From b724405d269bb5b69d7b7055255429f8150c14b3 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 19 Jan 2018 09:40:33 +0100 Subject: [PATCH 1/3] Fix nginx alias_traversal --- check_process | 6 ------ conf/nginx.conf | 4 +++- scripts/install | 9 +++++++++ scripts/upgrade | 9 +++++++++ 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/check_process b/check_process index 3ed3b17..7735c58 100644 --- a/check_process +++ b/check_process @@ -16,13 +16,7 @@ upgrade=1 backup_restore=1 multi_instance=1 - wrong_user=1 - wrong_path=1 - incorrect_path=1 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/nginx.conf b/conf/nginx.conf index a154b49..1c07aeb 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,6 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; + +location __PATH__/ { alias __FINALPATH__/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; diff --git a/scripts/install b/scripts/install index d319b45..dc82a57 100644 --- a/scripts/install +++ b/scripts/install @@ -86,6 +86,15 @@ ynh_setup_source "$final_path" # NGINX CONFIGURATION #================================================= +if [ "$path_url" == "/" ] +then + # ynh panel is only for non-root installs + ynh_replace_string " include conf.d/" " #include conf.d/" "../conf/nginx.conf" +else + # add rewrite for alias_traversal protection + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" +fi + # Create a dedicated nginx config ynh_add_nginx_config diff --git a/scripts/upgrade b/scripts/upgrade index 589d193..1c49d41 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -107,6 +107,15 @@ ynh_setup_source "$final_path" # NGINX CONFIGURATION #================================================= +if [ "$path_url" == "/" ] +then + # ynh panel is only for non-root installs + ynh_replace_string " include conf.d/" " #include conf.d/" "../conf/nginx.conf" +else + # add rewrite for alias_traversal protection + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" +fi + # Create a dedicated nginx config ynh_add_nginx_config From 189af76d26061abc800001bead00e4e5babd0aba Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 22 Jan 2018 20:26:17 +0100 Subject: [PATCH 2/3] Update check_process --- check_process | 1 + 1 file changed, 1 insertion(+) diff --git a/check_process b/check_process index 7735c58..7ef5a2f 100644 --- a/check_process +++ b/check_process @@ -16,6 +16,7 @@ upgrade=1 backup_restore=1 multi_instance=1 + incorrect_path=1 port_already_use=0 ;;; Levels Level 1=auto From eeeb73cf5af72aba80058372fc6860b19a2f4a56 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 16 Apr 2018 23:14:37 +0200 Subject: [PATCH 3/3] Fix missing admin_mail (fix #31) --- scripts/upgrade | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 1c49d41..bc52aa7 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -148,13 +148,14 @@ ynh_backup_if_checksum_is_different "$config" # Create config.php #================================================= +admin_mail=$(ynh_user_get_info "$admin" mail) cp ../conf/config.php "$config" # Change variables in configuration ynh_replace_string "__DBUSER__" "$dbuser" "$config" ynh_replace_string "__DBPWD__" "$dbpass" "$config" ynh_replace_string "__DBNAME__" "$db_name" "$config" -ynh_replace_string "__ADMINMAIL__" "$admin" "$config" +ynh_replace_string "__ADMINMAIL__" "$admin_mail" "$config" ynh_replace_string "__LANGUAGE__" "$language" "$config" ynh_replace_string "__DOMAIN__" "$domain" "$config" ynh_replace_string "__PATH__" "$path_url" "$config"