Merge branch 'develop' into 6501-php-ssh-cron

ms217 · ms217 · commit eea5b6aa750a · 2025-02-28T16:42:02.000+01:00
diff --git a/install/update.php b/install/update.php
@@ -111,7 +111,7 @@
 include_once "/usr/local/ispconfig/server/lib/config.inc.php";
 $conf_old = $conf;
 unset($conf);
-define('ISPC_LOG_FILE', $old_conf['ispconfig_log_dir'] . '/update.log');
+define('ISPC_LOG_FILE', $conf_old['ispconfig_log_dir'] . '/update.log');
 
 if($dist['id'] == '') die('Linux distribution or version not recognized.');
 
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
@@ -433,10 +433,10 @@ public function sites_web_domain_add($session_id, $client_id, $params, $readonly
 		if($params['log_retention'] == '') $params['log_retention'] = 30;
 
 		//* Set a few defaults for nginx servers
-		if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
-		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+		if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
-		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
 
 		$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_vhost_domain:on_after_insert');
 		if ($readonly === true)
@@ -455,10 +455,10 @@ public function sites_web_domain_update($session_id, $client_id, $primary_id, $p
 		if($params['log_retention'] == '') $params['log_retention'] = 30;
 
 		//* Set a few defaults for nginx servers
-		if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
-		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+		if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
-		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
 
 		$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params);
 		return $affected_rows;
@@ -507,10 +507,10 @@ public function sites_web_vhost_aliasdomain_add($session_id, $client_id, $params
 		if($params['log_retention'] == '') $params['log_retention'] = 30;
 
 		//* Set a few defaults for nginx servers
-		if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
-		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+		if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
-		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
 
 		$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_vhost_aliasdomain:on_after_insert');
 		return $domain_id;
@@ -527,10 +527,10 @@ public function sites_web_vhost_aliasdomain_update($session_id, $client_id, $pri
 		if($params['log_retention'] == '') $params['log_retention'] = 30;
 
 		//* Set a few defaults for nginx servers
-		if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
-		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+		if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
-		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
 
 		$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params, 'sites:web_vhost_aliasdomain:on_after_insert');
 		return $affected_rows;
@@ -579,10 +579,10 @@ public function sites_web_vhost_subdomain_add($session_id, $client_id, $params)
 		if($params['log_retention'] == '') $params['log_retention'] = 30;
 
 		//* Set a few defaults for nginx servers
-		if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
-		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+		if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
-		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
 
 		$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_vhost_subdomain:on_after_insert');
 		return $domain_id;
@@ -599,10 +599,10 @@ public function sites_web_vhost_subdomain_update($session_id, $client_id, $prima
 		if($params['log_retention'] == '') $params['log_retention'] = 30;
 
 		//* Set a few defaults for nginx servers
-		if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
-		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+		if($params['pm_max_children'] == '') $params['pm_max_children'] = 10;
+		if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 2;
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
-		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 5;
 
 		$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params, 'sites:web_vhost_subdomain:on_after_insert');
 		return $affected_rows;
diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php
@@ -76,6 +76,10 @@ function command_format($field_name, $field_value, $validator) {
 			if(preg_match("'^([a-z0-9][a-z0-9\-]{0,62}\.)+([A-Za-z0-9\-]{2,63})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
 
 
+
+			if(strpos($field_value, '\\') !== false) {
+				return $this->get_error($validator['errmsg']);
+			}
 		}
 
 		if(strpos($field_value, "\n") !== false || strpos($field_value, "\r") !== false || strpos($field_value, chr(0)) !== false) {
diff --git a/interface/web/mail/form/mail_domain.tform.php b/interface/web/mail/form/mail_domain.tform.php
@@ -87,9 +87,7 @@
 			),
 			'validators' => array (  0 => array ( 'type' => 'NOTEMPTY',
 					'errmsg'=> 'domain_error_empty'),
-				1 => array ( 'type' => 'UNIQUE',
-					'errmsg'=> 'domain_error_unique'),
-				2 => array ( 'type' => 'ISDOMAIN',
+				1 => array ( 'type' => 'ISDOMAIN',
 					'errmsg'=> 'domain_error_regex'),
 			),
 			'default' => '',
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
@@ -295,6 +295,12 @@ function onSubmit() {
 			}
 		}
 
+		// Check uniqueness per server.
+		$tmp = $app->db->queryOneRecord("SELECT domain_id FROM mail_domain WHERE domain = ? AND server_id = ? AND domain_id != ?", $this->dataRecord['domain'], $this->dataRecord['server_id'], $this->id);
+		if (!empty($tmp)) {
+			$app->tform->errorMessage .= $app->tform->lng("domain_error_unique")."<br />";
+		}
+
 		if($_SESSION["s"]["user"]["typ"] != 'admin') {
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
diff --git a/server/lib/classes/cron.d/100-mailbox_stats_hourly.inc.php b/server/lib/classes/cron.d/100-mailbox_stats_hourly.inc.php
@@ -96,7 +96,7 @@ private function update_last_mail_login() {
 			$matches = [];
 			// Match pop3/imap logings, or alternately smtp logins.
 			if (preg_match('/(.*) (imap|pop3)-login: Login: user=\<([\w\.@-]+)\>/', $line, $matches) || preg_match('/(.*) sasl_method=PLAIN, sasl_username=([\w\.@-]+)/', $line, $matches)) {
-				$user = $matches[3] ?? $matches[2];
+				$user = isset($matches[3]) ? $matches[3] : $matches[2];
 				$updatedUsers[] = $user;
 			}
 
diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -137,9 +137,9 @@ function insert($event_name, $data) {
 
