ht: More restrictive directory names
This commit is contained in:
parent
922f649a08
commit
05db184fa6
|
@ -47,6 +47,7 @@ cat_path = "/usr/bin/cat"
|
||||||
rm_path = "/usr/bin/rm"
|
rm_path = "/usr/bin/rm"
|
||||||
mkdir_path = "/usr/bin/mkdir"
|
mkdir_path = "/usr/bin/mkdir"
|
||||||
|
|
||||||
|
sftpgo_user = "sftpgo"
|
||||||
sftpgo_group = "sftpgo"
|
sftpgo_group = "sftpgo"
|
||||||
|
|
||||||
; Will be shown to users
|
; Will be shown to users
|
||||||
|
|
10
fn/ht.php
10
fn/ht.php
|
@ -16,7 +16,7 @@ function listFsDirs($username) {
|
||||||
$absoluteDirs = glob(CONF['ht']['ht_path'] . '/' . $username . '/*/', GLOB_ONLYDIR);
|
$absoluteDirs = glob(CONF['ht']['ht_path'] . '/' . $username . '/*/', GLOB_ONLYDIR);
|
||||||
$dirs = [];
|
$dirs = [];
|
||||||
foreach ($absoluteDirs as $absoluteDir)
|
foreach ($absoluteDirs as $absoluteDir)
|
||||||
if (preg_match('/^[\p{L}\p{N}_-]{1,64}$/Du', basename($absoluteDir)))
|
if (preg_match('/^[a-zA-Z0-9_-]{1,64}$/D', basename($absoluteDir)))
|
||||||
array_push($dirs, basename($absoluteDir));
|
array_push($dirs, basename($absoluteDir));
|
||||||
return $dirs;
|
return $dirs;
|
||||||
}
|
}
|
||||||
|
@ -32,14 +32,16 @@ function addSite($username, $siteDir, $domain, $domainType, $protocol) {
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
function dirsStatuses($username, $domainType, $protocol) {
|
function dirsStatuses($domainType, $protocol) {
|
||||||
|
if (isset($_SESSION['username']) !== true)
|
||||||
|
return [];
|
||||||
$dbDirs = query('select', 'sites', [
|
$dbDirs = query('select', 'sites', [
|
||||||
'username' => $username,
|
'username' => $_SESSION['username'],
|
||||||
'domain_type' => $domainType,
|
'domain_type' => $domainType,
|
||||||
'protocol' => $protocol,
|
'protocol' => $protocol,
|
||||||
], 'site_dir');
|
], 'site_dir');
|
||||||
$dirs = [];
|
$dirs = [];
|
||||||
foreach (listFsDirs($username) as $fsDir)
|
foreach (listFsDirs($_SESSION['username']) as $fsDir)
|
||||||
$dirs[$fsDir] = in_array($fsDir, $dbDirs);
|
$dirs[$fsDir] = in_array($fsDir, $dbDirs);
|
||||||
return $dirs;
|
return $dirs;
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,7 @@ if (processForm()) {
|
||||||
|
|
||||||
removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);
|
removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);
|
||||||
|
|
||||||
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'], result_code: $code);
|
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['sftpgo_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'], result_code: $code);
|
||||||
if ($code !== 0)
|
if ($code !== 0)
|
||||||
output(500, 'Can\'t remove user\'s directory.');
|
output(500, 'Can\'t remove user\'s directory.');
|
||||||
|
|
||||||
|
|
|
@ -1,14 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (isset($_SESSION['username']))
|
|
||||||
$dirsStatuses = dirsStatuses($_SESSION['username'], 'dns', 'http');
|
|
||||||
else
|
|
||||||
$dirsStatuses = [];
|
|
||||||
|
|
||||||
if (processForm()) {
|
if (processForm()) {
|
||||||
$_POST['domain'] = formatDomain($_POST['domain']);
|
$_POST['domain'] = formatDomain($_POST['domain']);
|
||||||
|
|
||||||
if ($dirsStatuses[$_POST['dir']] !== false)
|
if (dirsStatuses('dns', 'http')[$_POST['dir']] !== false)
|
||||||
output(403, 'Wrong value for <code>dir</code>.');
|
output(403, 'Wrong value for <code>dir</code>.');
|
||||||
|
|
||||||
if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
|
if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
|
||||||
|
@ -65,6 +60,8 @@ if (processForm()) {
|
||||||
output(200, 'Accès HTTP par domaine ajouté sur ce dossier !');
|
output(200, 'Accès HTTP par domaine ajouté sur ce dossier !');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$dirsStatuses = dirsStatuses('onion', 'http');
