Fix multiple small bugs (hestiacp#1877)

* Fix hestiacp#1870  Pass trough the GET user var
* Fix hestiacp#1872 Unable to alter template
POLICY_USER_EDIT_WEB_TEMPLATES = no still expected the fields to be preset and changed
* hestiacp#1874 Allow domain.com for MX record
* Fix hestiacp#1835 Set correct branch on update via packages
* Fix incorrect example v-add-web-domain
* Fix potential XXS issue

Author: jaapmarcus

CHANGELOG.md

@@ -1,6 +1,15 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## Development
+
+### Bug fix
+ 
+- # Fixed a issue where users where not able to save / update web domains when POLICY_USER_EDIT_WEB_TEMPLATES is enabled (#1872)
+- # Fixed a issue where admin users where not able to add new ssh key for users (#1870)
+- # Fixed a issue where domain.com was not affected as a valid domain (#1874)
+- # Fixed a issue where "development" icon was not removed on update to release (#1835)
+  
 ## [1.4.1] - Bug fix
 
 - Fixed bug with 2FA enabled logins 

bin/v-add-web-domain

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add web domain
-# options: USER DOMAIN [IP] [ALIASES] [PROXY_EXTENSIONS] [RESTART]
+# options: USER DOMAIN [IP] [RESTART] [ALIASES] [PROXY_EXTENSIONS]
 # labels: web
 #
 # example: v-add-web-domain admin wonderland.com 192.18.22.43 yes www.wonderland.com

func/domain.sh

@@ -567,7 +567,7 @@ is_dns_fqnd() {
     r=$2
     fqdn_type=$(echo $t | grep "NS\|CNAME\|MX\|PTR\|SRV")
     tree_length=3
-    if [ $t = 'CNAME' ]; then
+    if [[ $t = 'CNAME' || $t = 'MX' ]]; then
         tree_length=2
     fi
 

func/upgrade.sh

@@ -151,8 +151,16 @@ upgrade_get_version() {
 
 upgrade_set_version() {
     # Set new version number in hestia.conf
-    sed -i "/VERSION/d" $HESTIA/conf/hestia.conf
-    echo "VERSION='$@'" >> $HESTIA/conf/hestia.conf
+    $BIN/v-change-sys-config-value "VERSION" "$@"
+}
+
+upgrade_set_branch() {
+    
+    # Set branch in hestia.conf
+    DISPLAY_VER=$(echo $@ | sed "s|~alpha||g" | sed "s|~beta||g");
+    if [ "$DISPLAY_VER" = "$@" ]; then 
+        $BIN/v-change-sys-config-value "RELEASE_BRANCH" "release"
+    fi
 }
 
 upgrade_send_notification_to_panel () {

src/deb/hestia/postinst

@@ -75,6 +75,7 @@ upgrade_rainloop | tee -a $LOG
 
 # Set new version number in hestia.conf
 upgrade_set_version $new_version
+upgrade_set_branch $new_version
 
 # Perform upgrade clean-up tasks (rebuild domains and users, restart services, delete temporary files)
 upgrade_cleanup_message | tee -a $LOG

web/add/key/index.php

@@ -17,9 +17,15 @@
         $_SESSION['error_msg'] = _('Field SSH_KEY can not be blank.');
     }
 
+    if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
+        $user = $_GET['user'];
+    }
+    
+    $user = escapeshellarg($user);
+    
     if(!$_SESSION['error_msg']){
         if($_POST){
-            //key if key already exisits
+            //key if key already exists
             exec (HESTIA_CMD . "v-list-user-ssh-key ".$user." json", $output, $return_var);
             $data = json_decode(implode('', $output), true);
             unset($output);

web/edit/web/index.php

@@ -231,14 +231,87 @@
         }
     }
 
-    // Change template
-    if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
-        exec (HESTIA_CMD."v-change-web-domain-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v_template'])." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $restart_web = 'yes';
-    }
 
