fix some strings quoting and remove some execs

Author: jwarnier

install/dist/lib/debian60.lib.php

@@ -38,11 +38,11 @@ public function configure_dovecot()
 
 		//* Configure master.cf and add a line for deliver
 		if(is_file($config_dir.'/master.cf')){
-            copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
-        }
+			copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
+		}
 		if(is_file($config_dir.'/master.cf~')){
-            exec('chmod 400 '.$config_dir.'/master.cf~2');
-        }
+			chmod($config_dir.'/master.cf~2', 0400);
+		}
 		$content = rf($conf["postfix"]["config_dir"].'/master.cf');
 		// Only add the content if we had not addded it before
 		if(!stristr($content,"dovecot/deliver")) {
@@ -73,29 +73,30 @@ public function configure_dovecot()
 
 		//* copy dovecot.conf
 		$configfile = 'dovecot.conf';
-		if(is_file("$config_dir/$configfile")){
-            copy("$config_dir/$configfile", "$config_dir/$configfile~");
-        }
-		copy('tpl/debian6_dovecot.conf.master',"$config_dir/$configfile");
+		if(is_file($config_dir.'/'.$configfile)){
+			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+		}
+		copy('tpl/debian6_dovecot.conf.master',$config_dir.'/'.$configfile);
 
 		//* dovecot-sql.conf
 		$configfile = 'dovecot-sql.conf';
-		if(is_file("$config_dir/$configfile")){
-            copy("$config_dir/$configfile", "$config_dir/$configfile~");
-        }
-		exec("chmod 400 $config_dir/$configfile~");
-		$content = rf("tpl/debian6_dovecot-sql.conf.master");
+		if(is_file($config_dir.'/'.$configfile)){
+			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+		}
+		chmod($config_dir.'/'.$configfile.'~', 0400);
+		$content = rf('tpl/debian6_dovecot-sql.conf.master');
 		$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
 		$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
 		$content = str_replace('{mysql_server_database}',$conf['mysql']['database'],$content);
 		$content = str_replace('{mysql_server_host}',$conf['mysql']['host'],$content);
-		wf("$config_dir/$configfile", $content);
+		wf($config_dir.'/'.$configfile, $content);
 
-		exec("chmod 600 $config_dir/$configfile");
-		exec("chown root:root $config_dir/$configfile");
+		chmod($config_dir.'/'.$configfile, 0600);
+		chown($config_dir.'/'.$configfile, 'root');
+		chgrp($config_dir.'/'.$configfile, 'root');
 
 	}
 
 }
 
-?>
+?>

install/lib/update.lib.php

@@ -58,8 +58,9 @@ function prepareDBDump() {
 	// create a backup copy of the ispconfig database in the root folder
 	$backup_db_name = '/root/ispconfig_db_backup_'.@date('Y-m-d_h-i').'.sql';
 	copy('existing_db.sql',$backup_db_name);
-	exec("chmod 700 $backup_db_name");
-	exec("chown root:root $backup_db_name");
+	chmod($backup_db_name, 0700);
+	chown($backup_db_name, 'root');
+	chgrp($backup_db_name, 'root');
 
 	if ($conf['powerdns']['installed']) {
 		//** export the current PowerDNS database data
@@ -72,8 +73,9 @@ function prepareDBDump() {
 		// create a backup copy of the PowerDNS database in the root folder
 		$backup_db_name = '/root/ispconfig_powerdns_db_backup_'.@date('Y-m-d_h-i').'.sql';
 	        copy('existing_powerdns_db.sql',$backup_db_name);
-        	exec("chmod 700 $backup_db_name");
-	        exec("chown root:root $backup_db_name");
+		chmod($backup_db_name, 0700);
+	        chown($backup_db_name, 'root');
+	        chgrp($backup_db_name, 'root');
 	}
 }
 

server/cron_daily.php

@@ -132,7 +132,7 @@ function setConfigVar( $filename, $varName, $varValue ) {
 	$webalizer_conf = escapeshellcmd($rec["document_root"].'/log/webalizer.conf');
 
 	if(!@is_file($webalizer_conf)) {
-		exec("cp $webalizer_conf_main $webalizer_conf");
+		copy($webalizer_conf_main,$webalizer_conf);
 	}
 
 	if(@is_file($webalizer_conf)) {
@@ -376,12 +376,12 @@ function setConfigVar( $filename, $varName, $varValue ) {
 #######################################################################################################
 