|
||||||
|
|
||||||
$proof = getAuthToken();
|
$proof = getAuthToken();
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -1,12 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (isset($_SESSION['username']))
|
|
||||||
$dirsStatuses = dirsStatuses($_SESSION['username'], 'onion', 'http');
|
|
||||||
else
|
|
||||||
$dirsStatuses = [];
|
|
||||||
|
|
||||||
if (processForm()) {
|
if (processForm()) {
|
||||||
if ($dirsStatuses[$_POST['dir']] !== false)
|
if (dirsStatuses('onion', 'http')[$_POST['dir']] !== false)
|
||||||
output(403, 'Wrong value for <code>dir</code>.');
|
output(403, 'Wrong value for <code>dir</code>.');
|
||||||
|
|
||||||
rateLimit();
|
rateLimit();
|
||||||
|
@ -53,6 +48,8 @@ if (processForm()) {
|
||||||
output(200, 'L\'adresse de votre service Onion HTTP est : <a href="http://' . $onion . '/"><code>http://' . $onion . '/</code></a>');
|
output(200, 'L\'adresse de votre service Onion HTTP est : <a href="http://' . $onion . '/"><code>http://' . $onion . '/</code></a>');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$dirsStatuses = dirsStatuses('onion', 'http');
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -1,12 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (isset($_SESSION['username']))
|
|
||||||
$dirsStatuses = dirsStatuses($_SESSION['username'], 'dns', 'http');
|
|
||||||
else
|
|
||||||
$dirsStatuses = [];
|
|
||||||
|
|
||||||
if (processForm()) {
|
if (processForm()) {
|
||||||
if ($dirsStatuses[$_POST['dir']] !== true)
|
if (dirsStatuses('dns', 'http')[$_POST['dir']] !== true)
|
||||||
output(403, 'Wrong value for <code>dir</code>.');
|
output(403, 'Wrong value for <code>dir</code>.');
|
||||||
|
|
||||||
htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http');
|
htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http');
|
||||||
|
@ -14,6 +9,8 @@ if (processForm()) {
|
||||||
output(200, 'Accès retiré.');
|
output(200, 'Accès retiré.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$dirsStatuses = dirsStatuses('onion', 'http');
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -1,12 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (isset($_SESSION['username']))
|
|
||||||
$dirsStatuses = dirsStatuses($_SESSION['username'], 'onion', 'http');
|
|
||||||
else
|
|
||||||
$dirsStatuses = [];
|
|
||||||
|
|
||||||
if (processForm()) {
|
if (processForm()) {
|
||||||
if ($dirsStatuses[$_POST['dir']] !== true)
|
if (dirsStatuses('onion', 'http')[$_POST['dir']] !== true)
|
||||||
output(403, 'Wrong value for <code>dir</code>.');
|
output(403, 'Wrong value for <code>dir</code>.');
|
||||||
|
|
||||||
htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http');
|
htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http');
|
||||||
|
@ -14,6 +9,8 @@ if (processForm()) {
|
||||||
output(200, 'Accès retiré.');
|
output(200, 'Accès retiré.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$dirsStatuses = dirsStatuses('onion', 'http');
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -30,6 +30,12 @@ else {
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<h2>Ajouter un accès de site</h2>
|
||||||
|
|
||||||
|
<p>Pour pouvoir y ajouter un accès par ce service, un site doit auparavent être téléversé dans un sous-dossier direct de l'espace SFTP. Le nom de ce sous-dossier ne peut contenir que <abbr title="abcdefghijklmnopqrstuvwxyz"><code>a</code>-<code>z</code></abbr>, <abbr title="ABCDEFGHIJKLMNOPQRSTUVWXYZ"><code>A</code>-<code>Z</code></abbr>, <abbr title="0123456789"><code>0</code>-<code>9</code></abbr>, <code>_</code> et <code>-</code>.</p>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<h2>SFTP</h2>
|
<h2>SFTP</h2>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue