Merge branch 'stable-3.1' into 'stable-3.1'

Till Brehm · Till Brehm · commit 652c0b9fec60 · 2017-12-12T16:28:28.000+01:00
Stable 3.1

See merge request ispconfig/ispconfig3!681
diff --git a/install/install.php b/install/install.php
@@ -551,8 +551,9 @@
 
 	//** Customise the port ISPConfig runs on
 	$ispconfig_vhost_port = $inst->free_query('ISPConfig Port', '8080','ispconfig_port');
-	$conf['interface_password'] = $inst->free_query('Admin password', 'admin','ispconfig_admin_password');
-	if($conf['interface_password'] != 'admin') {
+	$temp_admin_password = str_shuffle(bin2hex(openssl_random_pseudo_bytes(4)));
+	$conf['interface_password'] = $inst->free_query('Admin password', $temp_admin_password, 'ispconfig_admin_password');
+	if($conf['interface_password'] != $temp_admin_password) {
 		$check = false;
 		do {
 			unset($temp_password);
@@ -563,6 +564,7 @@
 	}
 	unset($check);
 	unset($temp_password);
+	unset($temp_admin_password);
 	if($conf['apache']['installed'] == true) $conf['apache']['vhost_port']  = $ispconfig_vhost_port;
 	if($conf['nginx']['installed'] == true) $conf['nginx']['vhost_port']  = $ispconfig_vhost_port;
 	unset($ispconfig_vhost_port);
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
@@ -1 +0,0 @@
-
diff --git a/interface/web/remote/json.php b/interface/web/remote/json.php
@@ -4,7 +4,13 @@
 $conf['start_session'] = false;
 require_once '../../lib/app.inc.php';
 
-$app->load('json_handler');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
+
+$app->load('json_handler,getconf');
+
+$security_config = $app->getconf->get_security_config('permissions');
+if($security_config['remote_api_allowed'] != 'yes') die('Remote API is disabled in security settings.');
+
 $json_handler = new ISPConfigJSONHandler();
 $json_handler->run();
 
