From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Tue, 31 Jan 2017 05:52:43 +0000 (-0500)
Subject: apache: limit php-fastcgi to php
X-Git-Tag: release_20170131~2
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/313442edc37351eb6d65b6009f0a709204e9fb91

apache: limit php-fastcgi to php

AddHandler to php extensions instead of making the php wrapper the
default mod_fcgid wrapper to avoid weird/insecure behavior.

Also fix `phpVersion' action.
---

diff --git a/lib/apache.dtl b/lib/apache.dtl
index afd1eb0..c56a380 100644
--- a/lib/apache.dtl
+++ b/lib/apache.dtl
@@ -36,6 +36,7 @@ extern val use_cert : ssl_cert_path -> ssl;
 extern type php_version;
 extern val php5 : php_version;
 extern val fast_php : php_version;
+{{FastCGI based php5. Much faster than regular php5.}}
 
 extern val vhost : host -> Vhost => [Domain]
   {WebPlaces : [web_place],
diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index c4b47af..8f8b00b 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -559,11 +559,15 @@ fun vhostBody (env, makeFullHost) =
 				  then
 				      (* fastcgi php 5.6 since 6 doesn't exist *)
 				      (TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml");
-				       TextIO.output (file, "\n\tFcgidWrapper \"");
-				       TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
-				       TextIO.output (file, " ");
-				       TextIO.output (file, Config.Apache.phpFastCgiWrapper);
-				       TextIO.output (file, "\""))
+				       (* FIXME: only set kerberos wrapper of waklog is on *)
+				       map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \"");
+						       TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
+						       TextIO.output (file, " ");
+						       TextIO.output (file, Config.Apache.phpFastCgiWrapper);
+						       TextIO.output (file, "\" ");
+						       TextIO.output (file, ext)))
+					   [".php", ".phtml"];
+				       ())
 				  else
 				      (TextIO.output (file, "\n\tAddHandler x-httpd-php");
 				       TextIO.output (file, Int.toString php);
@@ -1112,9 +1116,20 @@ val () = Env.action_one "diskCache"
 
 val () = Env.action_one "phpVersion"
 	 ("version", php_version)
-	 (fn version => (write "\tAddHandler x-httpd-php";
-			 write (Int.toString version);
-			 write " .php .phtml\n"))
+	 (fn version => (if version = 6
+			 then
+			     (* fastcgi php 5.6 since 6 doesn't exist *)
+			     (write "\tAddHandler fcgid-script .php .phtml\n";
+			      (* FIXME: only set kerberos wrapper of waklog is on *)
+			      write "\n\tFcgidWrapper \"";
+			      write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+			      write " ";
+			      write Config.Apache.phpFastCgiWrapper;
+			      write "\" .php .phtml\n")
+			 else
+			     (write "\tAddHandler x-httpd-php";
+			      write (Int.toString version);
+			      write " .php .phtml\n")))
 
 val () = Env.action_two "addType"
 	 ("mime type", Env.string, "extension", Env.string)