1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/pihole_ynh.git synced 2024-09-03 20:05:58 +02:00

Fix alias_traversal

This commit is contained in:
Maniack Crudelis 2018-01-04 19:32:35 +01:00
parent 20879973c1
commit f543351100
6 changed files with 81 additions and 2 deletions

View file

@ -1,4 +1,5 @@
location __PATH__ {
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/;
if ($scheme = http) {

View file

@ -454,6 +454,11 @@ EOF
ynh_store_file_checksum "$finalfail2banfilterconf"
sudo systemctl restart fail2ban
if local fail2ban_error="$(tail -n50 /var/log/fail2ban.log | grep "WARNING Command.*$app.*addfailregex")"
then
echo "[ERR] Fail2ban fail to load the jail for $app" >&2
echo "WARNING${fail2ban_error#*WARNING}" >&2
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)

51
scripts/_sed Normal file
View file

@ -0,0 +1,51 @@
#!/bin/bash
# https://github.com/YunoHost/yunohost/pull/394
# Substitute/replace a string (or expression) by another in a file
#
# usage: ynh_replace_string match_string replace_string target_file
# | arg: match_string - String to be searched and replaced in the file
# | arg: replace_string - String that will replace matches
# | arg: target_file - File in which the string will be replaced.
#
# As this helper is based on sed command, regular expressions and
# references to sub-expressions can be used
# (see sed manual page for more information)
ynh_replace_string () {
local delimit=@
local match_string=$1
local replace_string=$2
local workfile=$3
# Escape the delimiter if it's in the string.
match_string=${match_string//${delimit}/"\\${delimit}"}
replace_string=${replace_string//${delimit}/"\\${delimit}"}
sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile"
}
# Substitute/replace a password by another in a file
#
# usage: ynh_replace_password_string match_string replace_string target_file
# | arg: match_string - String to be searched and replaced in the file
# | arg: replace_string - String that will replace matches
# | arg: target_file - File in which the string will be replaced.
#
# This helper will use ynh_replace_string, but as you can use special
# characters, you can't use some regular expressions and sub-expressions.
ynh_replace_password_string () {
local match_string=$1
local replace_string=$2
local workfile=$3
# Escape any backslash to preserve them as simple backslash.
match_string=${match_string//\\/"\\\\"}
replace_string=${replace_string//\\/"\\\\"}
# Escape the & character, who has a special function in sed.
match_string=${match_string//&/"\&"}
replace_string=${replace_string//&/"\&"}
ynh_replace_string "$match_string" "$replace_string" "$workfile"
}

View file

@ -8,6 +8,7 @@
source _common.sh
source /usr/share/yunohost/helpers
source _sed
#=================================================
# RETRIEVE ARGUMENTS
@ -64,7 +65,20 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
if [ $change_path -eq 1 ]
then
ynh_replace_string "location $old_path" "location $new_path" "$nginx_conf_path"
# Move from sub path to root
if [ "$new_path" == "/" ]
then
ynh_replace_string "^ *rewrite.*\^$old_path" "#sub_path_only&" "$nginx_conf_path"
ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path" "$nginx_conf_path"
# Move to a sub path
else
ynh_replace_string "^#sub_path_only" "" "$nginx_conf_path"
ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path/" "$nginx_conf_path"
fi
ynh_replace_string "location ${old_path%/}/" "location ${new_path%/}/" "$nginx_conf_path"
fi
# Change the domain for nginx

View file

@ -94,6 +94,10 @@ ynh_setup_source "$final_path" admin_dashboard
# NGINX CONFIGURATION
#=================================================
if [ "$path_url" != "/" ]
then
ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf"
fi
ynh_add_nginx_config
#=================================================

View file

@ -63,6 +63,10 @@ ynh_setup_source "$final_path" admin_dashboard
# NGINX CONFIGURATION
#=================================================
if [ "$path_url" != "/" ]
then
ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf"
fi
ynh_add_nginx_config
#=================================================