Merge branch '6854-php-jailkit-fixes' into 'develop'

Resolve "PHP Jailkit fixes for PHP 8.3+ compatiblity"

Closes #6854

See merge request ispconfig/ispconfig3!2006

Author: Till Brehm

server/lib/classes/system.inc.php

@@ -1883,22 +1883,33 @@ public function is_blacklisted_web_path($path) {
 	function web_folder_protection($document_root, $protect) {
 		global $app, $conf;
 
-		if($this->checkpath($document_root) == false) {
+		// Ensure $document_root is a string and not null
+		$document_root = is_string($document_root) ? trim($document_root) : '';
+
+		// Check if the path is valid
+		if ($this->checkpath($document_root) === false) {
 			$app->log("Action aborted, target is a symlink: $document_root", LOGLEVEL_DEBUG);
 			return false;
 		}
 
-		//* load the server configuration options
+		// Load the server configuration options
 		$app->uses('getconf');
 		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
 
-		if($protect == true && $web_config['web_folder_protection'] == 'y') {
-			//* Add protection
-			if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root, '..')) $this->exec_safe('chattr +i ?', $document_root);
+		// Add or remove protection based on $protect and configuration
+		if ($protect === true && isset($web_config['web_folder_protection']) && $web_config['web_folder_protection'] === 'y') {
+			// Add protection
+			if ($document_root !== '' && $document_root !== '/' && strlen($document_root) > 6 && strpos($document_root, '..') === false) {
+				$this->exec_safe('chattr +i ?', $document_root);
+			}
 		} else {
-			//* Remove protection
-			if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root, '..')) $this->exec_safe('chattr -i ?', $document_root);
+			// Remove protection
+			if ($document_root !== '' && $document_root !== '/' && strlen($document_root) > 6 && strpos($document_root, '..') === false) {
+				$this->exec_safe('chattr -i ?', $document_root);
+			}
 		}
+
+		return true;
 	}
 
 	function usermod($username, $uid = 0, $gid = 0, $home = '', $shell = '', $password = '', $login = '') {

server/plugins-available/cron_jailkit_plugin.inc.php

@@ -105,21 +105,21 @@ function insert($event_name, $data) {
 			 */
 
 
-			if ($data['new']['type'] == "chrooted")
+			if($data['new']['type'] == "chrooted")
 			{
 				// load the server configuration options
 				$app->uses("getconf");
 				$this->data = $data;
 				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
-				foreach (array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs') as $section) {
+				foreach(array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs') as $section) {
 					// Replace and don't inherit the server's Jailkit config
 					if (isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
 						$this->jailkit_config[$section] = $parent_domain[$section];
 					}
 					// Add selected PHP version to the jailkit chroot
-					if ($section == 'jailkit_chroot_app_sections') {
-						if (isset($parent_domain['php_jk_section']) && $parent_domain['php_jk_section'] != '' ) {
-							if (is_array($this->jailkit_config['jailkit_chroot_app_sections'])) {
+					if($section == 'jailkit_chroot_app_sections') {
+						if(isset($parent_domain['php_jk_section']) && $parent_domain['php_jk_section'] != '' ) {
+							if(is_array($this->jailkit_config['jailkit_chroot_app_sections'])) {
 								$this->jailkit_config['jailkit_chroot_app_sections'] = implode(' ', $this->jailkit_config['jailkit_chroot_app_sections']);
 							}
 							$this->jailkit_config['jailkit_chroot_app_sections'] = $this->jailkit_config['jailkit_chroot_app_sections'] . ' ' . $parent_domain['php_jk_section'];
@@ -189,7 +189,7 @@ function update($event_name, $data) {
 			/**
 			 * Setup Jailkit Chroot System If Enabled
 			 */
-			if ($data['new']['type'] == "chrooted")
+			if($data['new']['type'] == "chrooted")
 			{
 				$app->log("Jailkit Plugin (Cron) -> setting up jail", LOGLEVEL_DEBUG);
 				// load the server configuration options
@@ -249,13 +249,13 @@ function delete($event_name, $data) {
 
 		$app->uses('system');
 
-		if ($data['old']['type'] == "chrooted")
+		if($data['old']['type'] == "chrooted")
 		{
 			$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $data['old']['parent_domain_id']);
 
 			// should copy some _delete_homedir() functionality from shelluser_jailkit_plugin ?
 
