From a65bcf582a586d068c58634b8b8791c01aa70f1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=97=E5=AD=90?= <i@haozi.net>
Date: Sat, 26 Oct 2024 05:06:10 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20PHP=E7=BD=91=E7=AB=99=E9=BB=98=E8=AE=A4?=
 =?UTF-8?q?=E5=BC=80=E5=90=AF=E9=98=B2=E8=B7=A8=E7=AB=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/data/website.go | 19 ++++++++++++++-----
 pkg/types/website.go     |  2 +-
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/internal/data/website.go b/internal/data/website.go
index 91160704c1..dcaeb4904e 100644
--- a/internal/data/website.go
+++ b/internal/data/website.go
@@ -271,6 +271,14 @@ func (r *websiteRepo) Create(req *request.WebsiteCreate) (*biz.Website, error) {
 		return nil, err
 	}
 
+	// PHP 网站默认开启防跨站
+	if req.PHP > 0 {
+		userIni := filepath.Join(req.Path, ".user.ini")
+		_, _ = shell.Execf(`chattr -i '%s'`, userIni)
+		_ = io.Write(userIni, fmt.Sprintf("open_basedir=%s:/tmp/", req.Path), 0644)
+		_, _ = shell.Execf(`chattr +i '%s'`, userIni)
+	}
+
 	// 创建面板网站
 	w := &biz.Website{
 		Name:   req.Name,
@@ -417,11 +425,6 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error {
 		if err = p.SetOCSP(req.OCSP); err != nil {
 			return err
 		}
-		if quic {
-			if err = p.SetAltSvc(`'h3=":$server_port"; ma=2592000'`); err != nil {
-				return err
-			}
-		}
 	} else {
 		if err = p.ClearSetHTTPS(); err != nil {
 			return err
@@ -435,6 +438,12 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error {
 		if err = p.SetOCSP(false); err != nil {
 			return err
 		}
+	}
+	if quic {
+		if err = p.SetAltSvc(`'h3=":$server_port"; ma=2592000'`); err != nil {
+			return err
+		}
+	} else {
 		if err = p.SetAltSvc(``); err != nil {
 			return err
 		}
diff --git a/pkg/types/website.go b/pkg/types/website.go
index 4c454facf8..0e505e6c89 100644
--- a/pkg/types/website.go
+++ b/pkg/types/website.go
@@ -3,7 +3,7 @@ package types
 // WebsiteListen 网站监听配置
 type WebsiteListen struct {
 	Address string `form:"address" json:"address" validate:"required"` // 监听地址 e.g. 80 0.0.0.0:80 [::]:80
-	HTTPS   bool   `form:"https" json:"https" validate:"required"`     // 是否启用HTTPS
+	HTTPS   bool   `form:"https" json:"https"`                         // 是否启用HTTPS
 	QUIC    bool   `form:"quic" json:"quic"`                           // 是否启用QUIC
 }