Merge branch 'ispconfig-3-3-p2' into 'develop'

Fixes for ISPConfig 3.3 Patch 2

Closes #6869, #6884, #6885, #6889, #6890, and #6881

See merge request ispconfig/ispconfig3!2025

Author: Till Brehm

install/dist/lib/fedora.lib.php

@@ -1104,6 +1104,7 @@ public function install_ispconfig()
 		if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
 		if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
 		chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
+		exec('chmod o-rw /var/log/ispconfig/*.gz /var/log/ispconfig/*.log');
 
 		if(is_user('getmail')) {
 			exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');

install/dist/lib/opensuse.lib.php

@@ -1329,6 +1329,7 @@ public function install_ispconfig()
 		if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
 		if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
 		chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
+		exec('chmod o-rw /var/log/ispconfig/*.gz /var/log/ispconfig/*.log');
 
 		if(is_user('getmail')) {
 			exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');

install/lib/installer_base.lib.php

@@ -3909,6 +3909,7 @@ public function install_ispconfig() {
 			touch($conf['ispconfig_log_dir'].'/ispconfig.log');
 		}
 		chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
+		exec('chmod o-rw /var/log/ispconfig/*.gz /var/log/ispconfig/*.log');
 
 		//* Create the ispconfig auth log file and set uid/gid
 		if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {

interface/lib/classes/remoting_lib.inc.php

@@ -297,6 +297,16 @@ function ispconfig_sysuser_add($params, $insert_id){
 			$modules = $conf['interface_modules_enabled'];
 		} else {
 			$modules = $params['modules'];
+
+			// Check if modules are allowed and remove unknown modules
+			$allowed_modules = explode(',', $conf['interface_modules_enabled']);
+			$modules_array = explode(',', $modules);
+			foreach($modules_array as $key => $module) {
+				if(!in_array($module, $allowed_modules)) {
+					unset($modules_array[$key]);
+				}
+			}
+			$modules = implode(',', $modules_array);
 		}
 		if(isset($params['limit_client']) && $params['limit_client'] > 0) {
 			$modules .= ',client';
@@ -306,7 +316,7 @@ function ispconfig_sysuser_add($params, $insert_id){
 			$startmodule = 'dashboard';
 		} else {
 			$startmodule = $params["startmodule"];
-			if(!preg_match('/'.$startmodule.'/', $modules)) {
+			if(!in_array($startmodule, explode(',', $modules))) {
 				$_modules = explode(',', $modules);
 				$startmodule=$_modules[0];
 			}
@@ -325,13 +335,23 @@ function ispconfig_sysuser_add($params, $insert_id){
 	}
 
 	function ispconfig_sysuser_update($params, $client_id){
-		global $app;
+		global $app, $conf;
 		$username = $params["username"];
 		$clear_password = $params["password"];
 		$language = $params['language'];
 		$modules = $params['modules'];
 		$client_id = $app->functions->intval($client_id);
 
+		// Check if modules are allowed and remove unknown modules
+		$allowed_modules = explode(',', $conf['interface_modules_enabled']);
+		$modules_array = explode(',', $modules);
+		foreach($modules_array as $key => $module) {
+			if(!in_array($module, $allowed_modules)) {
+				unset($modules_array[$key]);
+			}
+		}
+		$modules = implode(',', $modules_array);
+
 		if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
 		else $password = $clear_password;
 		$params = array($username);

interface/web/admin/directive_snippets_del.php

@@ -44,6 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+if(!$app->auth->is_admin()) die('Allowed for administrators only.');
 
 $app->load("tform_actions");
 

interface/web/admin/directive_snippets_edit.php

@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+if(!$app->auth->is_admin()) die('Allowed for administrators only.');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');

interface/web/admin/directive_snippets_list.php

@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+if(!$app->auth->is_admin()) die('Allowed for administrators only.');
 
 $app->uses('listform_actions');
 

interface/web/admin/extension_edit.php

@@ -33,6 +33,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+if(!$app->auth->is_admin()) die('Allowed for administrators only.');
 
 //* load language file
 $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_extension_install_list.lng';

interface/web/admin/extension_install_list.php

@@ -35,7 +35,7 @@
 $app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
-if(!$app->auth->is_admin()) die('only allowed for administrators.');
+if(!$app->auth->is_admin()) die('Allowed for administrators only.');
 
 $app->uses('tpl,extension_installer');
 

interface/web/admin/extension_repo_list.php

@@ -35,7 +35,7 @@
 $app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
-if(!$app->auth->is_admin()) die('only allowed for administrators.');
+if(!$app->auth->is_admin()) die('Allowed for administrators only.');
 
 $app->uses('tpl,extension_installer');