 $server_config = $app->getconf->get_server_config($conf["server_id"], 'server');
-$backup_dir = trim($server_config['backup_dir']);
+$backup_dir = $server_config['backup_dir'];
 
 if($backup_dir != '') {
 
 	if(!is_dir($backup_dir)) {
-		exec("mkdir -p ".escapeshellarg($backup_dir));
+		mkdir(escapeshellarg($backup_dir), 0750, true);
 	}
 
 	$sql = "SELECT * FROM web_domain WHERE type = 'vhost'";
@@ -397,24 +397,25 @@ function setConfigVar( $filename, $varName, $varValue ) {
 				$web_group = $rec['system_group'];
 				$web_id = $rec['domain_id'];
 				$web_backup_dir = $backup_dir.'/web'.$web_id;
-				if(!is_dir($web_backup_dir)) mkdir($web_backup_dir);
+				if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750);
 
-				exec('chown root:root '.$web_backup_dir);
-				exec('chmod 755 '.$web_backup_dir);
-				exec("cd ".escapeshellarg($web_path)." && sudo -u ".escapeshellarg($web_user)." find . -group ".escapeshellarg($web_group)." -print | zip -y ".escapeshellarg($web_backup_dir."/web.zip")." -@");
+				chmod($web_backup_dir, 0755);
+				chown($web_backup_dir, 'root');
+				chgrp($web_backup_dir, 'root');
+				exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print | zip -y '.escapeshellarg($web_backup_dir.'/web.zip').' -@');
 
 				// Rename or remove old backups
 				$backup_copies = intval($rec['backup_copies']);
 
-				if(is_file($web_backup_dir."/web.".$backup_copies.".zip")) unlink($web_backup_dir."/web.".$backup_copies.".zip");
+				if(is_file($web_backup_dir.'/web.'.$backup_copies.'.zip')) unlink($web_backup_dir.'/web.'.$backup_copies.'.zip');
 
 				for($n = $backup_copies - 1; $n >= 1; $n--) {
-					if(is_file($web_backup_dir."/web.".$n.".zip")) {
-						rename($web_backup_dir."/web.".$n.".zip",$web_backup_dir."/web.".($n+1).".zip");
+					if(is_file($web_backup_dir.'/web.'.$n.'.zip')) {
+						rename($web_backup_dir.'/web.'.$n.'.zip',$web_backup_dir.'/web.'.($n+1).'.zip');
 					}
 				}
 
-				if(is_file($web_backup_dir."/web.zip")) rename($web_backup_dir."/web.zip",$web_backup_dir."/web.1.zip");
+				if(is_file($web_backup_dir.'/web.zip')) rename($web_backup_dir.'/web.zip',$web_backup_dir.'/web.1.zip');
 
 				// Create backupdir symlink
 				if(is_link($web_path.'/backup')) unlink($web_path.'/backup');
@@ -430,7 +431,7 @@ function setConfigVar( $filename, $varName, $varValue ) {
 				$web_user = $rec['system_user'];
 				$web_backup_dir = realpath($backup_dir.'/web'.$web_id);
 				if(is_dir($web_backup_dir)) {
-					exec("sudo -u ".escapeshellarg($web_user)." rm -f ".escapeshellarg($web_backup_dir.'/*'));
+					exec('sudo -u '.escapeshellarg($web_user).' rm -f '.escapeshellarg($web_backup_dir.'/*'));
 				}
 			}
 		}
@@ -439,4 +440,4 @@ function setConfigVar( $filename, $varName, $varValue ) {
 
 
 die("finished.\n");
-?>
+?>

server/plugins-available/bind_plugin.inc.php

@@ -109,7 +109,8 @@ function soa_update($event_name,$data) {
 			$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri.'.substr($zone['origin'],0,-1));
 			$app->log("Writing BIND domain file: ".$filename,LOGLEVEL_DEBUG);
 			file_put_contents($filename,$tpl->grab());
-			exec('chown '.escapeshellcmd($dns_config['bind_user']).':'.escapeshellcmd($dns_config['bind_group']).' '.$filename);
+			chown($filename, escapeshellcmd($dns_config['bind_user']));
+			chgrp($filename, escapeshellcmd($dns_config['bind_group']));
 			unset($tpl);
 			unset($records);
 			unset($records_out);

server/plugins-available/cron_jailkit_plugin.inc.php

@@ -230,20 +230,20 @@ function _setup_jailkit_chroot()
                 $tpl->setVar('home_dir',$this->_get_home_dir(""));
 