+    if (($_SESSION['POLICY_USER_EDIT_WEB_TEMPLATES'] == 'yes') || ($_SESSION['userContext'] === "admin")){
+        // Change template
+        if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
+            exec (HESTIA_CMD."v-change-web-domain-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v_template'])." 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            $restart_web = 'yes';
+        }
+        
+        // Change backend template
+        if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template'])  && (empty($_SESSION['error_msg']))) {
+            $v_backend_template = $_POST['v_backend_template'];
+            exec (HESTIA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_backend_template), $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+        }
+    
+        // Enable/Disable nginx cache
+        if (($_SESSION['WEB_SYSTEM'] == 'nginx') && ($v_nginx_cache_check != $_POST['v_nginx_cache_check'] ) || ($v_nginx_cache_duration != $_POST['v_nginx_cache_duration'] && $_POST['v_nginx_cache'] = "yes" ) && (empty($_SESSION['error_msg']))) {
+            if ( $_POST['v_nginx_cache_check'] == 'on' ) {
+                if (empty ($_POST['v_nginx_cache_duration'])){
+                    echo $_POST['v_nginx_cache_duration'] = "2m";
+                }
+                exec (HESTIA_CMD."v-add-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain).' '. escapeshellarg($_POST['v_nginx_cache_duration']) , $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output); 
+            } else {
+                exec (HESTIA_CMD."v-delete-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output); 
+            }
+            $restart_web = 'yes';
+        }
+    
+        // Delete proxy support
+        if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
+            exec (HESTIA_CMD."v-delete-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unset($v_proxy);
+            $restart_web = 'yes';
+        }
+    
+        // Change proxy template / Update extension list
+        if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg'])) ) {
+            $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
+            $ext = preg_replace("/,/", " ", $ext);
+            $ext = preg_replace('/\s+/', ' ',$ext);
+            $ext = trim($ext);
+            $ext = str_replace(' ', ", ", $ext);
+            if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
+                $ext = str_replace(', ', ",", $ext);
+                if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
+                exec (HESTIA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+                check_return_code($return_var,$output);
+                $v_proxy_ext = str_replace(',', ', ', $ext);
+                unset($output);
+                $restart_proxy = 'yes';
+            }
+        }
+    
+        // Add proxy support
+        if ((!empty($_SESSION['PROXY_SYSTEM'])) && (empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
+            $v_proxy_template = $_POST['v_proxy_template'];
+            if (!empty($_POST['v_proxy_ext'])) {
+                $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
+                $ext = preg_replace("/,/", " ", $ext);
+                $ext = preg_replace('/\s+/', ' ',$ext);
+                $ext = trim($ext);
+                $ext = str_replace(' ', ",", $ext);
+                $v_proxy_ext = str_replace(',', ', ', $ext);
+            }
+            exec (HESTIA_CMD."v-add-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            $restart_proxy = 'yes';
+        }
+        
+    
+    }
     // Change aliases
     if (empty($_SESSION['error_msg'])) {
         $waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
@@ -330,75 +403,6 @@
             unset($output);
         }
     }
-    
-    // Change backend template
-    if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template'])  && (empty($_SESSION['error_msg']))) {
-        $v_backend_template = $_POST['v_backend_template'];
-        exec (HESTIA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_backend_template), $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-    }
-
-    // Enable/Disable nginx cache
-    if (($_SESSION['WEB_SYSTEM'] == 'nginx') && ($v_nginx_cache_check != $_POST['v_nginx_cache_check'] ) || ($v_nginx_cache_duration != $_POST['v_nginx_cache_duration'] && $_POST['v_nginx_cache'] = "yes" ) && (empty($_SESSION['error_msg']))) {
-        if ( $_POST['v_nginx_cache_check'] == 'on' ) {
-            if (empty ($_POST['v_nginx_cache_duration'])){
-                echo $_POST['v_nginx_cache_duration'] = "2m";
-            }
-            exec (HESTIA_CMD."v-add-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain).' '. escapeshellarg($_POST['v_nginx_cache_duration']) , $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output); 
-        } else {
-            exec (HESTIA_CMD."v-delete-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output); 
-        }
-        $restart_web = 'yes';
-    }
-
-    // Delete proxy support
-    if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
-        exec (HESTIA_CMD."v-delete-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unset($v_proxy);
-        $restart_web = 'yes';
-    }
-
-    // Change proxy template / Update extension list
-    if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg'])) ) {
-        $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
-        $ext = preg_replace("/,/", " ", $ext);
-        $ext = preg_replace('/\s+/', ' ',$ext);
-        $ext = trim($ext);
-        $ext = str_replace(' ', ", ", $ext);
-        if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
-            $ext = str_replace(', ', ",", $ext);
-            if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
-            exec (HESTIA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_proxy_ext = str_replace(',', ', ', $ext);
-            unset($output);
-            $restart_proxy = 'yes';
-        }
-    }
-
-    // Add proxy support
-    if ((!empty($_SESSION['PROXY_SYSTEM'])) && (empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
-        $v_proxy_template = $_POST['v_proxy_template'];
-        if (!empty($_POST['v_proxy_ext'])) {
-            $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
-            $ext = preg_replace("/,/", " ", $ext);
-            $ext = preg_replace('/\s+/', ' ',$ext);
-            $ext = trim($ext);
-            $ext = str_replace(' ', ",", $ext);
-            $v_proxy_ext = str_replace(',', ', ', $ext);
-        }
-        exec (HESTIA_CMD."v-add-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $restart_proxy = 'yes';
-    }
 
