diff options
| -rw-r--r-- | manifests/vhost/php/drupal.pp | 2 | ||||
| -rw-r--r-- | manifests/vhost/php/joomla.pp | 2 | ||||
| -rw-r--r-- | manifests/vhost/php/simplemachine.pp | 2 | ||||
| -rw-r--r-- | manifests/vhost/php/spip.pp | 2 | ||||
| -rw-r--r-- | manifests/vhost/php/standard.pp | 24 | ||||
| -rw-r--r-- | manifests/vhost/php/typo3.pp | 6 | ||||
| -rw-r--r-- | manifests/vhost/php/wordpress.pp | 2 | ||||
| -rw-r--r-- | templates/vhosts/php_drupal/CentOS.erb | 6 | ||||
| -rw-r--r-- | templates/vhosts/php_joomla/CentOS.erb | 6 | ||||
| -rw-r--r-- | templates/vhosts/php_spip/CentOS.erb | 6 | ||||
| -rw-r--r-- | templates/vhosts/php_wordpress/CentOS.erb | 6 |
11 files changed, 48 insertions, 16 deletions
diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 62f8108..a0666a7 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -21,6 +21,7 @@ define apache::vhost::php::drupal( $allow_override = 'None', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -68,6 +69,7 @@ define apache::vhost::php::drupal( allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 22b19a3..79ba416 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -21,6 +21,7 @@ define apache::vhost::php::joomla( $allow_override = 'None', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -65,6 +66,7 @@ define apache::vhost::php::joomla( allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 18fa7cf..62bbb3c 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -21,6 +21,7 @@ define apache::vhost::php::simplemachine( $allow_override = 'None', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -63,6 +64,7 @@ define apache::vhost::php::simplemachine( allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 6ff7175..d548f56 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -21,6 +21,7 @@ define apache::vhost::php::spip( $allow_override = 'FileInfo', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +61,7 @@ define apache::vhost::php::spip( allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index d90e1a7..4739b33 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -27,6 +27,7 @@ define apache::vhost::php::standard( $php_use_smarty = false, $php_use_pear = false, $php_safe_mode = true, + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -38,8 +39,7 @@ define apache::vhost::php::standard( $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $php_safe_mode_exec_bins = 'absent' + $htpasswd_path = 'absent' ){ ::apache::vhost::phpdirs{"${name}": @@ -60,25 +60,23 @@ define apache::vhost::php::standard( }, default => "${path}/bin" } - if $php_safe_mode_exec_bins and ($php_safe_mode_exec_bins != 'absent') { - file{$php_safe_mode_exec_bin_dir: + file{$php_safe_mode_exec_bin_dir: + recurse => true, + purge => true, + } + if $php_safe_mode_exec_bins != 'absent' { + File[$php_safe_mode_exec_bin_dir]{ ensure => directory, source => "puppet://$server/modules/common/empty", - recurse => true, - purge => true, - owner => $documentroot_owner, - group => $documentroot_group, - mode => 0750; + owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } - $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${vhost}_\\1") + $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${vhost}_\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: path => $php_safe_mode_exec_bin_dir } }else{ - file{$php_safe_mode_exec_bin_dir: + File[$php_safe_mode_exec_bin_dir]{ ensure => absent, - recurse => true, - force => true } } diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index ccca1f8..6aa5293 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -21,6 +21,7 @@ define apache::vhost::php::typo3( $allow_override = 'None', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -34,8 +35,7 @@ define apache::vhost::php::typo3( $htpasswd_path = 'absent', $manage_config = true, $config_webwriteable = false, - $manage_directories = true, - $php_safe_mode_exec_bins = 'absent' + $manage_directories = true ){ $documentroot = $path ? { 'absent' => $operatingsystem ? { @@ -64,6 +64,7 @@ define apache::vhost::php::typo3( allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -95,7 +96,6 @@ define apache::vhost::php::typo3( "$documentroot/fileadmin/_temp_" ], manage_config => $manage_config, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, } } diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index e706b2f..d12a989 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -21,6 +21,7 @@ define apache::vhost::php::wordpress( $allow_override = 'FileInfo', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -64,6 +65,7 @@ define apache::vhost::php::wordpress( allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/templates/vhosts/php_drupal/CentOS.erb b/templates/vhosts/php_drupal/CentOS.erb index b48dbec..636089a 100644 --- a/templates/vhosts/php_drupal/CentOS.erb +++ b/templates/vhosts/php_drupal/CentOS.erb @@ -42,6 +42,9 @@ php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> php_value magic_quotes_gpc 0 php_value register_globals 0 @@ -130,6 +133,9 @@ php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> php_value magic_quotes_gpc 0 php_value register_globals 0 diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb index fe91459..1384578 100644 --- a/templates/vhosts/php_joomla/CentOS.erb +++ b/templates/vhosts/php_joomla/CentOS.erb @@ -44,6 +44,9 @@ php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> </Directory> <%- end -%> @@ -133,6 +136,9 @@ php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> </Directory> <IfModule mod_security2.c> diff --git a/templates/vhosts/php_spip/CentOS.erb b/templates/vhosts/php_spip/CentOS.erb index bf15796..4f54aaa 100644 --- a/templates/vhosts/php_spip/CentOS.erb +++ b/templates/vhosts/php_spip/CentOS.erb @@ -45,6 +45,9 @@ php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> </Directory> <%- end -%> @@ -111,6 +114,9 @@ php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> </Directory> <IfModule mod_security2.c> diff --git a/templates/vhosts/php_wordpress/CentOS.erb b/templates/vhosts/php_wordpress/CentOS.erb index 88da307..6022721 100644 --- a/templates/vhosts/php_wordpress/CentOS.erb +++ b/templates/vhosts/php_wordpress/CentOS.erb @@ -42,6 +42,9 @@ php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> </Directory> <%- end -%> @@ -107,6 +110,9 @@ php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless real_php_safe_mode_exec_bin_dir.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> </Directory> <IfModule mod_security2.c> |