From 79433069fe60cc6f84277c2c7d1d92e12e3d2995 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sat, 5 Oct 2019 23:00:35 -0700
Subject: [PATCH] Always read files with limited permissions

---
 phpini/phpini-lib.pl | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/phpini/phpini-lib.pl b/phpini/phpini-lib.pl
index 41a8c5e51..05b3827b9 100755
--- a/phpini/phpini-lib.pl
+++ b/phpini/phpini-lib.pl
@@ -117,13 +117,13 @@ else {
 	}
 if (defined($value) && $old) {
 	# Update existing value
-	$lref = &read_file_lines($old->{'file'});
+	$lref = &read_file_lines_as_user($old->{'file'});
 	$lref->[$old->{'line'}] = $newline;
 	$old->{'value'} = $value;
 	}
 elsif (defined($value) && !$old && $cmt) {
 	# Update existing commented value
-	$lref = &read_file_lines($cmt->{'file'});
+	$lref = &read_file_lines_as_user($cmt->{'file'});
 	$lref->[$cmt->{'line'}] = $newline;
 	$cmt->{'value'} = $value;
 	$cmt->{'enabled'} = 1;
@@ -143,13 +143,13 @@ elsif (defined($value) && !$old && !$cmt) {
 				"section $newsection");
 		$lastfile = $last->{'file'};
 		$lastline = $last->{'line'};
-		$lref = &read_file_lines($lastfile);
+		$lref = &read_file_lines_as_user($lastfile);
 		}
 	else {
 		# Just add at the end
 		$lastfile = @$conf ? $conf->[0]->{'file'} : undef;
 		$lastfile || &error("Don't know which file to add to");
-		$lref = &read_file_lines($lastfile);
+		$lref = &read_file_lines_as_user($lastfile);
 		$lastline = scalar(@$lref);
 		}
 
@@ -166,14 +166,14 @@ elsif (defined($value) && !$old && !$cmt) {
 	}
 elsif (!defined($value) && $old && $cmt) {
 	# Totally remove a value
-	$lref = &read_file_lines($old->{'file'});
+	$lref = &read_file_lines_as_user($old->{'file'});
 	splice(@$lref, $old->{'line'}, 1);
 	@$conf = grep { $_ ne $old } @$conf;
 	&renumber($conf, $old->{'line'}, -1);
 	}
 elsif (!defined($value) && $old && !$cmt) {
 	# Turn a value into a comment
-	$lref = &read_file_lines($old->{'file'});
+	$lref = &read_file_lines_as_user($old->{'file'});
 	$old->{'enabled'} = 0;
 	$lref->[$old->{'line'}] = "; ".$lref->[$old->{'line'}];
 	}
@@ -329,6 +329,19 @@ else {
 	}
 }
 
+# read_file_lines_as_user(file, ...)
+sub read_file_lines_as_user
+{
+local @args = @_;
+if ($access{'user'} && $access{'user'} ne 'root' && $< == 0) {
+	return &eval_as_unix_user(
+		$access{'user'}, sub { &read_file_lines(@args) });
+	}
+else {
+	return &read_file_lines(@args);
+	}
+}
+
 # flush_file_lines_as_user(file)
 # Writes out a file as the Unix user configured in this module's ACL
 sub flush_file_lines_as_user