Merge branch 'main' into release

Author: jaapmarcus

CHANGELOG.md

@@ -1,6 +1,35 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.4.2] - Service release
+
+- **NOTE:** During the 1.4.1 / 1.4.0 release we have introduced a bug for Ubuntu 20.04 and 18.04 users with multiple network ports on the server. This release will solve the issue caused by this bug! If you are unable to download the backup please do the following:
+
+```
+    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+```
+
+Then run the update via 
+
+```
+    apt update && apt upgrade
+```
+
+### Bugfixes
+
+- Fix issue wit startup script for iptables / network (#1849) (@myrevery)
+- Fix problem with accidentally replacing nginx.conf during upgrade nginx (#1878 / @myrevery)
+- Fix issue with installing Ubuntu 18.04
+- Fix issue with login into file manger as admin user
+- Added proxy_extentions back to support older custom templates
+- Added the possibility to skip the forced reboot when interactive is set to no
+- Fixed an issue with modx template
+- Updated translations (Croatian, Czech and Italian)  
+- Fixed an issue where users where not able to save / update web domains when POLICY_USER_EDIT_WEB_TEMPLATES is enabled (#1872)
+- Fixed an issue where admin users where not able to add new ssh key for users (#1870)
+- Fixed an issue where domain.com was not affected as a valid domain (#1874)
+- Fixed an issue where "development" icon was not removed on update to release (#1835)
+  
 ## [1.4.1] - Bug fix
 
 - Fixed bug with 2FA enabled logins 

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.1 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.4.2 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>

bin/v-add-sys-roundcube

@@ -51,20 +51,20 @@ if [ -z "$HOMEDIR" ] || [ -z "$HESTIA_INSTALL_DIR" ]; then
 fi
 
 if [ -z "$(echo "$DB_SYSTEM" | grep -w 'mysql')" ]; then
-    echo "ERROR: Mysql not available. Instalation aborted"
+    echo "ERROR: Mysql not available. Installation aborted"
     exit 2
 fi
 
 if [ -d "/usr/share/roundcube" ]; then
-    echo "ERROR: Install done from atp source unable to continue"
+    echo "ERROR: Install done from apt source, unable to continue"
     exit 2;
 fi
 
 # Get current version 
 if [ -f "/var/lib/roundcube/index.php" ]; then
     version=$(cat $RC_INSTALL_DIR/index.php | grep -o -E '[0-9].[0-9].[0-9]+' | head -1);
     if [ "$version" == "$rc_v" ]; then
-        echo "Error: Installed version ($version) is equal as the availble version ($rc_v)"
+        echo "Error: Installed version ($version) is equal to the available version ($rc_v)"
         exit 2;
     else 
         UPDATE="yes"

bin/v-add-web-domain

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add web domain
-# options: USER DOMAIN [IP] [ALIASES] [PROXY_EXTENSIONS] [RESTART]
+# options: USER DOMAIN [IP] [RESTART] [ALIASES] [PROXY_EXTENSIONS]
 # labels: web
 #
 # example: v-add-web-domain admin wonderland.com 192.18.22.43 yes www.wonderland.com

bin/v-stop-firewall

@@ -76,31 +76,30 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed"; then
-        preup="/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
+    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
+        preup="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
         if [ ! -e "$preup" ]; then
-            for iface in $(ip token | awk -F 'dev ' '{print $2}'); do 
-                if [ -z "$interfaces" ]; then
-                    interfaces=" \"\$IFACE\"==\"$iface\""
-                else
-                    interfaces="$interfaces || \"\$IFACE\"==\"$iface\" ";
-                fi
-            done
             IFS='%'
-            echo '#!/bin/bash' > $preup
+            echo '#!/bin/sh' > $preup
             echo '' >> $preup
-            echo 'if [['$interfaces']]; then' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
             echo '    sleep 3' >> $preup
             echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
             echo 'fi' >> $preup
             echo "exit 0" >> $preup
             chmod +x $preup
         fi
     else
-        preup="/etc/network/if-pre-up.d/iptables"
+        preup="/etc/network/if-pre-up.d/hestia-iptables"
         if [ ! -e "$preup" ]; then
+            IFS='%'
             echo '#!/bin/sh' > $preup
-            echo "/sbin/iptables-restore < /etc/iptables.rules" >> $preup
+            echo '' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
+            echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
+            echo 'fi' >> $preup
             echo "exit 0" >> $preup
             chmod +x $preup
         fi

