Fix alias_traversal issue

check_process

@@ -15,23 +15,11 @@
 		multi_instance=1
 		wrong_user=1
 		wrong_path=1
-		incorrect_path=1
-		corrupt_source=0
-    fail_download_source=0
 		port_already_use=0
-    final_path_already_use=0
+		change_url=1
-;;; Levels
+	;;; Levels
-	Level 1=auto
+		# If the level 5 (Package linter) is forced to 1. Please add justifications here.
-	Level 2=auto
+		Level 5=auto
-	Level 3=auto
-	Level 4=na
-# https://github.com/YunoHost-Apps/rss-bridge_ynh/issues/2
-  Level 5=1
-	Level 6=auto
-	Level 7=auto
-	Level 8=0
-	Level 9=0
-  Level 10=0
 	;;; Upgrade options
 		; commit=7a99e018f12d91876c84efd04e0a4e7f178fdd80
 			name=Upgrade to upstream version 2018-04-06

conf/nginx.conf

@@ -1,7 +1,8 @@
-location YNH_WWW_PATH {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
 
   # Path to source
-  alias YNH_WWW_ALIAS/ ;
+  alias __FINALPATH__/ ;
 
   # Example PHP configuration (remove if not used)
   index index.php;
@@ -12,8 +13,8 @@ location YNH_WWW_PATH {
   try_files $uri $uri/ index.php;
   location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-    fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock;
+    fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
-    
+
 
     fastcgi_index index.php;
     include fastcgi_params;

scripts/change_url

@@ -21,6 +21,9 @@ new_path=$YNH_APP_NEW_PATH
 
 app=$YNH_APP_INSTANCE_NAME
 
+# Needed for helper "ynh_add_nginx_config"
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+
 #=================================================
 # CHECK PATHS SYNTAX
 #=================================================
@@ -60,7 +63,13 @@ then
   # Make a backup of the original nginx config file if modified
   ynh_backup_if_checksum_is_different "$nginx_conf_path"
 
-	ynh_replace_string "location $old_path" "location $new_path" "$nginx_conf_path"
+	# Set global variables for nginx helper
+	domain="$old_domain"
+	path_url="$new_path"
+	# Store path_url setting
+	ynh_app_setting_set $app path_url "$path_url"
+	# Create a dedicated nginx config
+	ynh_add_nginx_config
 
   # Calculate and store the nginx config file checksum
   ynh_store_file_checksum "$nginx_conf_path"

scripts/install

@@ -81,12 +81,8 @@ done
 # NGINX CONFIGURATION
 #=================================================
 
-nginx_conf=$PKGDIR/conf/nginx.conf
+# Create a dedicated nginx config
-
+ynh_add_nginx_config
-ynh_replace_string "YNH_WWW_PATH" "$path_url" "$nginx_conf"
-ynh_replace_string "YNH_WWW_ALIAS" "$final_path" "$nginx_conf"
-ynh_replace_string "YNH_WWW_APP" "${app}" "$nginx_conf"
-sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
 # Copy and set php-fpm configuration
 phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"

scripts/remove

@@ -35,13 +35,13 @@ ynh_secure_remove "/var/www/$app"
 # REMOVE NGINX AND PHP-FPM CONFIGURATION
 #=================================================
 # Delete app directory and configurations
-sudo ynh_secure_remove --file="/var/www/${app}"
+ynh_secure_remove --file="/var/www/${app}"
-sudo ynh_secure_remove --file="/etc/php5/fpm/pool.d/${app}.conf"
+ynh_secure_remove --file="/etc/php5/fpm/pool.d/${app}.conf"
 [[ -n $domain ]] && sudo ynh_secure_remove --file="/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
 # Reload services
-sudo systemctl restart php5-fpm
+systemctl restart php5-fpm
-sudo systemctl reload nginx
+systemctl reload nginx
 
 #=================================================
 # REMOVE DEDICATED USER

scripts/upgrade

@@ -78,12 +78,8 @@ done
 # NGINX CONFIGURATION
 #=================================================
 
-nginx_conf=$PKGDIR/conf/nginx.conf
+# Create a dedicated nginx config
-
+ynh_add_nginx_config
-ynh_replace_string "YNH_WWW_PATH" "$path_url" "$nginx_conf"
-ynh_replace_string "YNH_WWW_ALIAS" "$final_path" "$nginx_conf"
-ynh_replace_string "YNH_WWW_APP" "${app}" "$nginx_conf"
-sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
 # Copy and set php-fpm configuration
 phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"