 				$bashrc = escapeshellcmd($this->parent_domain['document_root']).'/etc/bash.bashrc';
-				if(@is_file($bashrc)) exec('rm '.$bashrc);
+				if(@is_file($bashrc)) unlink($bashrc);
 
 				file_put_contents($bashrc,$tpl->grab());
 				unset($tpl);
 
-				$this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);
+				$this->app->log('Added bashrc script: '.$bashrc,LOGLEVEL_DEBUG);
 
 				$tpl = new tpl();
-				$tpl->newTemplate("motd.master");
+				$tpl->newTemplate('motd.master');
 
 				$tpl->setVar('domain',$this->parent_domain['domain']);
 
 				$motd = escapeshellcmd($this->parent_domain['document_root']).'/var/run/motd';
-				if(@is_file($motd)) exec('rm '.$motd);
+				if(@is_file($motd)) unlink($motd);
 
 				file_put_contents($motd,$tpl->grab());
 
@@ -290,7 +290,7 @@ function _add_jailkit_user()
 
 			$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
 
-			exec("mkdir -p ".escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome));
+			mkdir(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), 0755, true);
 	}
 
     function _get_home_dir($username)
@@ -308,16 +308,16 @@ function _update_website_security_level() {
 
 		//* If the security level is set to high
 		if($web_config['security_level'] == 20) {
-			$this->_exec("chmod 755 ".escapeshellcmd($this->parent_domain['document_root']));
-			$this->_exec("chown root:root ".escapeshellcmd($this->parent_domain['document_root']));
+			$this->_exec('chmod 755 '.escapeshellcmd($this->parent_domain['document_root']));
+			$this->_exec('chown root:root '.escapeshellcmd($this->parent_domain['document_root']));
 		}
 
 	}
 
 	//* Wrapper for exec function for easier debugging
 	private function _exec($command) {
 		global $app;
-		$app->log("exec: ".$command,LOGLEVEL_DEBUG);
+		$app->log('exec: '.$command,LOGLEVEL_DEBUG);
 		exec($command);
 	}
 

server/plugins-available/cron_plugin.inc.php

@@ -97,7 +97,7 @@ function update($event_name,$data) {
             $app->log("Parent domain not found",LOGLEVEL_WARN);
             return 0;
         } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
-			$app->log("Websites (and Crons) can not be owned by the root user or group.",LOGLEVEL_WARN);
+			$app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN);
 			return 0;
 		}
 
@@ -134,7 +134,7 @@ function update($event_name,$data) {
 		}
 
 		// make temp directory writable for the apache and website users
-		exec("chmod 777 ".escapeshellcmd($parent_domain["document_root"]."/tmp"));
+		chmod(escapeshellcmd($parent_domain["document_root"].'/tmp'), 0777);
 
         /** TODO READ CRON MASTER **/
 

server/plugins-available/getmail_plugin.inc.php

@@ -129,8 +129,8 @@ function update($event_name,$data) {
 				// Write the config file.
 				file_put_contents($config_file_path,$tpl);
 				$app->log("Writing Getmail config file: $config_file_path",LOGLEVEL_DEBUG);
-				exec("chmod 400 $config_file_path");
-				exec("chown getmail $config_file_path");
+				chmod($config_file_path, 0400);
+				chown($config_file_path, 'getmail');
 				unset($tpl);
 				unset($config_file_path);
 
@@ -160,4 +160,4 @@ function delete($event_name,$data) {
 
 } // end class
 
-?>
+?>

server/plugins-available/maildrop_plugin.inc.php

@@ -82,8 +82,8 @@ function update($event_name,$data) {
 		if(!is_dir($this->mailfilter_config_dir)) {
 			$app->log("Mailfilter config directory '".$this->mailfilter_config_dir."' does not exist. Creating it now.",LOGLEVEL_WARN);
 			mkdir($this->mailfilter_config_dir);
-			exec("chown vmail ".$this->mailfilter_config_dir);
-			exec("chmod 770 ".$this->mailfilter_config_dir);
+			chown($this->mailfilter_config_dir, 'vmail');
+			chmod($this->mailfilter_config_dir, 0770);
 		}
 
