-		$lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_backup_list.lng";
+		$lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_web_backup_list.lng";
 		include $lng_file;
 		$listTpl->setVar($wb);
 

interface/lib/classes/plugin_backuplist_mail.inc.php

@@ -46,7 +46,7 @@ function onShow() {
 		$listTpl->newTemplate('templates/mail_user_backup_list.htm');
 
 		//* Loading language file
-		$lng_file = "lib/lang/".$_SESSION["s"]["language"]."_mail_backup_list.lng";
+		$lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_mail_backup_list.lng";
 		include($lng_file);
 		$listTpl->setVar($wb);
 

interface/lib/classes/plugin_directive_snippets.inc.php

@@ -18,7 +18,7 @@ public function onShow()
 		$listTpl->newTemplate('templates/web_directive_snippets.htm');
 
 		//* Loading language file
-		$lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_directive_snippets.lng";
+		$lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_web_directive_snippets.lng";
 
 		include $lng_file;
 		$listTpl->setVar($wb);