captive-portal: Move CGI files to CGI directory

Previously the assets directory has ExecCGI privileges
which is not at all required and potentially dangerous.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/httpd/vhosts.d/captive.conf b/config/httpd/vhosts.d/captive.conf
index 4f199dfd7a4966958e08dbf2f09701f38062f958..ddf8a15769d42c72c56e0c14ddd3437db0fbfdce 100644 (file)
--- a/config/httpd/vhosts.d/captive.conf
+++ b/config/httpd/vhosts.d/captive.conf
@@ -3,12 +3,6 @@ Listen 1013
 <VirtualHost *:1013>
        DocumentRoot /srv/web/ipfire/html/captive
 
-       <Directory /srv/web/ipfire/html/captive>
-               Options ExecCGI
-               Order allow,deny
-               Allow from all
-       </Directory>
-
        ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/captive/
        Alias /assets/ /srv/web/ipfire/html/captive/assets/
 
@@ -16,11 +10,16 @@ Listen 1013
 
        # All unknown URIs will be redirected to the first
        # redirector script.
-       ScriptAliasMatch .* /srv/web/ipfire/html/captive/index.cgi
+       ScriptAliasMatch .* /srv/web/ipfire/cgi-bin/captive/redirect.cgi
 
        <Directory /srv/web/ipfire/cgi-bin/captive>
                Options ExecCGI
                Order allow,deny
                Allow from all
        </Directory>
+
+       <Directory /srv/web/ipfire/html/captive>
+               Order allow,deny
+               Allow from all
+       </Directory>
 </VirtualHost>

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index 1c5e4ce208eb7a77c2bcb807dde184d61583d6e6..dbf5a869f2f6ee318582cf77870b2e18b2fdab9a 100644 (file)
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -11,6 +11,7 @@ srv/web/ipfire/cgi-bin/bluetooth.cgi
 #srv/web/ipfire/cgi-bin/captive
 srv/web/ipfire/cgi-bin/captive.cgi
 srv/web/ipfire/cgi-bin/captive/index.cgi
+srv/web/ipfire/cgi-bin/captive/redirect.cgi
 srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/connections.cgi
 srv/web/ipfire/cgi-bin/connscheduler.cgi
@@ -95,7 +96,6 @@ srv/web/ipfire/html/blob.gif
 srv/web/ipfire/html/captive/assets/captive.css
 srv/web/ipfire/html/captive/assets/favicon.ico
 srv/web/ipfire/html/captive/assets/internet.png
-srv/web/ipfire/html/captive/index.cgi
 srv/web/ipfire/html/clwarn.cgi
 srv/web/ipfire/html/dial.cgi
 srv/web/ipfire/html/favicon.ico

diff --git a/html/html/captive/index.cgi b/html/cgi-bin/captive/redirect.cgi
similarity index 100%
rename from html/html/captive/index.cgi
rename to html/cgi-bin/captive/redirect.cgi

diff --git a/lfs/web-user-interface b/lfs/web-user-interface
index 345d215cdb15b082056905bcd1f5c5b5f6c2dba7..a8e3e39607bb7dc97f5f24cc8deb0eac7794ae4c 100644 (file)
--- a/lfs/web-user-interface
+++ b/lfs/web-user-interface
@@ -64,7 +64,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        chown -R root:root /srv/web/ipfire
        chmod -R 755 /srv/web/ipfire/cgi-bin
        chmod -R 644 /srv/web/ipfire/html
-       chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*,captive/index.cgi}
+       chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*}
        chmod -R 777 /srv/web/ipfire/html/captive/logo
        ln -svf ipfire /srv/web/ipfire/html/themes/ipfire-rounded