unicode characters in shell arguments (composer solution) (hestiacp#2720)

* unicode characters in shell arguments (composer solution)

a composer-based alternative to PR hestiacp#2717

* linter fix

Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in ./web/src/app/System/HestiaApp.php on line 6 Errors parsing ./web/src/app/System/HestiaApp.php

* Move to Hestia controlled repo

+ Fix 1 missing escapeshellargs

Co-authored-by: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>

Author: divinity76

CHANGELOG.md

@@ -6,26 +6,26 @@ All notable changes to this project will be documented in this file.
 ### Bugfixes
 
 - Fixed an issue with downloading log files ()
-- Fixed an issue with installing Quick Installers (#2762, #2760, @divinity76)
+- Fixed an issue with installing Quick Installers (#2762, #2760, @Hestiacp)
 - Fixed an issue with Apache Access / Awstats logs IP after using v-update-sys-ip (#2759 @adion-gorani)
 
 ## [1.6.3] - Service release 
 
 ### Features
 
-- Add additional support for bcrypt for mail passwords (#2752 @divinity76)
+- Add additional support for bcrypt for mail passwords (#2752 @Hestiacp)
 
 ### Enhancements 
 
-- Simplify md5crypt on reset form email (#2751 @divinity76)
+- Simplify md5crypt on reset form email (#2751 @Hestiacp)
 - Use secure RNG to generate passwords (#2726)
 - Add twig support filemanger (#2714, @anvme)
 
 ### Bugfixes
 
 - Fixed an issue with restart Apache2 and Nginx after v-update-letsencrypt (#2748, #2563, #2744, #2677)
 - Prevent transversing path in Quick installer apps (#2742)
-- Avoid out of memory serving large logfiles (#2741, #2736,  @divinity76
+- Avoid out of memory serving large logfiles (#2741, #2736,  @Hestiacp
 - Improve passwords loading in password_valid (#2739)
 - Use secure RNG to generate passwords (#2726)
 - Utilise entire alphabet for random string (#2735 @Shadowfied)

install/deb/filemanager/filegator/backend/Services/Archiver/Adapters/HestiaZipArchiver.php

@@ -7,6 +7,7 @@
 use Filegator\Services\Service;
 use Filegator\Services\Storage\Filesystem as Storage;
 use Filegator\Services\Tmpfs\TmpfsInterface;
+use function Hestiacp\quoteshellarg\quoteshellarg;
 
 
 class HestiaZipArchiver extends ZipArchiver implements Service, ArchiverInterface
@@ -39,9 +40,9 @@ public function uncompress(string $source, string $destination, Storage $storage
         }
 
         exec ("sudo /usr/local/hestia/bin/v-extract-fs-archive " .
-            escapeshellarg($v_user)  . " " .
-            escapeshellarg($source) . " " .
-            escapeshellarg($destination)
+            quoteshellarg($v_user)  . " " .
+            quoteshellarg($source) . " " .
+            quoteshellarg($destination)
         ,$output, $return_var);
 
     }

install/deb/filemanager/filegator/backend/Services/Auth/Adapters/HestiaAuth.php

@@ -14,6 +14,7 @@
 use Filegator\Services\Auth\User;
 use Filegator\Services\Auth\UsersCollection;
 use Filegator\Services\Service;
+use function Hestiacp\quoteshellarg\quoteshellarg;
 
 /**
  * @codeCoverageIgnore
@@ -49,7 +50,7 @@ public function init(array $config = [])
     public function user(): ?User
     {
         $cmd="/usr/bin/sudo /usr/local/hestia/bin/v-list-user";
-        exec($cmd." ".escapeshellarg($this->hestia_user)." json", $output, $return_var);
+        exec($cmd." ".quoteshellarg($this->hestia_user)." json", $output, $return_var);
 
         if ($return_var == 0) {
             $data = json_decode(implode('', $output), true);

install/deb/filemanager/filegator/composer.json

@@ -19,7 +19,8 @@
         "rakit/validation": "^1.1",
         "league/flysystem": "^1.1",
         "league/flysystem-ziparchive": "^1.0",
-        "league/flysystem-sftp": "^1.0"
+        "league/flysystem-sftp": "^1.0",
+        "hestiacp/phpquoteshellarg": "^1.0"
     },
     "authors": [
         {

install/deb/filemanager/filegator/composer.lock

@@ -1,4 +1,5 @@
 <?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
 
 $dist_config = require __DIR__.'/configuration_sample.php';
 
@@ -24,10 +25,10 @@
     }
     # Create filemanager sftp key if missing and trash it after 30 min
     if (! file_exists('/home/'.basename($v_user).'/.ssh/hst-filemanager-key')) {
-        exec("sudo /usr/local/hestia/bin/v-add-user-sftp-key " . escapeshellarg(basename($v_user)) . " 30", $output, $return_var);
+        exec("sudo /usr/local/hestia/bin/v-add-user-sftp-key " . quoteshellarg(basename($v_user)) . " 30", $output, $return_var);
         // filemanager also requires .ssh chmod o+x ... hopefully we can improve it to g+x or u+x someday
         // current minimum for filemanager: chmod 0701 .ssh
-        shell_exec("sudo chmod o+x " . escapeshellarg('/home/' . basename($v_user) . '/.ssh'));
+        shell_exec("sudo chmod o+x " . quoteshellarg('/home/' . basename($v_user) . '/.ssh'));
     }
 
     if (!isset($_SESSION['SFTP_PORT'])) {

install/deb/filemanager/filegator/configuration.php

@@ -31,7 +31,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.6.4'
+HESTIA_INSTALL_VER='1.6.5~alpha'
 # Dependencies
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1")
 fpm_v="8.0"

install/hst-install-debian.sh

@@ -31,7 +31,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.6.4'
+HESTIA_INSTALL_VER='1.6.5~alpha'
 # Dependencies
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1")
 fpm_v="8.0"

install/hst-install-ubuntu.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.6.4
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+####### Pass through information to the end user in case of a issue or problem  #######
+#######                                                                         #######
+####### Use add_upgrade_message "My message here" to include a message          #######
+####### in the upgrade notification email. Example:                             #######
+#######                                                                         #######
+####### add_upgrade_message "My message here"                                   #######
+#######                                                                         #######
+####### You can use \n within the string to create new lines.                   #######
+#######################################################################################
+
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
+upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
+upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
+upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
+upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

install/upgrade/versions/1.6.4.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.6.4
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+####### Pass through information to the end user in case of a issue or problem  #######
+#######                                                                         #######
+####### Use add_upgrade_message "My message here" to include a message          #######
+####### in the upgrade notification email. Example:                             #######
+#######                                                                         #######
+####### add_upgrade_message "My message here"                                   #######
+#######                                                                         #######
+####### You can use \n within the string to create new lines.                   #######
+#######################################################################################
+
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
+upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
+upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
+upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
+upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
+
+#Add phpquoteshellarg as dependency
+if [ "$FILE_MANAGER" = "true" ]; then
+    $HESTIA/bin/v-delete-sys-filemanager quiet
+    $HESTIA/bin/v-delete-sys-filemanager quiet
+fi
+
+$HESTIA/bin/v-add-sys-phpmailer
+