Skip to content

Commit e724179

Browse files
author
Marius Burkard
committed
Merge branch 'ispconfig/ispconfig3-stable-3.1' into stable-3.1
2 parents ecbdda9 + 8f24b1b commit e724179

34 files changed

+84
-4
lines changed

install/dist/lib/fedora.lib.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1076,6 +1076,8 @@ public function install_ispconfig()
10761076
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
10771077
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
10781078
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1079+
$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
1080+
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
10791081

10801082
//* Make the global language file directory group writable
10811083
exec("chmod -R 770 $install_dir/interface/lib/lang");

install/dist/lib/gentoo.lib.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -996,7 +996,9 @@ public function install_ispconfig()
996996
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
997997
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
998998
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
999-
999+
$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
1000+
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1001+
10001002
//* Make the global language file directory group writable
10011003
exec("chmod -R 770 $install_dir/interface/lib/lang");
10021004

install/dist/lib/opensuse.lib.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1094,7 +1094,9 @@ public function install_ispconfig()
10941094
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
10951095
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
10961096
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1097-
1097+
$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
1098+
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1099+
10981100
//* Make the global language file directory group writable
10991101
exec("chmod -R 770 $install_dir/interface/lib/lang");
11001102

install/lib/installer_base.lib.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2389,7 +2389,9 @@ public function install_ispconfig() {
23892389
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
23902390
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
23912391
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
2392-
2392+
$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
2393+
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
2394+
23932395
//* Make the global language file directory group writable
23942396
exec("chmod -R 770 $install_dir/interface/lib/lang");
23952397

interface/lib/classes/validate_domain.inc.php

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,44 @@ function web_apache_directives($field_name, $field_value, $validator) {
141141
}
142142
}
143143

144+
/* Check nginx directives */
145+
function web_nginx_directives($field_name, $field_value, $validator) {
146+
global $app;
147+
148+
if(trim($field_value) != '') {
149+
$security_config = $app->getconf->get_security_config('ids');
150+
151+
if($security_config['nginx_directives_scan_enabled'] == 'yes') {
152+
153+
// Get blacklist
154+
$blacklist_path = '/usr/local/ispconfig/security/nginx_directives.blacklist';
155+
if(is_file('/usr/local/ispconfig/security/nginx_directives.blacklist.custom')) $blacklist_path = '/usr/local/ispconfig/security/nginx_directives.blacklist.custom';
156+
if(!is_file($blacklist_path)) $blacklist_path = realpath(ISPC_ROOT_PATH.'/../security/nginx_directives.blacklist');
157+
158+
$directives = explode("\n",$field_value);
159+
$regex = explode("\n",file_get_contents($blacklist_path));
160+
$blocked = false;
161+
$blocked_line = '';
162+
163+
if(is_array($directives) && is_array($regex)) {
164+
foreach($directives as $directive) {
165+
$directive = trim($directive);
166+
foreach($regex as $r) {
167+
if(preg_match(trim($r),$directive)) {
168+
$blocked = true;
169+
$blocked_line .= $directive.'<br />';
170+
};
171+
}
172+
}
173+
}
174+
}
175+
}
176+
177+
if($blocked === true) {
178+
return $this->get_error('nginx_directive_blocked_error').' '.$blocked_line;
179+
}
180+
}
181+
144182

145183
/* internal validator function to match regexp */
146184
function _regex_validate($domain_name, $allow_wildcard = false) {

interface/web/sites/form/web_vhost_domain.tform.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -881,6 +881,13 @@
881881
'nginx_directives' => array (
882882
'datatype' => 'TEXT',
883883
'formtype' => 'TEXT',
884+
'validators' => array ( 0 => array(
885+
'type' => 'CUSTOM',
886+
'class' => 'validate_domain',
887+
'function' => 'web_nginx_directives',
888+
'errmsg' => 'nginx_directive_blocked_error'
889+
),
890+
),
884891
'default' => '',
885892
'value' => '',
886893
'width' => '30',

interface/web/sites/lib/lang/ar_web_domain.lng

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
133133
$wb['https_port_txt'] = 'HTTPS Port';
134134
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
135135
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
136+
$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
136137
?>

interface/web/sites/lib/lang/bg_web_domain.lng

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
133133
$wb['https_port_txt'] = 'HTTPS Port';
134134
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
135135
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
136+
$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
136137
?>

interface/web/sites/lib/lang/br_web_domain.lng

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'Porta HTTP';
133133
$wb['https_port_txt'] = 'Porta HTTPS';
134134
$wb['http_port_error_regex'] = 'Porta HTTP inválida.';
135135
$wb['https_port_error_regex'] = 'Porta HTTPS inválida.';
136+
$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
136137
?>

interface/web/sites/lib/lang/ca_web_domain.lng

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
133133
$wb['https_port_txt'] = 'HTTPS Port';
134134
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
135135
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
136+
$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
136137
?>

0 commit comments

Comments
 (0)