1) Please check: config.lib.php, Line 535 It displays the user password on the logfile... 2) I think it would be a great idea to have an option to include open_basedir in clients vhosts. From php.ini: ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory ; or per-virtualhost web server configuration file. For what I understand it could prevent a malicious script to read file contents outside the directory configured for the client in the vhost. Great! 3) Change index.php to be first by default in: DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm Hey Till, I'm sorry for not sending yet the cms manager, but I have been doing some homework, and I will modify plenty code before sending it. Cheers!
It is not the user password, it is the password of the mysqldb of the user. But thats noot good either. Hotfix: Replace line 535 with this line: Code: exec("mysqldump -h $db_server -u $db_user -p$db_password -c --add-drop-table --add-locks --all --quick --lock-tables $new_db >/root/ispconfig/scripts/$new_db.sql"); ISPConfig uses already OpenBasedir in the vhosts. Currently it is used together with the safemode switch. It might be a good idea to make 2 checkboxes, one for safemode and one for open_basedir. I think thats a question of taste. Personally i like it that index.html comes before index.php. Send me the files when you are finished
I think you meant something like this? Code: $mod->log->caselog("mysqldump -h $db_server -u $db_user -p[hidden_pass] -c --add-drop-table --add-locks --all --quick --lock-tables $new_db >/root/ispconfig/scripts/$new_db.sql", $this->FILE, __LINE__); ?
No, i meant that what i posted. $mod->log->caselog(...) is not a simple logging function, it executes the statement and logs it incl. failures.
