Merge pull request hestiacp#1273 from hestiacp/staging/fixes

Staging/fixes

Author: ScIT-Raphael

.gitignore

@@ -15,3 +15,4 @@ test/node_modules/
 npm-debug.log
 .phpunit.result.cache
 .vs
+.nova

CHANGELOG.md

@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file.
 - Updated translations system with the use of Gettext. Modified / Updated all translated strings.
 - Use php7.4 as default version.
 - Updated MariaDB to 10.5 (Manual upgrade required install/upgrade/manual/upgrade_mariadb.sh).
+- Added support for Turkish (emrahk [Forum](https://forum.hestiacp.com/t/how-to-contribute-with-translations/1664/4?u=eris) )
 
 ## Bugfixes
 - Removed root login (root / root password )
@@ -43,7 +44,7 @@ All notable changes to this project will be documented in this file.
 - Refactor LXD  Complier script
 - Set default theme to "Dark"
 - Clean up gmail.tpl (DNS) (@madito)
-
+- Improved translations (NL, DE, UK, RU, ES, IT, ZH-CN)
 
 ## [1.2.3] - Service Release
 ### Features

bin/v-add-user

@@ -62,6 +62,13 @@ check_result $? "user creation failed" $E_INVALID
 # Adding password
 echo "$user:$password" | /usr/sbin/chpasswd
 
+if [ $? -ne 0 ]; then 
+    # Delete user on failure
+    /usr/sbin/deluser "$user" > /dev/null 2>&1
+    echo "Error: Password not accepted due to PAM restrictions"
+    exit 2
+fi
+
 # Add a general group for normal users created by Hestia
 if [ -z "$(grep ^hestia-users: /etc/group)" ]; then
     groupadd --system "hestia-users"

bin/v-add-web-domain-ftp

@@ -93,6 +93,14 @@ fi
 
 # Set ftp user password
 echo "$ftp_user:$password" | /usr/sbin/chpasswd
+
+if [ $? -ne 0 ]; then 
+    # Delete user on failure again
+    /usr/sbin/deluser "$ftp_user"  > /dev/null 2>&1
+    echo "Error: Password not accepted due to PAM restrictions"
+    exit 2
+fi
+
 ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow)
 
 # Adding jailed sftp env

bin/v-change-user-password

@@ -47,6 +47,12 @@ check_hestia_demo_mode
 
 # Changing user password
 echo "$user:$password" | /usr/sbin/chpasswd
+
+if [ $? -ne 0 ]; then 
+    echo "Error: Password not accepted due to PAM restrictions"
+    exit 2
+fi
+
 md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
 
 if [ "$user" = 'admin' ] && [ -e "$HESTIA/web/reset.admin" ]; then

bin/v-change-web-domain-ftp-password

@@ -56,6 +56,12 @@ check_hestia_demo_mode
 
 # Changing ftp user password
 echo "$ftp_user:$password" | /usr/sbin/chpasswd
+
+if [ $? -ne 0 ]; then 
+    echo "Error: Password not accepted due to PAM restrictions"
+    exit 2
+fi
+
 ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow)
 
 

bin/v-restore-user

@@ -133,6 +133,11 @@ fi
 
 # Restoring user account
 if [ "$create_user" = 'yes' ]; then
+    
+    # Add check if user already exists as Linux User
+    getent passwd $user > /dev/null 2&>1
+    check_result "$E_EXISTS" "User already exists"  
+
     echo "-- USER --" |tee $tmpdir/restore.log
     echo -e "$(date "+%F %T") $user" |tee -a $tmpdir/restore.log
 

bin/v-update-sys-hestia-git

@@ -96,7 +96,7 @@ timestamp() {
 
 # Set install flags
 if [ ! -z "$1" ]; then
-    fork_check=$(curl -s --head -w %{http_code} https://raw.githubusercontent.com/$fork/hestiacp/release/src/deb/hestia/control -o /dev/null)
+    fork_check=$(curl -s --head -w %{http_code} https://raw.githubusercontent.com/$fork/hestiacp/main/src/deb/hestia/control -o /dev/null)
     if [ $fork_check -ne "200" ]; then
         echo "ERROR: invalid repository name specified."
         exit 1

install/deb/templates/web/nginx/php-fpm/prestashop.stpl

@@ -0,0 +1,142 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    # Force pdf files to be downloaded
+    location ~* \.pdf$ {
+        add_header Content-Disposition Attachment;
+        add_header X-Content-Type-Options nosniff;
+    }
+
+    # Force files in upload directory to be downloaded
+    location ~ ^/upload/ {
+        add_header Content-Disposition Attachment;
+        add_header X-Content-Type-Options nosniff;
+    }
+
+    # [REQUIRED EDIT IF MULTILANG]
+    # rewrite ^/fr$ /fr/ redirect;
+    # rewrite ^/fr/(.*) /$1;
+
+    # Images
+    rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
+    rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
+    rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
+    rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
+
+    # AlphaImageLoader for IE and fancybox
+    rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;
+
+    # Web service API
+    rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
+
+    # Installation sandbox
+    rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last;
+
+    # Source code directories
+    location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
+        deny all;
+	return 404;
+    }
+    
+    # vendor in modules directory
+    location ~ ^/modules/.*/vendor/ {
+        deny all;
+	return 404;
+    }
+    
+    # Prevent exposing other sensitive files
+    location ~ \.(yml|log|tpl|twig|sass)$ {
+        deny all;
+	return 404;
+    }
+
+    # Prevent injection of php files
+    location /upload {
+        location ~ \.php$ {
+            deny all;
+	    return 404;
+        }
+    }
+    location /img {
+        location ~ \.php$ {
+            deny all;
+	    return 404;
+        }
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+	    try_files $fastcgi_script_name /index.php$uri&$args =404;
+	    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page 403 /error/404.html;
+    error_page 404 /index.php?controller=404;
+    error_page 500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/prestashop.tpl

@@ -0,0 +1,137 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    # Force pdf files to be downloaded
+    location ~* \.pdf$ {
+        add_header Content-Disposition Attachment;
+        add_header X-Content-Type-Options nosniff;
+    }
+
+    # Force files in upload directory to be downloaded
+    location ~ ^/upload/ {
+        add_header Content-Disposition Attachment;
+        add_header X-Content-Type-Options nosniff;
+    }
+
+    # [REQUIRED EDIT IF MULTILANG]
+    # rewrite ^/fr$ /fr/ redirect;
+    # rewrite ^/fr/(.*) /$1;
+
+    # Images
+    rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
+    rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
+    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
+    rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
+    rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
+
+    # AlphaImageLoader for IE and fancybox
+    rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;
+
+    # Web service API
+    rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
+
+    # Installation sandbox
+    rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last;
+
+    # Source code directories
+    location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
+        deny all;
+	return 404;
+    }
+    
+    # vendor in modules directory
+    location ~ ^/modules/.*/vendor/ {
+        deny all;
+	return 404;
+    }
+    
+    # Prevent exposing other sensitive files
+    location ~ \.(yml|log|tpl|twig|sass)$ {
+        deny all;
+	return 404;
+    }
+
+    # Prevent injection of php files
+    location /upload {
+        location ~ \.php$ {
+            deny all;
+	    return 404;
+        }
+    }
+    location /img {
+        location ~ \.php$ {
+            deny all;
+	    return 404;
+        }
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+	    try_files $fastcgi_script_name /index.php$uri&$args =404;
+	    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page 403 /error/404.html;
+    error_page 404 /index.php?controller=404;
+    error_page 500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}