-			if (isset($parent_domain['delete_unused_jailkit']) && $parent_domain['delete_unused_jailkit'] == 'y') {
+			if(isset($parent_domain['delete_unused_jailkit']) && $parent_domain['delete_unused_jailkit'] == 'y') {
 				$app->system->web_folder_protection($parent_domain['document_root'], false);
 				$this->_delete_jailkit_if_unused($parent_domain['domain_id']);
 				$app->system->web_folder_protection($parent_domain['document_root'], true);
@@ -268,27 +268,43 @@ function _setup_jailkit_chroot()
 		global $app, $conf;
 
 
-		if (isset($this->jailkit_config) && isset($this->jailkit_config['jailkit_hardlinks'])) {
-			if ($this->jailkit_config['jailkit_hardlinks'] == 'yes') {
+		if(isset($this->jailkit_config) && isset($this->jailkit_config['jailkit_hardlinks'])) {
+			if($this->jailkit_config['jailkit_hardlinks'] == 'yes') {
 				$options = array('hardlink');
-			} elseif ($this->jailkit_config['jailkit_hardlinks'] == 'no') {
+			} elseif($this->jailkit_config['jailkit_hardlinks'] == 'no') {
 				$options = array();
 			}
 		} else {
 			$options = array('allow_hardlink');
 		}
 
-		$last_updated = preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']
-						  .' '.$this->jailkit_config['jailkit_chroot_app_programs']
-						  .' '.$this->jailkit_config['jailkit_chroot_cron_programs']);
+		$sections = isset($this->jailkit_config['jailkit_chroot_app_sections'])
+			? (is_array($this->jailkit_config['jailkit_chroot_app_sections'])
+				? $this->jailkit_config['jailkit_chroot_app_sections']
+				: preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']))
+			: [];
+
+		$programs = isset($this->jailkit_config['jailkit_chroot_app_programs'])
+			? (is_array($this->jailkit_config['jailkit_chroot_app_programs'])
+				? $this->jailkit_config['jailkit_chroot_app_programs']
+				: preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_programs']))
+			: [];
+
+		$cron_programs = isset($this->jailkit_config['jailkit_chroot_cron_programs'])
+			? (is_array($this->jailkit_config['jailkit_chroot_cron_programs'])
+				? $this->jailkit_config['jailkit_chroot_cron_programs']
+				: preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_cron_programs']))
+			: [];
+
+		$last_updated = array_merge($sections, $programs, $cron_programs);
 		$last_updated = array_unique($last_updated, SORT_REGULAR);
 		sort($last_updated, SORT_STRING);
 		$update_hash = hash('md5', implode(' ', $last_updated));
 
 		// should move return here if $update_hash == $parent_domain['last_jailkit_hash'] ?
 
 		// check if the chroot environment is created yet if not create it with a list of program sections from the config
-		if (!is_dir($this->parent_domain['document_root'].'/etc/jailkit'))
+		if(!is_dir($this->parent_domain['document_root'].'/etc/jailkit'))
 		{
 
 			$app->load('tpl');
@@ -314,12 +330,12 @@ function _setup_jailkit_chroot()
 			$programs = $this->jailkit_config['jailkit_chroot_app_programs'] . ' '
 				  . $this->jailkit_config['jailkit_chroot_cron_programs'];
 
-			if ($update_hash == $this->parent_domain['last_jailkit_hash']) {
+			if($update_hash == $this->parent_domain['last_jailkit_hash']) {
 				return;
 			}
 
 			$records = $app->db->queryAllRecords('SELECT web_folder FROM `web_domain` WHERE `parent_domain_id` = ? AND `document_root` = ? AND web_folder != \'\' AND web_folder IS NOT NULL AND `server_id` = ?', $this->parent_domain['domain_id'], $this->parent_domain['document_root'], $conf['server_id']);
-			foreach ($records as $record) {
+			foreach($records as $record) {
 				$options[] = 'skip='.$record['web_folder'];
 			}
 
@@ -400,12 +416,12 @@ private function _delete_jailkit_if_unused($parent_domain_id) {
 
 		// get jail directory
 		$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ? OR `parent_domain_id` = ? AND `document_root` IS NOT NULL", $parent_domain_id, $parent_domain_id);
-		if (!is_dir($parent_domain['document_root'])) {
+		if(!is_dir($parent_domain['document_root'])) {
 			return;
 		}
 
 		// chroot is used by php-fpm
-		if (isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y') {
+		if(isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y') {
 			return;
 		}
 
@@ -423,7 +439,7 @@ private function _delete_jailkit_if_unused($parent_domain_id) {
 
 		$options = array();
 		$records = $app->db->queryAllRecords('SELECT web_folder FROM `web_domain` WHERE `parent_domain_id` = ? AND `document_root` = ? AND web_folder != \'\' AND web_folder IS NOT NULL AND `server_id` = ?', $parent_domain_id, $parent_domain['document_root'], $conf['server_id']);
-		foreach ($records as $record) {
+		foreach($records as $record) {
 			$options[] = 'skip='.$record['web_folder'];
 		}
 

server/plugins-available/shelluser_base_plugin.inc.php

@@ -687,7 +687,7 @@ function _setup_shell_php() {
 				unlink($home_php);
 			}
 			symlink($php_binary_path, $home_php);
-			$app->log("Created symlink from " . $php_binary_path ." to PHP binary: " . $home_php, LOGLEVEL_DEBUG);
+			$app->log("Created symlink from " . $home_php ." to PHP binary: " . $php_binary_path, LOGLEVEL_DEBUG);
 		}
 	}