Fix error in add package if field is missing (hestiacp#3883)

jaapmarcus · web-flow · commit 80b38fbc476e · 2023-08-02T17:51:15.000-03:00
diff --git a/web/add/package/index.php b/web/add/package/index.php
@@ -17,35 +17,35 @@
 if (!empty($_POST["ok"])) {
 	// Check token
 	verify_csrf($_POST);
-
+	$errors = [];
 	// Check empty fields
-	if (empty($_POST["v_package"])) {
+	if (!isset($_POST["v_package"])) {
 		$errors[] = _("Package");
 	}
-	if (empty($_POST["v_web_template"])) {
+	if (!isset($_POST["v_web_template"])) {
 		$errors[] = _("Web Template");
 	}
 	if (!empty($_SESSION["WEB_BACKEND"])) {
-		if (empty($_POST["v_backend_template"])) {
+		if (!isset($_POST["v_backend_template"])) {
 			$errors[] = _("Backend Template");
 		}
 	} else {
 		# When modphp is enabled
 		$_POST["v_backend_template"] = "";
 	}
 	if (!empty($_SESSION["PROXY_SYSTEM"])) {
-		if (empty($_POST["v_proxy_template"])) {
+		if (!isset($_POST["v_proxy_template"])) {
 			$errors[] = _("Proxy Template");
 		}
 	} else {
 		# when nginx only is enabled
 		$_POST["v_proxy_template"] = "default";
 	}
-	if (empty($_POST["v_dns_template"])) {
+	if (!isset($_POST["v_dns_template"])) {
 		$errors[] = _("DNS Template");
 	}
-	if (empty($_POST["v_shell"])) {
-		$errrors[] = _("Shell");
+	if (!isset($_POST["v_shell"])) {
+		$errors[] = _("Shell");
 	}
 	if (!isset($_POST["v_web_domains"])) {
 		$errors[] = _("Web Domains");
@@ -101,99 +101,99 @@
 			}
 		}
 		$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
-	}
-
-	// Protect input
-	$v_package = quoteshellarg($_POST["v_package"]);
-	$v_web_template = quoteshellarg($_POST["v_web_template"]);
-	$v_backend_template = quoteshellarg($_POST["v_backend_template"]);
-	$v_proxy_template = quoteshellarg($_POST["v_proxy_template"]);
-	$v_dns_template = quoteshellarg($_POST["v_dns_template"]);
-	$v_shell = quoteshellarg($_POST["v_shell"]);
-	$v_web_domains = quoteshellarg($_POST["v_web_domains"]);
-	$v_web_aliases = quoteshellarg($_POST["v_web_aliases"]);
-	$v_dns_domains = quoteshellarg($_POST["v_dns_domains"]);
-	$v_dns_records = quoteshellarg($_POST["v_dns_records"]);
-	$v_mail_domains = quoteshellarg($_POST["v_mail_domains"]);
-	$v_mail_accounts = quoteshellarg($_POST["v_mail_accounts"]);
-	$v_databases = quoteshellarg($_POST["v_databases"]);
-	$v_cron_jobs = quoteshellarg($_POST["v_cron_jobs"]);
-	$v_backups = quoteshellarg($_POST["v_backups"]);
-	$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
-	$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
-	$v_ratelimit = quoteshellarg($_POST["v_ratelimit"]);
-	$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
-	$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
-	$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
-	$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
-	$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
-	$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
-	$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
-	$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
-
-	$v_ns = $v_ns1 . "," . $v_ns2;
-	if (!empty($v_ns3)) {
-		$v_ns .= "," . $v_ns3;
-	}
-	if (!empty($v_ns4)) {
-		$v_ns .= "," . $v_ns4;
-	}
-	if (!empty($v_ns5)) {
-		$v_ns .= "," . $v_ns5;
-	}
-	if (!empty($v_ns6)) {
-		$v_ns .= "," . $v_ns6;
-	}
-	if (!empty($v_ns7)) {
-		$v_ns .= "," . $v_ns7;
-	}
-	if (!empty($v_ns8)) {
-		$v_ns .= "," . $v_ns8;
-	}
-	$v_ns = quoteshellarg($v_ns);
-	$v_time = quoteshellarg(date("H:i:s"));
-	$v_date = quoteshellarg(date("Y-m-d"));
+	} else {
+		// Protect input
+		$v_package = quoteshellarg($_POST["v_package"]);
+		$v_web_template = quoteshellarg($_POST["v_web_template"]);
+		$v_backend_template = quoteshellarg($_POST["v_backend_template"]);
+		$v_proxy_template = quoteshellarg($_POST["v_proxy_template"]);
+		$v_dns_template = quoteshellarg($_POST["v_dns_template"]);
+		$v_shell = quoteshellarg($_POST["v_shell"]);
+		$v_web_domains = quoteshellarg($_POST["v_web_domains"]);
+		$v_web_aliases = quoteshellarg($_POST["v_web_aliases"]);
+		$v_dns_domains = quoteshellarg($_POST["v_dns_domains"]);
+		$v_dns_records = quoteshellarg($_POST["v_dns_records"]);
+		$v_mail_domains = quoteshellarg($_POST["v_mail_domains"]);
+		$v_mail_accounts = quoteshellarg($_POST["v_mail_accounts"]);
+		$v_databases = quoteshellarg($_POST["v_databases"]);
+		$v_cron_jobs = quoteshellarg($_POST["v_cron_jobs"]);
+		$v_backups = quoteshellarg($_POST["v_backups"]);
+		$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
+		$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
+		$v_ratelimit = quoteshellarg($_POST["v_ratelimit"]);
+		$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
+		$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
+		$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
+		$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
+		$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
+		$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
+		$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
+		$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
 