     // Change document root for ssl domain
     if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {

web/templates/pages/add_key.html

@@ -2,7 +2,11 @@
 <div class="l-center edit">
 	<div class="l-sort clearfix">
 		<div class="l-unit-toolbar__buttonstrip">
-			<a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/key/"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
+                <a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/key/?user=<?=htmlentities($_GET['user']);?>"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php } else { ?>
+                <a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/key/"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php } ?>
 		</div>
 		<div class="l-unit-toolbar__buttonstrip float-right">
 			<a href="#" class="ui-button" data-action="submit" data-id="vstobjects"><i class="fas fa-save status-icon purple"></i><?=_('Save');?></a>

web/templates/pages/edit_web.html

@@ -5,7 +5,7 @@
 			<a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/web/"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 		</div>
 		<div class="l-unit-toolbar__buttonstrip float-right">
-			<a href="/delete/web/cache/?domain=<?=$_GET['domain'];?>&token=<?=$_SESSION['token'];?>" class="ui-button cancel <?php if ( $v_nginx_cache == 'yes' || ($v_proxy_template == 'caching' && $_SESSION['PROXY_SYSTEM'] == 'nginx')) { echo "block"; } else{ echo "hidden"; }?>" id="v-clear-cache">
+			<a href="/delete/web/cache/?domain=<?=$v_domain;?>&token=<?=$_SESSION['token'];?>" class="ui-button cancel <?php if ( $v_nginx_cache == 'yes' || ($v_proxy_template == 'caching' && $_SESSION['PROXY_SYSTEM'] == 'nginx')) { echo "block"; } else{ echo "hidden"; }?>" id="v-clear-cache">
 				<i class="fas fa-trash status-icon red"></i><?=_('Purge Nginx Cache');?>
 			</a>
 			<?php if ($_SESSION['PLUGIN_APP_INSTALLER'] !== 'false') {?>

web/templates/pages/list_key.html

@@ -3,7 +3,11 @@
 	<div class="l-sort clearfix noselect">
 		<div class="l-unit-toolbar__buttonstrip">
 			<a class="ui-button cancel" dir="ltr" id="btn-back" href="/edit/user/?user=<?=$user;?>&token=<?=$_SESSION['token']?>"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
+            <a href="/add/key/?user=<?=htmlentities($_GET['user']);?>" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add SSH Key');?></a>
+            <?php } else { ?>
 			<a href="/add/key/" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add SSH Key');?></a>
+            <?php } ?>
 		</div>
 	</div>
 </div>