block non-standard vhost modification

2019-05-17 11:53:21 +02:00 · 2019-05-17 11:53:21 +02:00 · 5bf121ae05
parent 48168c534e
commit 5bf121ae05
4 changed files with 53 additions and 19 deletions
--- a/htdocs/index.php
+++ b/htdocs/index.php
@ -48,30 +48,41 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {

    include_once EVOADMIN_BASE . '../inc/webadmin.php';

-} elseif (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
+} elseif (preg_match('#^/webadmin?#', $uri)) {

-    include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
+  // Redirect to /webadmin in order to set $_SESSION['non_stanard']
+  if (!isset($_SESSION['non_standard']))
+    http_redirect('/webadmin');

-} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
+  // block the non-standard vhost modification
+  if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
+    http_redirect('/webadmin');

-    include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
+  if (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {

-} elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';

-    include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
+  } elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {

-} elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';

-    include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
+  } elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {

-} elseif (preg_match('#^/webadmin/(.*)/delete/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-php.php';

-    include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+  } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {

-} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';

-    include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+  } elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {

+      include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+
+  } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+
+      include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+
+  }
 } elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {

    include_once EVOADMIN_BASE . '../inc/accounts.php';
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@ -30,6 +30,12 @@ if (!$conf['cluster']) {

    /* Récupération de cette liste dans le tableau $vhost_list */
    $vhost_list = array();
+
+    if (!isset($_SESSION['non_standard'])) {
+      $_SESSION['non_standard'] = array();
+    }
+
+
    foreach($data_output as $data_line) {
        $data_split = explode(':', $data_line);

@ -72,6 +78,11 @@ if (!$conf['cluster']) {
            $occupation = "";
        }

+        // current vhost isn't standard and thus not manageable by evoadmin-web
+        if (!$data_split[9]) {
+          array_push($_SESSION['non_standard'], $data_split[0]);
+        }
+
        array_push($vhost_list, array(
            'owner'       => $data_split[0],
            'configid'       => $data_split[1],
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@ -876,9 +876,17 @@ op_listvhost() {
            else
                is_enabled=0
            fi
+
+            count_virtualhosts="$(grep "<VirtualHost" "$configfile" | wc -l)"
+            if [ "$count_virtualhosts" -eq 1 ]; then
+                is_standard=1
+            else
+                is_standard=0
+            fi
+
            if [ "$servername" ] && [ "$userid" ]; then
                configid=$(basename "$configfile")
-                echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled"
+                echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled:$is_standard"
            fi
        fi
    done
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@ -102,14 +102,18 @@

          if (is_superadmin()) {
              printf('<td>');
-              printf('<a href="/webadmin/edit/%s">Alias</a> - ', $vhost_info['owner']);
-              printf('<a href="/webadmin/servername/%s">Servername</a> - ', $vhost_info['owner']);
-              if(is_multiphp()) {
-                  printf('<a href="/webadmin/php/%s">PHP</a> - ', $vhost_info['owner']);
+              if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
+                printf('<a href="/webadmin/edit/%s">Alias</a> - ', $vhost_info['owner']);
+                printf('<a href="/webadmin/servername/%s">Servername</a> - ', $vhost_info['owner']);
+                if(is_multiphp()) {
+                    printf('<a href="/webadmin/php/%s">PHP</a> - ', $vhost_info['owner']);
+                } else {
+                    printf('<a href="/webadmin/itk/%s">ITK</a> - ', $vhost_info['owner']);
+                }
+                printf('<a href="/webadmin/delete/%s">Supprimer</a>', $vhost_info['owner']);
              } else {
-                  printf('<a href="/webadmin/itk/%s">ITK</a> - ', $vhost_info['owner']);
+                print '<span class="form-mandatory-ok">VirtualHost non standard</span>';
              }
-              printf('<a href="/webadmin/%s/delete/">Supprimer</a>', $vhost_info['owner']);
              printf('</td>');

          }