-	// Create package file
-	if (empty($_SESSION["error_msg"])) {
-		$pkg = "WEB_TEMPLATE=" . $v_web_template . "\n";
-		if (!empty($_SESSION["WEB_BACKEND"])) {
-			$pkg .= "BACKEND_TEMPLATE=" . $v_backend_template . "\n";
+		$v_ns = $v_ns1 . "," . $v_ns2;
+		if (!empty($v_ns3)) {
+			$v_ns .= "," . $v_ns3;
+		}
+		if (!empty($v_ns4)) {
+			$v_ns .= "," . $v_ns4;
+		}
+		if (!empty($v_ns5)) {
+			$v_ns .= "," . $v_ns5;
+		}
+		if (!empty($v_ns6)) {
+			$v_ns .= "," . $v_ns6;
+		}
+		if (!empty($v_ns7)) {
+			$v_ns .= "," . $v_ns7;
 		}
-		if (!empty($_SESSION["PROXY_SYSTEM"])) {
-			$pkg .= "PROXY_TEMPLATE=" . $v_proxy_template . "\n";
+		if (!empty($v_ns8)) {
+			$v_ns .= "," . $v_ns8;
 		}
-		$pkg .= "DNS_TEMPLATE=" . $v_dns_template . "\n";
-		$pkg .= "WEB_DOMAINS=" . $v_web_domains . "\n";
-		$pkg .= "WEB_ALIASES=" . $v_web_aliases . "\n";
-		$pkg .= "DNS_DOMAINS=" . $v_dns_domains . "\n";
-		$pkg .= "DNS_RECORDS=" . $v_dns_records . "\n";
-		$pkg .= "MAIL_DOMAINS=" . $v_mail_domains . "\n";
-		$pkg .= "MAIL_ACCOUNTS=" . $v_mail_accounts . "\n";
-		$pkg .= "DATABASES=" . $v_databases . "\n";
-		$pkg .= "CRON_JOBS=" . $v_cron_jobs . "\n";
-		$pkg .= "DISK_QUOTA=" . $v_disk_quota . "\n";
-		$pkg .= "BANDWIDTH=" . $v_bandwidth . "\n";
-		$pkg .= "RATE_LIMIT=" . $v_ratelimit . "\n";
-		$pkg .= "NS=" . $v_ns . "\n";
-		$pkg .= "SHELL=" . $v_shell . "\n";
-		$pkg .= "BACKUPS=" . $v_backups . "\n";
-		$pkg .= "TIME=" . $v_time . "\n";
-		$pkg .= "DATE=" . $v_date . "\n";
+		$v_ns = quoteshellarg($v_ns);
+		$v_time = quoteshellarg(date("H:i:s"));
+		$v_date = quoteshellarg(date("Y-m-d"));
 
-		$tmpfile = tempnam("/tmp/", "hst_");
-		$fp = fopen($tmpfile, "w");
-		fwrite($fp, $pkg);
-		exec(
-			HESTIA_CMD . "v-add-user-package " . $tmpfile . " " . $v_package,
-			$output,
-			$return_var,
-		);
-		check_return_code($return_var, $output);
-		unset($output);
+		// Create package file
+		if (empty($_SESSION["error_msg"])) {
+			$pkg = "WEB_TEMPLATE=" . $v_web_template . "\n";
+			if (!empty($_SESSION["WEB_BACKEND"])) {
+				$pkg .= "BACKEND_TEMPLATE=" . $v_backend_template . "\n";
+			}
+			if (!empty($_SESSION["PROXY_SYSTEM"])) {
+				$pkg .= "PROXY_TEMPLATE=" . $v_proxy_template . "\n";
+			}
+			$pkg .= "DNS_TEMPLATE=" . $v_dns_template . "\n";
+			$pkg .= "WEB_DOMAINS=" . $v_web_domains . "\n";
+			$pkg .= "WEB_ALIASES=" . $v_web_aliases . "\n";
+			$pkg .= "DNS_DOMAINS=" . $v_dns_domains . "\n";
+			$pkg .= "DNS_RECORDS=" . $v_dns_records . "\n";
+			$pkg .= "MAIL_DOMAINS=" . $v_mail_domains . "\n";
+			$pkg .= "MAIL_ACCOUNTS=" . $v_mail_accounts . "\n";
+			$pkg .= "DATABASES=" . $v_databases . "\n";
+			$pkg .= "CRON_JOBS=" . $v_cron_jobs . "\n";
+			$pkg .= "DISK_QUOTA=" . $v_disk_quota . "\n";
+			$pkg .= "BANDWIDTH=" . $v_bandwidth . "\n";
+			$pkg .= "RATE_LIMIT=" . $v_ratelimit . "\n";
+			$pkg .= "NS=" . $v_ns . "\n";
+			$pkg .= "SHELL=" . $v_shell . "\n";
+			$pkg .= "BACKUPS=" . $v_backups . "\n";
+			$pkg .= "TIME=" . $v_time . "\n";
+			$pkg .= "DATE=" . $v_date . "\n";
 
-		fclose($fp);
-		unlink($tmpfile);
+			$tmpfile = tempnam("/tmp/", "hst_");
+			$fp = fopen($tmpfile, "w");
+			fwrite($fp, $pkg);
+			exec(
+				HESTIA_CMD . "v-add-user-package " . $tmpfile . " " . $v_package,
+				$output,
+				$return_var,
+			);
+			check_return_code($return_var, $output);
+			unset($output);
+
+			fclose($fp);
+			unlink($tmpfile);
+		}
 	}
 
 	// Flush field values on success
