YunoHost-Apps/bozon_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/bozon_ynh.git synced 2024-09-03 18:16:09 +02:00
Code Issues Activity Actions

Fix the issue alias_traversal

Browse source
This commit is contained in:
ewilly 2018-05-01 07:49:00 +02:00
parent 38fa465097
commit 1640590385
2 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
conf/nginx.conf
View file

@ -1,3 +1,4 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ { location __PATH__/ {
# Path to source # Path to source
alias __FINALPATH__/; alias __FINALPATH__/;
@ -38,20 +39,20 @@ location __PATH__/ {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
} }
location ~ (uploads|thumbs){ location ^~ __PATH__/(uploads|thumbs){
deny all; deny all;
} }
location ~ private { location ^~ __PATH__/private {
deny all; deny all;
location ~* /temp/.*\.zip$ { location ~* __PATH__/private/temp/.*\.zip$ {
allow all; allow all;
} }
} }
location ~ core { location ^~ __PATH__/core {
deny all; deny all;
location ~* \.js$ { location ~* __PATH__/core/.*\.js$ {
allow all; allow all;
} }
} }

7
scripts/_common.sh
View file

@ -25,8 +25,7 @@ myynh_check_disk_space () {
file_to_analyse=$1 file_to_analyse=$1
backup_size=$(du --summarize "$1" | cut -f1) backup_size=$(du --summarize "$1" | cut -f1)
free_space=$(df --output=avail "/home/yunohost.backup" | sed 1d) free_space=$(df --output=avail "/home/yunohost.backup" | sed 1d)
if [ $free_space -le $backup_size ] if [ $free_space -le $backup_size ]; then
then
WARNING echo "Not enough backup disk space for: $1" WARNING echo "Not enough backup disk space for: $1"
WARNING echo "Space available: $(HUMAN_SIZE $free_space)" WARNING echo "Space available: $(HUMAN_SIZE $free_space)"
ynh_die "Space needed: $(HUMAN_SIZE $backup_size)" ynh_die "Space needed: $(HUMAN_SIZE $backup_size)"
@ -46,13 +45,15 @@ myynh_add_nginx_config () {
# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
# Substitute in a nginx config file only if the variable is not empty # Substitute in a nginx config file only if the variable is not empty
[ -n "${path_url:-}" ] && ynh_replace_string "__PATH__" "$path_url" "$nginx_conf" [ -n "${path_url:-}" ] && ynh_replace_string "__PATH__" "$path_url" "$nginx_conf"
if [ "${path_url:-}" != "/" ]; then
ynh_replace_string "^#sub_path_only" "" "$nginx_conf"
fi
[ -n "${final_path:-}" ] && ynh_replace_string "__FINALPATH__" "$final_path" "$nginx_conf" [ -n "${final_path:-}" ] && ynh_replace_string "__FINALPATH__" "$final_path" "$nginx_conf"
[ -n "${app:-}" ] && ynh_replace_string "__NAME__" "$app" "$nginx_conf" [ -n "${app:-}" ] && ynh_replace_string "__NAME__" "$app" "$nginx_conf"
[ -n "${filesize:-}" ] && ynh_replace_string "__FILESIZE__" "$filesize" "$nginx_conf" [ -n "${filesize:-}" ] && ynh_replace_string "__FILESIZE__" "$filesize" "$nginx_conf"
ynh_store_file_checksum "$nginx_conf" ynh_store_file_checksum "$nginx_conf"
systemctl reload nginx systemctl reload nginx
} }
# Create a dedicated php-fpm config # Create a dedicated php-fpm config
myynh_add_fpm_config () { myynh_add_fpm_config () {
ynh_backup_if_checksum_is_different "$phpfpm_conf" 1 ynh_backup_if_checksum_is_different "$phpfpm_conf" 1