From a907137e27e34ec049e5f44c6937457bc21ade08 Mon Sep 17 00:00:00 2001
From: Nicolas Roman <nroman@evolix.fr>
Date: Fri, 17 May 2019 11:53:21 +0200
Subject: [PATCH] block non-standard vhost modification

---
 htdocs/index.php     | 35 +++++++++++++++++++++++------------
 inc/webadmin.php     | 11 +++++++++++
 scripts/web-add.sh   | 10 +++++++++-
 tpl/webadmin.tpl.php | 16 ++++++++++------
 4 files changed, 53 insertions(+), 19 deletions(-)

diff --git a/htdocs/index.php b/htdocs/index.php
index a801e52..8e951b3 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -48,30 +48,41 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
 
     include_once EVOADMIN_BASE . '../inc/webadmin.php';
 
-} elseif (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
+} elseif (preg_match('#^/webadmin?#', $uri)) {
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
+  // Redirect to /webadmin in order to set $_SESSION['non_stanard']
+  if (!isset($_SESSION['non_standard']))
+    http_redirect('/webadmin');
 
-} elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
+  // block the non-standard vhost modification
+  if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
+    http_redirect('/webadmin');
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
+  if (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
+  } elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
+  } elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/(.*)/delete/$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+  } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
 
-} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+      include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
 
-    include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+  } elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
 
+      include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+
+  } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+
+      include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+
+  }
 } elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
 
     include_once EVOADMIN_BASE . '../inc/accounts.php';
diff --git a/inc/webadmin.php b/inc/webadmin.php
index ad3ec23..bc61a7b 100644
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@@ -30,6 +30,12 @@ if (!$conf['cluster']) {
 
     /* Récupération de cette liste dans le tableau $vhost_list */
     $vhost_list = array();
+
+    if (!isset($_SESSION['non_standard'])) {
+      $_SESSION['non_standard'] = array();
+    }
+
+
     foreach($data_output as $data_line) {
         $data_split = explode(':', $data_line);
 
@@ -72,6 +78,11 @@ if (!$conf['cluster']) {
             $occupation = "";
         }
 
+        // current vhost isn't standard and thus not manageable by evoadmin-web
+        if (!$data_split[9]) {
+          array_push($_SESSION['non_standard'], $data_split[0]);
+        }
+
         array_push($vhost_list, array(
             'owner'       => $data_split[0],
             'configid'       => $data_split[1],
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e3d5df9..b4ca350 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -876,9 +876,17 @@ op_listvhost() {
             else
                 is_enabled=0
             fi
+
+            count_virtualhosts="$(grep "<VirtualHost" "$configfile" | wc -l)"
+            if [ "$count_virtualhosts" -eq 1 ]; then
+                is_standard=1
+            else
+                is_standard=0
+            fi
+
             if [ "$servername" ] && [ "$userid" ]; then
                 configid=$(basename "$configfile")
-                echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled"
+                echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled:$is_standard"
             fi
         fi
     done
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 5ccba08..b138e19 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -103,14 +103,18 @@
 
           if (is_superadmin()) {
               printf('<td>');
-              printf('<a href="/webadmin/%s/alias/">Alias</a> - ', $vhost_info['owner']);
-              printf('<a href="/webadmin/%s/domain/">Servername</a> - ', $vhost_info['owner']);
-              if(is_multiphp()) {
-                  printf('<a href="/webadmin/%s/php/">PHP</a>', $vhost_info['owner']);
+              if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
+                printf('<a href="/webadmin/edit/%s">Alias</a> - ', $vhost_info['owner']);
+                printf('<a href="/webadmin/servername/%s">Servername</a> - ', $vhost_info['owner']);
+                if(is_multiphp()) {
+                    printf('<a href="/webadmin/php/%s">PHP</a> - ', $vhost_info['owner']);
+                } else {
+                    printf('<a href="/webadmin/itk/%s">ITK</a> - ', $vhost_info['owner']);
+                }
+                printf('<a href="/webadmin/delete/%s">Supprimer</a>', $vhost_info['owner']);
               } else {
-                  printf('<a href="/webadmin/%s/itk/">ITK</a>', $vhost_info['owner']);
+                print '<span class="form-mandatory-ok">VirtualHost non standard</span>';
               }
-              printf('<a href="/webadmin/%s/delete/">Supprimer</a>', $vhost_info['owner']);
               printf('</td>');
 
           }