bin/v-update-firewall

@@ -183,27 +183,30 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed"; then
-        preup="/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
+    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
+        preup="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
         if [ ! -e "$preup" ]; then
             IFS='%'
-            echo '#!/bin/bash' > $preup
-            echo '' >> $preup
-            echo "${HESTIA}/bin/v-update-firewall-ipset" >> $preup
+            echo '#!/bin/sh' > $preup
             echo '' >> $preup
-            echo 'if [ "$IFACE" == "'$(/bin/ip token | awk -F 'dev ' '{print $2}')'" ]; then' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
             echo '    sleep 3' >> $preup
             echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
             echo 'fi' >> $preup
             echo "exit 0" >> $preup
             chmod +x $preup
         fi
     else
-        preup="/etc/network/if-pre-up.d/iptables"
+        preup="/etc/network/if-pre-up.d/hestia-iptables"
         if [ ! -e "$preup" ]; then
+            IFS='%'
             echo '#!/bin/sh' > $preup
-            echo "${HESTIA}/bin/v-update-firewall-ipset" >> $preup
-            echo "/sbin/iptables-restore < /etc/iptables.rules" >> $preup
+            echo '' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
+            echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
+            echo 'fi' >> $preup
             echo "exit 0" >> $preup
             chmod +x $preup
         fi

func/domain.sh

@@ -231,7 +231,11 @@ add_web_config() {
             WEBTPL_LOCATION="$WEBTPL/$1/$WEB_BACKEND"
         fi
     fi
-
+    
+    # Note: Removing or renaming template variables will lead to broken custom templates.
+    #   -If possible custom templates should be automatically upgraded to use the new format
+    #   -Alternatively a depreciation period with proper notifications should be considered 
+    
     cat "${WEBTPL_LOCATION}/$2" | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$domain|g" \
@@ -248,6 +252,7 @@ add_web_config() {
             -e "s|%proxy_system%|$PROXY_SYSTEM|g" \
             -e "s|%proxy_port%|$PROXY_PORT|g" \
             -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \
+            -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \
             -e "s/%proxy_extensions%/${PROXY_EXT//,/|}/g" \
             -e "s|%user%|$user|g" \
             -e "s|%group%|$user|g" \
@@ -562,7 +567,7 @@ is_dns_fqnd() {
     r=$2
     fqdn_type=$(echo $t | grep "NS\|CNAME\|MX\|PTR\|SRV")
     tree_length=3
-    if [ $t = 'CNAME' ]; then
+    if [[ $t = 'CNAME' || $t = 'MX' ]]; then
         tree_length=2
     fi
 
@@ -739,6 +744,10 @@ add_webmail_config() {
 
     fi
 
+    # Note: Removing or renaming template variables will lead to broken custom templates.
+    #   -If possible custom templates should be automatically upgraded to use the new format
+    #   -Alternatively a depreciation period with proper notifications should be considered 
+    
     cat $MAILTPL/$1/$2 | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$WEBMAIL_ALIAS.$domain|g" \

func/upgrade.sh

@@ -151,8 +151,16 @@ upgrade_get_version() {
 
 upgrade_set_version() {
     # Set new version number in hestia.conf
-    sed -i "/VERSION/d" $HESTIA/conf/hestia.conf
-    echo "VERSION='$@'" >> $HESTIA/conf/hestia.conf
+    $BIN/v-change-sys-config-value "VERSION" "$@"
+}
+
+upgrade_set_branch() {
+    
+    # Set branch in hestia.conf
+    DISPLAY_VER=$(echo $@ | sed "s|~alpha||g" | sed "s|~beta||g");
+    if [ "$DISPLAY_VER" = "$@" ]; then 
+        $BIN/v-change-sys-config-value "RELEASE_BRANCH" "release"
+    fi
 }
 
 upgrade_send_notification_to_panel () {

install/deb/filemanager/filegator/configuration.php

@@ -15,9 +15,12 @@
         if (isset($_SESSION['user'])) {
             $v_user = $_SESSION['user'];
         }
-        if (isset($_SESSION['look']) && ($_SESSION['userContext'] === 'admin') && ($_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN'] === 'no')) {
+        if (isset($_SESSION['look']) && ($_SESSION['userContext'] === 'admin')) {
             $v_user = $_SESSION['look'];
         }
+        if ((isset($_SESSION['look']) && ($_SESSION['look'] == 'admin') && ($_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN'] == 'yes') )) {
+            header('Location: /');
+        }
         # Create filemanager sftp key if missing and trash it after 30 min
         if (! file_exists('/home/'.basename($v_user).'/.ssh/hst-filemanager-key')) {
             exec ("sudo /usr/local/hestia/bin/v-add-user-sftp-key " . escapeshellarg(basename($v_user)) . " 30", $output, $return_var);

install/deb/templates/web/nginx/php-fpm/modx.stpl

@@ -58,12 +58,14 @@ server {
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
             include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-                if ($request_uri ~* "/manager/|index.php") {
-                    set $no_cache 1;
-                }
-                if ($http_cookie ~ SESS) {
-                    set $no_cache 1;
-                }
+            
+            if ($request_uri ~* "/manager/|index.php") {
+                set $no_cache 1;
+            }
+            if ($http_cookie ~ SESS) {
+                set $no_cache 1;
+            }
+        }
     }
 
     location /error/ {