 				$this->_add_jailkit_user();
 
-				//$this->_setup_php_jailkit();
+				$this->_setup_php_jailkit();
 
-				$command .= 'usermod -U ? 2>/dev/null';
+				$command = 'usermod -U ? 2>/dev/null';
 				$app->system->exec_safe($command, $parent_domain["system_user"]);
 
 				$this->_update_website_security_level();
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
@@ -224,6 +224,12 @@ function _write_crontab() {
 		$cmd_count = 0;
 		$chr_cmd_count = 0;
 
+		// Check if parentDomain array is empty
+		if(!is_array($this->parent_domain) || count($this->parent_domain) == 0) {
+			$app->log("Parent domain not found", LOGLEVEL_WARN);
+			return 0;
+		}
+
 		//* read all active cron jobs from database and write them to file
 		$cron_jobs = $app->db->queryAllRecords("SELECT c.`id`, c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain`
 			FROM `cron` as c
@@ -249,7 +255,11 @@ function _write_crontab() {
 					$log_wget_target = $log_root . '/cron_wget.log';
 				}
 
-
+				// Check if command contains invalid chars
+				if(strpos($job['command'], "\n") !== false || strpos($job['command'], "\r") !== false || strpos($job['command'], chr(0)) !== false) {
+					$app->log("Insecure Cron job SKIPPED: " . $job['command'], LOGLEVEL_WARN);
+					continue;
+				}
 
 				$cron_line .= "\t{$this->parent_domain['system_user']}"; //* running as user
 				if($job['type'] == 'url') {
@@ -259,18 +269,13 @@ function _write_crontab() {
 
 					$job['command'] = strtr($job['command'], $trans);
 
-					$cron_line .= "\t{$cron_config['wget']} --no-check-certificate --user-agent='Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0' -q -t 1 -T 7200 -O " . $log_wget_target . " " . escapeshellarg($job['command']) . " " . $log_target;
-				} else {
-					if(strpos($job['command'], "\n") !== false || strpos($job['command'], "\r") !== false || strpos($job['command'], chr(0)) !== false) {
+					// Check that command does not contain a backslash
+					if (strpos($job['command'], '\\') !== false) {
 						$app->log("Insecure Cron job SKIPPED: " . $job['command'], LOGLEVEL_WARN);
 						continue;
 					}
 
-					$web_docroot_client = '';
-
-					// web folder is hardcoded to /web:
-					$web_folder = '/web';
-
+					$web_root = '';
 					if($job['type'] == 'chrooted') {
 						if(substr($job['command'], 0, strlen($this->parent_domain['document_root'])) == $this->parent_domain['document_root']) {
 							//* delete the unneeded path part

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,10 @@ function command_format($field_name, $field_value, $validator) {`
`76`	`76`	`if(preg_match("'^([a-z0-9][a-z0-9\-]{0,62}\.)+([A-Za-z0-9\-]{2,63})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);`
`77`	`77`
`78`	`78`
	`79`	`+`
	`80`	`+ if(strpos($field_value, '\\') !== false) {`
	`81`	`+ return $this->get_error($validator['errmsg']);`
	`82`	`+ }`
`79`	`83`	`}`
`80`	`84`
`81`	`85`	`if(strpos($field_value, "\n") !== false \|\| strpos($field_value, "\r") !== false \|\| strpos($field_value, chr(0)) !== false) {`
Original file line number	Diff line number	Diff line change
`@@ -295,6 +295,12 @@ function onSubmit() {`
`295`	`295`	`}`
`296`	`296`	`}`
`297`	`297`
	`298`	`+ // Check uniqueness per server.`
	`299`	`+ $tmp = $app->db->queryOneRecord("SELECT domain_id FROM mail_domain WHERE domain = ? AND server_id = ? AND domain_id != ?", $this->dataRecord['domain'], $this->dataRecord['server_id'], $this->id);`
	`300`	`+ if (!empty($tmp)) {`
	`301`	`+ $app->tform->errorMessage .= $app->tform->lng("domain_error_unique")."<br />";`
	`302`	`+ }`
	`303`	`+`
`298`	`304`	`if($_SESSION["s"]["user"]["typ"] != 'admin') {`
`299`	`305`	`// Get the limits of the client`
`300`	`306`	`$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);`
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ private function update_last_mail_login() {`
`96`	`96`	`$matches = [];`
`97`	`97`	`// Match pop3/imap logings, or alternately smtp logins.`
`98`	`98`	`if (preg_match('/(.) (imap\|pop3)-login: Login: user=\<([\w\.@-]+)\>/', $line, $matches) \|\| preg_match('/(.) sasl_method=PLAIN, sasl_username=([\w\.@-]+)/', $line, $matches)) {`
`99`		`- $user = $matches[3] ?? $matches[2];`
	`99`	`+ $user = isset($matches[3]) ? $matches[3] : $matches[2];`
`100`	`100`	`$updatedUsers[] = $user;`
`101`	`101`	`}`
`102`	`102`