Merge branch 'master' of github.com:serghey-rodin/vesta

bin/v-add-mail-account-fwd-only

@@ -56,7 +56,7 @@ fi
 
 # Adding account to fwd_only
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
-    echo "$account" > $HOMEDIR/$user/conf/mail/$domain/fwd_only
+    echo "$account" >> $HOMEDIR/$user/conf/mail/$domain/fwd_only
     chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain/fwd_only
 fi
 

install/debian/templates/web/apache2/basedir.stpl

@@ -15,7 +15,9 @@
         AllowOverride All
         SSLRequireSSL
         Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
     </Directory>
     <Directory %home%/%user%/web/%domain%/stats>
         AllowOverride All

install/debian/templates/web/apache2/basedir.tpl

@@ -14,7 +14,9 @@
     <Directory %docroot%>
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
     </Directory>
     <Directory %home%/%user%/web/%domain%/stats>
         AllowOverride All

install/rhel/templates/web/httpd/basedir.stpl

@@ -15,7 +15,9 @@
         AllowOverride All
         SSLRequireSSL
         Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
     </Directory>
     <Directory %home%/%user%/web/%domain%/stats>
         AllowOverride All

install/rhel/templates/web/httpd/basedir.tpl

@@ -14,7 +14,9 @@
     <Directory %docroot%>
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
     </Directory>
     <Directory %home%/%user%/web/%domain%/stats>
         AllowOverride All

install/ubuntu/sudoers.conf

@@ -1,31 +0,0 @@
-#
-# This file MUST be edited with the 'visudo' command as root.
-#
-# Please consider adding local content in /etc/sudoers.d/ instead of
-# directly modifying this file.
-#
-# See the man page for details on how to write a sudoers file.
-#
-Defaults	env_reset
-Defaults	mail_badpass
-Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-Defaults	env_keep="VESTA"
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root	ALL=(ALL:ALL) ALL
-
-# Members of the admin group may gain root privileges
-%admin ALL=(ALL) ALL
-
-# Allow members of group sudo to execute any command
-%sudo	ALL=(ALL:ALL) ALL
-
-# See sudoers(5) for more information on "#include" directives:
-
-#includedir /etc/sudoers.d

install/ubuntu/sudoers.vestacp.conf

@@ -0,0 +1 @@
+Defaults	env_keep="VESTA"

install/ubuntu/templates/web/apache2/basedir.stpl

@@ -15,7 +15,9 @@
         AllowOverride All
         SSLRequireSSL
         Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
     </Directory>
     <Directory %home%/%user%/web/%domain%/stats>
         AllowOverride All

install/ubuntu/templates/web/apache2/basedir.tpl

@@ -14,7 +14,9 @@
     <Directory %docroot%>
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
     </Directory>
     <Directory %home%/%user%/web/%domain%/stats>
         AllowOverride All

install/vst-install-ubuntu.sh

@@ -300,11 +300,6 @@ mkdir -p $vst_backups/bind
 mkdir -p $vst_backups/vesta
 mkdir -p $vst_backups/home
 
-# Backup sudoers
-if [ -e '/etc/sudoers' ]; then
-    cp /etc/sudoers $vst_backups/
-fi
-
 # Backup nginx
 service nginx stop > /dev/null 2>&1
 if [ -e '/etc/nginx/nginx.conf' ]; then
@@ -535,9 +530,9 @@ echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
 echo "/sbin/nologin" >> /etc/shells
 
 # Sudo configuration
-wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers
+wget $CHOST/$VERSION/sudoers.vestacp.conf -O /etc/sudoers.d/vestacp
 wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin
-chmod 440 /etc/sudoers
+chmod 440 /etc/sudoers.d/vestacp
 chmod 440 /etc/sudoers.d/admin
 
 # NTP Synchronization

src/bash_coding_style.txt

@@ -5,7 +5,7 @@ Contents:
 
     1. Introduction
     2. Naming Convention
-    3. Coments
+    3. Comments
     4. Coding Styles
     5. Basic formating
     6. If, For, and While   
@@ -41,7 +41,7 @@ Contents:
         }                               #
 
 
-3. Coments
+3. Comments
     The total length of a line (including comment) must not exceed more than 80
     characters. Every file must be documented with an introductory comment that
     provides shorthand information on the file name and its contents.

src/v-check-user-password.c

@@ -45,10 +45,16 @@ int main (int argc, char** argv) {
     /* open log file */
     FILE* pFile = fopen ("/usr/local/vesta/log/auth.log","a+");
     if (NULL == pFile) {
-        printf("Error: can not open file %s \n", argv[0]);
+        printf("Error: can not open file /usr/local/vesta/log/auth.log \n");
         exit(12);
     }
 
+    int len = 0;
+    if(strlen(argv[1]) >= 100) {
+        printf("Too long username\n");
+        exit(1);
+    }
+
     /* parse user argument */
     struct passwd* userinfo = getpwnam(argv[1]);
     if (NULL != userinfo) {

web/api/index.php

@@ -14,10 +14,11 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         
         $v_user = escapeshellarg($_POST['user']);
         $v_password = escapeshellarg($_POST['password']);
-        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
+        $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
+        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'",  $output, $auth_code);
     } else {
         $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
-        if (file_exists($key)) {
+        if (file_exists($key) && is_file($key)) {
             $auth_code = '0';
         }
     }

web/templates/admin/add_ip.html

@@ -147,4 +147,4 @@
                     </td>
                 </tr>
             </table>
-        </from>
+        </form>