Главная Обзор Помощь
Вход
yosoyhendrix
/
hestiacp
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

Fix web ui + Imporve security by blocking html + Allow for the use of idn domains

Jaap Marcus 5 лет назад
Родитель
193ff2f433
Сommit
c682ace94d
6 измененных файлов с 144 добавлено и 14 удалено
Разделённый вид Показать статистику Diff
  1. 33 9
      bin/v-add-web-domain-redirect
  2. 3 3
      bin/v-delete-web-domain-redirect
  3. 2 0
      bin/v-list-web-domain
  4. 37 0
      web/edit/web/index.php
  5. 10 1
      web/js/pages/edit_web.js
  6. 59 1
      web/templates/admin/edit_web.html

+ 33 - 9
bin/v-add-web-domain-redirect
Просмотреть файл 

@@ -40,6 +40,23 @@ is_object_unsuspended 'user' 'USER' "$user"
 
 is_object_valid 'web' 'DOMAIN' "$domain"
 
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 
 
+
 
+scheme=0
 
+if [[ "$3" =~ http://|https:// ]]; then
 
+    scheme=1
 
+    regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
 
+    if ! [[ "$3" =~ $regex ]]; then
 
+        echo "Invalid redirect"
 
+        exit 2;
 
+    fi
 
+else
 
+    regex='[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
 
+    if ! [[ "$3" =~ $regex ]]; then
 
+        echo "Invalid redirect"
 
+        exit 2;
 
+    fi
 
+fi
 
+
 
 # Perform verification if read-only mode is enabled
 
 check_hestia_demo_mode
 
 
@@ -55,12 +72,19 @@ if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
 
 fi
 
 # Insert redirect commands
 
 if [ ! -z "$PROXY_SYSTEM" ] || [ "$WEB_SYSTEM" = 'nginx' ]; then
 
-    echo "if (\$host != \"$redirect\") {" > $conf
 
-    echo "   return $code \$scheme://$redirect\$request_uri;" >> $conf
 
-    echo "}" >> $conf
 
-    
-    if [ ! -e "$sconf" ]; then
 
-        ln -s "$conf" "$sconf"
 
+    if [ "$scheme" = 1 ]; then
 
+        echo "   return $code $redirect\$request_uri;" > $conf        
+        if [ ! -e "$sconf" ]; then
 
+            ln -s "$conf" "$sconf"
 
+        fi
 
+    else
 
+        echo "if (\$host != \"$redirect\") {" > $conf
 
+        echo "   return $code \$scheme://$redirect\$request_uri;" >> $conf
 
+        echo "}" >> $conf
 
+        
+        if [ ! -e "$sconf" ]; then
 
+            ln -s "$conf" "$sconf"
 
+        fi
 
     fi
 
 else
 
     echo "Non supported please use .htaccess instead" 
@@ -72,12 +96,12 @@ fi
 
 #----------------------------------------------------------#
 
 
 if [ -z "$REDIRECT" ]; then
 
-    add_object_key "web" 'DOMAIN' "$domain" 'REDIRECT' 'STATS_CRYPT'
 
-    add_object_key "web" 'DOMAIN' "$domain" 'REDIRECT_CODE' 'STATS_CRYPT'
 
+    add_object_key "web" 'DOMAIN' "$domain" 'REDIRECT' 'U_DISK'
 
+    add_object_key "web" 'DOMAIN' "$domain" 'REDIRECT_CODE' 'U_DISK'
 
 fi
 
 
 update_object_value 'web' 'DOMAIN' "$domain" '$REDIRECT' "$redirect"
 
-
 
+update_object_value 'web' 'DOMAIN' "$domain" '$REDIRECT_CODE' "$code"
 
 # Restart web server
 
 $BIN/v-restart-web
 
 check_result $? "Web restart failed" > /dev/null

+ 3 - 3
bin/v-delete-web-domain-redirect
Просмотреть файл 

@@ -1,6 +1,6 @@
 
 #!/bin/bash
 
 # info: Delete force redirect to domain
 
-# options: USER DOMAIN REDIRECT [CUSTOM]
 
+# options: USER DOMAIN
 
 # labels: hestia web
 
 #
 
 # example: v-add-web-domain-redirect user domain.tld
 
@@ -27,7 +27,7 @@ source $HESTIA/conf/hestia.conf
 
 #                    Verifications                         #
 
 #----------------------------------------------------------#
 
 
-check_args '3' "$#" 'USER DOMAIN REDIRECT'
 