 		if(isset($data["new"]["email"])) {
@@ -95,13 +95,13 @@ function update($event_name,$data) {
 		// make sure that the config directories exist
 		if(!is_dir($this->mailfilter_config_dir.'/'.$email_parts[1])) {
 			mkdir($this->mailfilter_config_dir.'/'.$email_parts[1]);
-			exec("chown vmail ".$this->mailfilter_config_dir.'/'.$email_parts[1]);
-			exec("chmod 770 ".$this->mailfilter_config_dir.'/'.$email_parts[1]);
+			chown($this->mailfilter_config_dir.'/'.$email_parts[1], 'vmail');
+			chmod($this->mailfilter_config_dir.'/'.$email_parts[1], 0770);
 		}
 		if(!is_dir($this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0])) {
 			mkdir($this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0]);
-			exec("chown vmail ".$this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0]);
-			exec("chmod 770 ".$this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0]);
+			chown($this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0], 'vmail');
+			chmod($this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0], 0770);
 		}
 
 		// Check if something has been changed regarding the autoresponders
@@ -151,16 +151,16 @@ function update($event_name,$data) {
 				$config_file_path = $this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0].'/.autoresponder';
 				file_put_contents($config_file_path,$tpl);
 				$app->log("Writing Autoresponder mailfilter file: $config_file_path",LOGLEVEL_DEBUG);
-				exec("chmod 770 $config_file_path");
-				exec("chown vmail $config_file_path");
+				chmod($config_file_path, 0770);
+				chown($config_file_path, 'vmail');
 				unset($tpl);
 				unset($config_file_path);
 
 				// Write the autoresponder message file
 				$config_file_path = $this->mailfilter_config_dir.'/'.$email_parts[1].'/'.$email_parts[0].'/.vacation.msg';
 				file_put_contents($config_file_path,$data["new"]["autoresponder_text"]);
-				exec("chmod 770 $config_file_path");
-				exec("chown vmail $config_file_path");
+				chmod($config_file_path, 0770);
+				chown($config_file_path, 'vmail');
 				$app->log("Writing Autoresponder message file: $config_file_path",LOGLEVEL_DEBUG);
 			}
 		}
@@ -198,8 +198,8 @@ function update($event_name,$data) {
 
 					file_put_contents($config_file_path,$mailfilter_content);
 					$app->log("Writing new custom Mailfiter".$config_file_path,LOGLEVEL_DEBUG);
-					exec("chmod 770 $config_file_path");
-					exec("chown vmail $config_file_path");
+					chmod($config_file_path, 0770);
+					chown($config_file_path, 'vmail');
 					unset($config_file_path);
 				} else {
 					// Delete the mailfilter recipe
@@ -244,4 +244,4 @@ function delete($event_name,$data) {
 
 } // end class
 
-?>
+?>

server/plugins-available/pma_symlink_plugin.inc.php

@@ -106,16 +106,16 @@ function update($event_name,$data) {
         elseif($data["new"]["php"] == "fast-cgi" && $data["new"]["suexec"] == "y") $symlink = false;
 
 
-        if(!is_dir($data["new"]["document_root"]."/web")) exec("mkdir -p ".$data["new"]["document_root"]."/web");
+        if(!is_dir($data["new"]["document_root"]."/web")) mkdir($data["new"]["document_root"].'/web', 0755, true);
         if($symlink == false) {
-            if(is_link($data["new"]["document_root"]."/web/phpmyadmin")) exec("rm -f ".$data["new"]["document_root"]."/web/phpmyadmin");
+            if(is_link($data["new"]["document_root"].'/web/phpmyadmin')) unlink($data["new"]["document_root"].'/web/phpmyadmin');
         } else {
-            if(!is_link($data["new"]["document_root"]."/web/phpmyadmin")) exec("ln -s /var/www/phpmyadmin ".$data["new"]["document_root"]."/web/phpmyadmin");
-            else exec("ln -sf /var/www/phpmyadmin ".$data["new"]["document_root"]."/web/phpmyadmin");
+            if(!is_link($data["new"]["document_root"].'/web/phpmyadmin')) symlink('/var/www/phpmyadmin',$data["new"]["document_root"].'/web/phpmyadmin');
+            else symlink('/var/www/phpmyadmin',$data["new"]["document_root"].'/web/phpmyadmin');
         }
 	}
 
 
 } // end class
 
-?>
+?>