1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/rss-bridge_ynh.git synced 2024-09-03 20:25:51 +02:00

Fix alias_traversal issue

This commit is contained in:
Jimmy Monin 2019-06-09 19:21:27 +02:00
parent 0937076ba3
commit 90e477e37e
6 changed files with 27 additions and 37 deletions

View file

@ -15,23 +15,11 @@
multi_instance=1
wrong_user=1
wrong_path=1
incorrect_path=1
corrupt_source=0
fail_download_source=0
port_already_use=0
final_path_already_use=0
change_url=1
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
Level 4=na
# https://github.com/YunoHost-Apps/rss-bridge_ynh/issues/2
Level 5=1
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
# If the level 5 (Package linter) is forced to 1. Please add justifications here.
Level 5=auto
;;; Upgrade options
; commit=7a99e018f12d91876c84efd04e0a4e7f178fdd80
name=Upgrade to upstream version 2018-04-06

View file

@ -1,7 +1,8 @@
location YNH_WWW_PATH {
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias YNH_WWW_ALIAS/ ;
alias __FINALPATH__/ ;
# Example PHP configuration (remove if not used)
index index.php;
@ -12,7 +13,7 @@ location YNH_WWW_PATH {
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock;
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_index index.php;

View file

@ -21,6 +21,9 @@ new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK PATHS SYNTAX
#=================================================
@ -60,7 +63,13 @@ then
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different "$nginx_conf_path"
ynh_replace_string "location $old_path" "location $new_path" "$nginx_conf_path"
# Set global variables for nginx helper
domain="$old_domain"
path_url="$new_path"
# Store path_url setting
ynh_app_setting_set $app path_url "$path_url"
# Create a dedicated nginx config
ynh_add_nginx_config
# Calculate and store the nginx config file checksum
ynh_store_file_checksum "$nginx_conf_path"

View file

@ -81,12 +81,8 @@ done
# NGINX CONFIGURATION
#=================================================
nginx_conf=$PKGDIR/conf/nginx.conf
ynh_replace_string "YNH_WWW_PATH" "$path_url" "$nginx_conf"
ynh_replace_string "YNH_WWW_ALIAS" "$final_path" "$nginx_conf"
ynh_replace_string "YNH_WWW_APP" "${app}" "$nginx_conf"
sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Create a dedicated nginx config
ynh_add_nginx_config
# Copy and set php-fpm configuration
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"

View file

@ -35,13 +35,13 @@ ynh_secure_remove "/var/www/$app"
# REMOVE NGINX AND PHP-FPM CONFIGURATION
#=================================================
# Delete app directory and configurations
sudo ynh_secure_remove --file="/var/www/${app}"
sudo ynh_secure_remove --file="/etc/php5/fpm/pool.d/${app}.conf"
ynh_secure_remove --file="/var/www/${app}"
ynh_secure_remove --file="/etc/php5/fpm/pool.d/${app}.conf"
[[ -n $domain ]] && sudo ynh_secure_remove --file="/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Reload services
sudo systemctl restart php5-fpm
sudo systemctl reload nginx
systemctl restart php5-fpm
systemctl reload nginx
#=================================================
# REMOVE DEDICATED USER

View file

@ -78,12 +78,8 @@ done
# NGINX CONFIGURATION
#=================================================
nginx_conf=$PKGDIR/conf/nginx.conf
ynh_replace_string "YNH_WWW_PATH" "$path_url" "$nginx_conf"
ynh_replace_string "YNH_WWW_ALIAS" "$final_path" "$nginx_conf"
ynh_replace_string "YNH_WWW_APP" "${app}" "$nginx_conf"
sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Create a dedicated nginx config
ynh_add_nginx_config
# Copy and set php-fpm configuration
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"