+check_args '2' "$#" 'USER DOMAIN'
 
 is_format_valid 'user' 'domain'
 
 is_object_valid 'user' 'USER' "$user"
 
 is_object_unsuspended 'user' 'USER' "$user"
 
@@ -58,7 +58,7 @@ fi
 
 #----------------------------------------------------------#
 
 
 update_object_value 'web' 'DOMAIN' "$domain" '$REDIRECT' ""
 
-
 
+update_object_value 'web' 'DOMAIN' "$domain" '$REDIRECT_CODE' ""
 
 # Restart web server
 
 $BIN/v-restart-web
 
 check_result $? "Web restart failed" > /dev/null

+ 2 - 0
bin/v-list-web-domain
Просмотреть файл 

@@ -45,6 +45,8 @@ json_list() {
 
         "PROXY": "'$PROXY'",
 
         "PROXY_EXT": "'$PROXY_EXT'",
 
         "FASTCGI_CACHE": "'$FASTCGI_CACHE'",
 
+        "REDIRECT": "'$REDIRECT'",
 
+        "REDIRECT_CODE": "'$REDIRECT_CODE'",
 
         "CUSTOM_DOCROOT": "'$CUSTOM_DOCROOT'",
 
         "SUSPENDED": "'$SUSPENDED'",
 
         "TIME": "'$TIME'",

+ 37 - 0
web/edit/web/index.php
Просмотреть файл 

@@ -94,6 +94,12 @@ if(!empty($v_custom_doc_root) &&
 
     }
 
 }
 
 
+$redirect_code_options = array(301,302);
 
+$v_redirect = $data[$v_domain]['REDIRECT'];
 
+$v_redirect_code = $data[$v_domain]['REDIRECT_CODE'];
 
+if ( !in_array($v_redirect, array('www.'.$v_domain, $v_domain))){
 
+    $v_redirect_custom = $v_redirect;
 
+}
 
 
 $v_ftp_user = $data[$v_domain]['FTP_USER'];
 
 $v_ftp_path = $data[$v_domain]['FTP_PATH'];
 
@@ -835,7 +841,38 @@ if (!empty($_POST['save'])) {
 
     }else{
 
         unset($v_custom_doc_root);
 
     }   
+    
+    if ( !empty($v_redirect) && empty($_POST['v-redirect-checkbox']) ) {
 
+        exec(HESTIA_CMD."v-delete-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain),  $output, $return_var);
 
+        check_return_code($return_var,$output);
 
+        unset($output);    
+        unset($_POST['v-redirect']);
 
+    }
 
+    
+    if (!empty($_POST['v-redirect']) && !empty($_POST['v-redirect-checkbox']) ){
 
+        if (empty($v_redirect)){
 
+            if ($_POST['v-redirect']  == 'custom' && empty($_POST['v-redirect-custom'])){
 
+            }else{
 
+                if($_POST['v-redirect']  == 'custom'){
 
+                    $_POST['v-redirect'] = $_POST['v-redirect-custom'];
 
+                }
 
+            exec(HESTIA_CMD."v-add-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v-redirect'])." ".escapeshellarg($_POST['v-redirect-code']),  $output, $return_var);
 
+            check_return_code($return_var,$output);
 
+            unset($output);  
+     
+            }
 
 
+        }else {
 
+             if ($_POST['v-redirect'] == 'custom') {
 
+                 $_POST['v-redirect'] = $_POST['v-redirect-custom'];
 
+             }
 
+             if ( $_POST['v-redirect'] != $v_redirect || $_POST['v-redirect-code'] != $v_redirect_code ) {
 
+                 exec(HESTIA_CMD."v-add-web-domain-redirect ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v-redirect'])." ".escapeshellarg($_POST['v-redirect-code']),  $output, $return_var);
 
+                 check_return_code($return_var,$output);
 
+                 unset($output);  
+             }
 
+        }
 
+    }
 
     // Restart web server
 
     if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
 
         exec (HESTIA_CMD."v-restart-web", $output, $return_var);

+ 10 - 1
web/js/pages/edit_web.js
Просмотреть файл 

@@ -2,7 +2,7 @@ App.Actions.WEB.update_custom_doc_root = function(elm, hint) {
 
     var prepath = $('input[name="v-custom-doc-root_prepath"]').val();
 
     var domain = $('select[name="v-custom-doc-domain"]').val();
 
     var folder = $('input[name="v-custom-doc-folder"]').val();
 
-    console.log(domain, folder);
 
