mirror of
https://github.com/YunoHost-Apps/pihole_ynh.git
synced 2024-09-03 20:05:58 +02:00
Fix alias_traversal
This commit is contained in:
parent
20879973c1
commit
f543351100
6 changed files with 81 additions and 2 deletions
|
@ -1,4 +1,5 @@
|
|||
location __PATH__ {
|
||||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
||||
location __PATH__/ {
|
||||
alias __FINALPATH__/;
|
||||
|
||||
if ($scheme = http) {
|
||||
|
|
|
@ -454,6 +454,11 @@ EOF
|
|||
ynh_store_file_checksum "$finalfail2banfilterconf"
|
||||
|
||||
sudo systemctl restart fail2ban
|
||||
if local fail2ban_error="$(tail -n50 /var/log/fail2ban.log | grep "WARNING Command.*$app.*addfailregex")"
|
||||
then
|
||||
echo "[ERR] Fail2ban fail to load the jail for $app" >&2
|
||||
echo "WARNING${fail2ban_error#*WARNING}" >&2
|
||||
fi
|
||||
}
|
||||
|
||||
# Remove the dedicated fail2ban config (jail and filter conf files)
|
||||
|
|
51
scripts/_sed
Normal file
51
scripts/_sed
Normal file
|
@ -0,0 +1,51 @@
|
|||
#!/bin/bash
|
||||
|
||||
# https://github.com/YunoHost/yunohost/pull/394
|
||||
|
||||
# Substitute/replace a string (or expression) by another in a file
|
||||
#
|
||||
# usage: ynh_replace_string match_string replace_string target_file
|
||||
# | arg: match_string - String to be searched and replaced in the file
|
||||
# | arg: replace_string - String that will replace matches
|
||||
# | arg: target_file - File in which the string will be replaced.
|
||||
#
|
||||
# As this helper is based on sed command, regular expressions and
|
||||
# references to sub-expressions can be used
|
||||
# (see sed manual page for more information)
|
||||
ynh_replace_string () {
|
||||
local delimit=@
|
||||
local match_string=$1
|
||||
local replace_string=$2
|
||||
local workfile=$3
|
||||
|
||||
# Escape the delimiter if it's in the string.
|
||||
match_string=${match_string//${delimit}/"\\${delimit}"}
|
||||
replace_string=${replace_string//${delimit}/"\\${delimit}"}
|
||||
|
||||
sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile"
|
||||
}
|
||||
|
||||
# Substitute/replace a password by another in a file
|
||||
#
|
||||
# usage: ynh_replace_password_string match_string replace_string target_file
|
||||
# | arg: match_string - String to be searched and replaced in the file
|
||||
# | arg: replace_string - String that will replace matches
|
||||
# | arg: target_file - File in which the string will be replaced.
|
||||
#
|
||||
# This helper will use ynh_replace_string, but as you can use special
|
||||
# characters, you can't use some regular expressions and sub-expressions.
|
||||
ynh_replace_password_string () {
|
||||
local match_string=$1
|
||||
local replace_string=$2
|
||||
local workfile=$3
|
||||
|
||||
# Escape any backslash to preserve them as simple backslash.
|
||||
match_string=${match_string//\\/"\\\\"}
|
||||
replace_string=${replace_string//\\/"\\\\"}
|
||||
|
||||
# Escape the & character, who has a special function in sed.
|
||||
match_string=${match_string//&/"\&"}
|
||||
replace_string=${replace_string//&/"\&"}
|
||||
|
||||
ynh_replace_string "$match_string" "$replace_string" "$workfile"
|
||||
}
|
|
@ -8,6 +8,7 @@
|
|||
|
||||
source _common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
source _sed
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS
|
||||
|
@ -64,7 +65,20 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
|||
# Change the path in the nginx config file
|
||||
if [ $change_path -eq 1 ]
|
||||
then
|
||||
ynh_replace_string "location $old_path" "location $new_path" "$nginx_conf_path"
|
||||
|
||||
# Move from sub path to root
|
||||
if [ "$new_path" == "/" ]
|
||||
then
|
||||
ynh_replace_string "^ *rewrite.*\^$old_path" "#sub_path_only&" "$nginx_conf_path"
|
||||
ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path" "$nginx_conf_path"
|
||||
|
||||
# Move to a sub path
|
||||
else
|
||||
ynh_replace_string "^#sub_path_only" "" "$nginx_conf_path"
|
||||
ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path/" "$nginx_conf_path"
|
||||
fi
|
||||
|
||||
ynh_replace_string "location ${old_path%/}/" "location ${new_path%/}/" "$nginx_conf_path"
|
||||
fi
|
||||
|
||||
# Change the domain for nginx
|
||||
|
|
|
@ -94,6 +94,10 @@ ynh_setup_source "$final_path" admin_dashboard
|
|||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
if [ "$path_url" != "/" ]
|
||||
then
|
||||
ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf"
|
||||
fi
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
|
|
|
@ -63,6 +63,10 @@ ynh_setup_source "$final_path" admin_dashboard
|
|||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
if [ "$path_url" != "/" ]
|
||||
then
|
||||
ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf"
|
||||
fi
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
|
|
Loading…
Add table
Reference in a new issue