From 8d5b7edcaebcebfff42289ac1c5bae6149c3ef61 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste <jean-baptiste@holcroft.fr>
Date: Sun, 18 Mar 2018 08:55:44 +0100
Subject: [PATCH] Fix nginx alias_traversal (#26)

* Fix nginx alias_traversal

* Update check_process
---
 check_process   | 5 -----
 conf/nginx.conf | 4 +++-
 scripts/install | 9 +++++++++
 scripts/upgrade | 9 +++++++++
 4 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/check_process b/check_process
index 3ed3b17..7ef5a2f 100644
--- a/check_process
+++ b/check_process
@@ -16,13 +16,8 @@
 		upgrade=1
 		backup_restore=1
 		multi_instance=1
-		wrong_user=1
-		wrong_path=1
 		incorrect_path=1
-		corrupt_source=0
-		fail_download_source=0
 		port_already_use=0
-		final_path_already_use=0
 ;;; Levels
 	Level 1=auto
 	Level 2=auto
diff --git a/conf/nginx.conf b/conf/nginx.conf
index a154b49..1c07aeb 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,4 +1,6 @@
-location __PATH__ {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+
+location __PATH__/ {
        alias __FINALPATH__/;
        if ($scheme = http) {
             rewrite ^ https://$server_name$request_uri? permanent;
diff --git a/scripts/install b/scripts/install
index d319b45..dc82a57 100644
--- a/scripts/install
+++ b/scripts/install
@@ -86,6 +86,15 @@ ynh_setup_source "$final_path"
 # NGINX CONFIGURATION
 #=================================================
 
+if [ "$path_url" == "/" ]
+then
+	# ynh panel is only for non-root installs
+	ynh_replace_string "	include conf.d/"  "	#include conf.d/"  "../conf/nginx.conf"
+else
+	# add rewrite for alias_traversal protection
+	ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf"
+fi
+
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 589d193..1c49d41 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -107,6 +107,15 @@ ynh_setup_source "$final_path"
 # NGINX CONFIGURATION
 #=================================================
 
+if [ "$path_url" == "/" ]
+then
+	# ynh panel is only for non-root installs
+	ynh_replace_string "	include conf.d/"  "	#include conf.d/"  "../conf/nginx.conf"
+else
+	# add rewrite for alias_traversal protection
+	ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf"
+fi
+
 # Create a dedicated nginx config
 ynh_add_nginx_config