From f92dd9eb226d8e41e212f72cc96cde11ee574de3 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Jan 2026 04:22:22 +0200 Subject: [PATCH] Ensure ModSecurity unicode mapping is present --- README.md | 3 ++- VERSION | 2 +- bin/jabali-agent | 33 +++++++++++++++++++++++++++++++++ install.sh | 4 ++++ install_from_gitea.sh | 4 ++++ 5 files changed, 44 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 86c86ab..cd520da 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ A modern web hosting control panel for WordPress and general PHP hosting. Built with Laravel 12, Filament v5, Livewire 4, and Tailwind CSS v4. -Version: 0.9-rc28 (release candidate) +Version: 0.9-rc29 (release candidate) This is a release candidate. Expect rapid iteration and breaking changes until 1.0. @@ -156,6 +156,7 @@ php artisan test --compact ## Initial Release +- 0.9-rc29: Ensure ModSecurity unicode mapping is installed automatically. - 0.9-rc28: ModSecurity unicode mapping setup fixes. - 0.9-rc27: Installers now read VERSION when available. - 0.9-rc26: Updated installer version banner. diff --git a/VERSION b/VERSION index e81f0e6..1b57e77 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -VERSION=0.9-rc28 +VERSION=0.9-rc29 diff --git a/bin/jabali-agent b/bin/jabali-agent index 21dbd8b..6d2d34e 100755 --- a/bin/jabali-agent +++ b/bin/jabali-agent @@ -2781,6 +2781,8 @@ function ensureJabaliNginxIncludeFiles(): void @mkdir(JABALI_NGINX_INCLUDES, 0755, true); } + ensureWafUnicodeMapFile(); + $baseConfig = findWafBaseConfig(); $shouldDisableWaf = $baseConfig === null; @@ -2802,6 +2804,36 @@ function ensureJabaliNginxIncludeFiles(): void } } +function ensureWafUnicodeMapFile(): void +{ + $target = '/etc/modsecurity/unicode.mapping'; + if (file_exists($target)) { + return; + } + + $sources = [ + '/usr/share/modsecurity-crs/util/unicode.mapping', + '/usr/share/modsecurity-crs/unicode.mapping', + '/usr/share/modsecurity/unicode.mapping', + '/etc/nginx/unicode.mapping', + '/usr/share/nginx/docs/modsecurity/unicode.mapping', + ]; + + foreach ($sources as $source) { + if (!file_exists($source)) { + continue; + } + + if (!is_dir('/etc/modsecurity')) { + @mkdir('/etc/modsecurity', 0755, true); + } + + if (@copy($source, $target)) { + break; + } + } +} + function ensureNginxServerIncludes(array $includeLines): array { $files = glob('/etc/nginx/sites-enabled/*.conf') ?: []; @@ -2927,6 +2959,7 @@ function wafApplySettings(array $params): array $prevRules = file_exists(JABALI_WAF_RULES) ? file_get_contents(JABALI_WAF_RULES) : null; if ($enabled) { + ensureWafUnicodeMapFile(); $baseConfig = findWafBaseConfig(); if (!$baseConfig) { file_put_contents(JABALI_WAF_INCLUDE, "# Managed by Jabali\nmodsecurity off;\n"); diff --git a/install.sh b/install.sh index 957ac43..ea802a6 100755 --- a/install.sh +++ b/install.sh @@ -2115,6 +2115,10 @@ EOF cp /usr/share/modsecurity-crs/unicode.mapping /etc/modsecurity/unicode.mapping elif [[ -f /usr/share/modsecurity/unicode.mapping ]]; then cp /usr/share/modsecurity/unicode.mapping /etc/modsecurity/unicode.mapping + elif [[ -f /etc/nginx/unicode.mapping ]]; then + cp /etc/nginx/unicode.mapping /etc/modsecurity/unicode.mapping + elif [[ -f /usr/share/nginx/docs/modsecurity/unicode.mapping ]]; then + cp /usr/share/nginx/docs/modsecurity/unicode.mapping /etc/modsecurity/unicode.mapping fi fi diff --git a/install_from_gitea.sh b/install_from_gitea.sh index 9a93294..098f843 100755 --- a/install_from_gitea.sh +++ b/install_from_gitea.sh @@ -2115,6 +2115,10 @@ EOF cp /usr/share/modsecurity-crs/unicode.mapping /etc/modsecurity/unicode.mapping elif [[ -f /usr/share/modsecurity/unicode.mapping ]]; then cp /usr/share/modsecurity/unicode.mapping /etc/modsecurity/unicode.mapping + elif [[ -f /etc/nginx/unicode.mapping ]]; then + cp /etc/nginx/unicode.mapping /etc/modsecurity/unicode.mapping + elif [[ -f /usr/share/nginx/docs/modsecurity/unicode.mapping ]]; then + cp /usr/share/nginx/docs/modsecurity/unicode.mapping /etc/modsecurity/unicode.mapping fi fi