PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/securerailsapps Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited use strict; use warnings; use File::Find; use Cpanel::PwCache (); use Cpanel::PwCache::Build (); use Cpanel::AccessIds::SetUids (); use Cpanel::Usage (); use Cpanel::ConfigFiles (); use Cpanel::Config::userdata::Constants (); my $user = ''; my $all = 0; my %opts = ( 'user' => \$user, 'all' => \$all, ); Cpanel::Usage::wrap_options( \@ARGV, \&usage, \%opts ); if ($user) { if ( !-e "$Cpanel::ConfigFiles::cpanel_users/$user" ) { print STDERR "User $user not found...\n"; exit 1; } my $homedir = ( Cpanel::PwCache::getpwnam($user) )[7]; if ( !$homedir ) { print STDERR "Invalid user $user\n"; exit 1; } if ( my $pid = fork() ) { waitpid( $pid, 0 ); } else { Cpanel::AccessIds::SetUids::setuids( $user, $user ); secure_rails_dirs( $user, $homedir ); exit; } } elsif ($all) { Cpanel::PwCache::Build::init_passwdless_pwcache(); opendir( my $dir_h, $Cpanel::ConfigFiles::cpanel_users ) or die "Failed to read cPanel users directory: $!"; my @files = grep { !/^\.\.?$/ } readdir($dir_h); close($dir_h); chomp(@files); foreach my $user (@files) { my $homedir = ( Cpanel::PwCache::getpwnam($user) )[7]; next if !$homedir; print "Securing rails apps for: $user\n"; if ( my $pid = fork() ) { waitpid( $pid, 0 ); } else { Cpanel::AccessIds::SetUids::setuids( $user, $user ); secure_rails_dirs( $user, $homedir ); exit; } } } else { usage(); } sub secure_rails_dirs { my ( $user, $homedir ) = @_; my @rails_dirs; File::Find::find( { 'wanted' => sub { if ( $File::Find::name =~ /boot\.rb$/ ) { $File::Find::name =~ s{config/boot\.rb}{}; push @rails_dirs, $File::Find::name; } }, 'no_chdir' => 1, 'untaint' => 1, }, $homedir ); foreach my $rails_dir (@rails_dirs) { foreach my $dir (qw) { my $htaccess_file = "$rails_dir/$dir/.htaccess"; ($htaccess_file) = $htaccess_file =~ /^(.*)$/; if ( !-e $htaccess_file ) { if ( open( my $fh, '>', $htaccess_file ) ) { print {$fh} htaccess(); close($fh); } } } } } sub htaccess { return <<'EOF'; Order allow,deny Deny from all EOF } sub move_yaml_files { my ( $user, $home ) = @_; if ( -e "$home/.cpanel/ruby-on-rails.db" ) { system( 'mv', "$home/.cpanel/ruby-on-rails.db", "$Cpanel::Config::userdata::Constants::USERDATA_DIR/$user/ruby-on-rails" ); } if ( -e "$home/.cpanel/ruby-on-rails-rewrites.db" ) { system( 'mv', "$home/.cpanel/ruby-on-rails-rewrites.db", "$Cpanel::Config::userdata::Constants::USERDATA_DIR/$user/ruby-on-rails-rewrites" ); } return; } sub usage { my $prog = $0; $prog =~ s{^.+/(.+)$}{$1}; print <