+
 
     $('.custom_docroot_hint').html(prepath+domain+'/public_html/'+folder);
 
 }
 
 App.Listeners.DB.keypress_custom_folder = function() {
 
@@ -294,3 +294,12 @@ function elementHideShow(elementToHideOrShow){
 
     var el = document.getElementById(elementToHideOrShow);
 
     el.style.display = el.style.display === 'none' ? 'block' : 'none';
 
 }
 
+
 
+$('#v-redirect-custom-value').change( function(){
 
+    console.log($('#v-redirect-custom-value').is(":checked"));
 
+    if($('#v-redirect-custom-value').is(":checked")){
 
+        $('#custom_redirect').show();
 
+    }else{
 
+        $('#custom_redirect').hide();
 
+    }
 
+})

+ 59 - 1
web/templates/admin/edit_web.html
Просмотреть файл 

@@ -316,7 +316,65 @@
 
                                     </table>
 
                                 </td>
 
                             </tr>
 
-
 
+                            <tr>
 
+                                <td class="vst-text step-top">
 
+                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v-redirect-checkbox" <?php if (!empty($v_redirect)) echo "checked=yes" ?> onclick="javascript:elementHideShow('v_redirect');"> <?php print _('Redirect');?></label>
 
+                                </td>
 
+                            </tr>
 
+                            <tr>
 
+                                <td class="step-left">
 
+                                    <table style="display:<?php if (empty($v_redirect)) { echo 'none';} else {echo 'block';}?> ;" id="v_redirect">
 
+                                        <tr>
 
+                                            <td class="vst-text input-label">
 
+                                                <?php $v_redirect;?>
 
+                                                <?=_('Redirect');?>
 
+                                            </td>
 
+                                        </tr>
 
+                                        <tr>
 
+                                            <td>
 
+                                                <input type="radio" name="v-redirect" value="<?php echo 'www.'.$domain;?>" <?php if ($v_redirect == "www.".$domain) echo "checked"; ?>/> <?=sprintf(_('Always redirect to %s'),"www.".$domain);?><br />
 
+                                                <input type="radio" name="v-redirect" value="<?php echo $domain;?>" <?php if( $v_redirect == $domain) echo "checked";?>/> <?=sprintf(_('Always redirect to %s'),$domain);?><br />
 
+                                                <input type="radio" name="v-redirect" value="custom" <?php if( !empty($v_redirect_custom)) echo "checked";?> id="v-redirect-custom-value"/> <?=_("Redirect to custom URL or domain");?>
 
+                                            </td>
 
+                                        </tr>
 
+                                        <tr>
 
+                                            <td>
 
+                                                <table id="custom_redirect" style="display:<?php if (empty($v_redirect_custom)) { echo 'none';} else {echo 'block';}?> ;">
 
+                                                    <tr>
 
+                                                        <td class="vst-text input-label">
 
+                                                            <?=_('Address');?>
 
+                                                        </td>
 
+                                                    </tr>
 
+                                                    <tr>
 
+                                                        <td class="vst-text input-label">
 
+                                                            <input type="text" name="v-redirect-custom" class="vst-input" value="<?=$v_redirect_custom;?>" />
 
+                                                        </td>
 
+                                                    </tr>
 
+                                                </table>   
+                                            </td>
 
+                                        </tr>
 
+                                        <tr>
 
+                                            <td class="vst-text input-label">
 
+                                               <?=_('Status code');?>
 
+                                            </td>
 
+                                        </tr>
 
+                                        <tr>
 
+                                            <td class="vst-text input-label">
 
+                                                <select  class="vst-list" name="v-redirect-code">
 
+                                                    <?php foreach ($redirect_code_options as $status_code): ?>
 
+                                                    <option value="<?php echo $status_code;?>"
 
+                                                        <?=($v_redirect_code === $status_code || (empty($v_redirect_code) && $status_code === $v_redirect_code))?' selected="selected" ':''; ?>>
 
+                                                        <?php echo $status_code;?>
 
+                                                    </option>
 
+                                                <?php endforeach; ?>
 
+                                                </select>
 
+                                            </td>
 
+                                        </tr>
 
+                                        <tr>
 
+                                        </tr>
 
+                                    </table>
 
+                                </td>
 
+                            </tr>
 
                             <tr>
 
                                 <td class="vst-text step-top">
 
                                     <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl" <?php if ($v_ssl == 'yes') echo "checked=yes" ?> onclick="javascript:App.Actions.WEB.toggle_ssl(this);"> <?php print _('SSL Support');?></label>