From 9c8251754ba9c11268ff66e06d4d95edab67f529 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 4 Jan 2018 19:37:22 +0100 Subject: [PATCH] Fix alias_traversal --- conf/nginx.conf | 3 ++- scripts/_sed | 51 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/change_url | 17 ++++++++++++++-- scripts/install | 4 ++++ scripts/upgrade | 4 ++++ 5 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 scripts/_sed diff --git a/conf/nginx.conf b/conf/nginx.conf index dadaea1..645b563 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,8 @@ #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last; #--MULTISITE--} -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { alias __FINALPATH__/; index index.php; if (!-e $request_filename) diff --git a/scripts/_sed b/scripts/_sed new file mode 100644 index 0000000..cc76ab9 --- /dev/null +++ b/scripts/_sed @@ -0,0 +1,51 @@ +#!/bin/bash + +# https://github.com/YunoHost/yunohost/pull/394 + +# Substitute/replace a string (or expression) by another in a file +# +# usage: ynh_replace_string match_string replace_string target_file +# | arg: match_string - String to be searched and replaced in the file +# | arg: replace_string - String that will replace matches +# | arg: target_file - File in which the string will be replaced. +# +# As this helper is based on sed command, regular expressions and +# references to sub-expressions can be used +# (see sed manual page for more information) +ynh_replace_string () { + local delimit=@ + local match_string=$1 + local replace_string=$2 + local workfile=$3 + + # Escape the delimiter if it's in the string. + match_string=${match_string//${delimit}/"\\${delimit}"} + replace_string=${replace_string//${delimit}/"\\${delimit}"} + + sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile" +} + +# Substitute/replace a password by another in a file +# +# usage: ynh_replace_password_string match_string replace_string target_file +# | arg: match_string - String to be searched and replaced in the file +# | arg: replace_string - String that will replace matches +# | arg: target_file - File in which the string will be replaced. +# +# This helper will use ynh_replace_string, but as you can use special +# characters, you can't use some regular expressions and sub-expressions. +ynh_replace_password_string () { + local match_string=$1 + local replace_string=$2 + local workfile=$3 + + # Escape any backslash to preserve them as simple backslash. + match_string=${match_string//\\/"\\\\"} + replace_string=${replace_string//\\/"\\\\"} + + # Escape the & character, who has a special function in sed. + match_string=${match_string//&/"\&"} + replace_string=${replace_string//&/"\&"} + + ynh_replace_string "$match_string" "$replace_string" "$workfile" +} diff --git a/scripts/change_url b/scripts/change_url index cfaa392..440b9f3 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -8,6 +8,7 @@ source _common.sh source /usr/share/yunohost/helpers +source _sed #================================================= # RETRIEVE ARGUMENTS @@ -79,10 +80,22 @@ then # Make a backup of the original nginx config file if modified ynh_backup_if_checksum_is_different "$nginx_conf_path" - ynh_replace_string "location $old_path" "location $new_path" "$nginx_conf_path" + # Move from sub path to root + if [ "$new_path" == "/" ] + then + ynh_replace_string "\(^.*rewrite.*\^$old_path.* permanent;\)" "#sub_path_only\1" "$nginx_conf_path" + ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path" "$nginx_conf_path" + + # Move to a sub path + else + ynh_replace_string "^#sub_path_only" "" "$nginx_conf_path" + ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path/" "$nginx_conf_path" + fi + + ynh_replace_string "location ${old_path%/}/" "location ${new_path%/}/" "$nginx_conf_path" # Change the rewrite instructions for multisite - ynh_replace_string "rewrite ^$old_path" "rewrite ^$new_path" "$nginx_conf_path" + ynh_replace_string "rewrite \^$old_path\(.*last;\)" "rewrite ^$new_path\1" "$nginx_conf_path" ynh_replace_string "$old_path\$2 last;" "$new_path\$2 last;" "$nginx_conf_path" # Change the rewrite instruction with $request_filename diff --git a/scripts/install b/scripts/install index a3986ac..4ab1252 100644 --- a/scripts/install +++ b/scripts/install @@ -88,6 +88,10 @@ ynh_setup_source "$final_path" #================================================= # Create a dedicated nginx config +if [ "$path_url" != "/" ] +then + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" +fi ynh_add_nginx_config #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 6957c1c..afd5074 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -103,6 +103,10 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # Create a dedicated nginx config +if [ "$path_url" != "/" ] +then + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" +fi ynh_add_nginx_config #=================================================