Resolve multiple PHP errors (hestiacp#3841)

Fixed PHP errors in nginx-error.log:
session_start(): Ignoring session_start() because a session is already active in /usr/local/hestia/web/inc/main.php on line 2"
Undefined array key "v_credentials" in /usr/local/hestia/web/edit/mail/index.php on line 754;
Undefined variable $hostname in /usr/local/hestia/web/edit/mail/index.php on line 1073
Undefined array key "error_msg" in /usr/local/hestia/web/add/key/index.php on line 34"
Undefined array key "v_role" in /usr/local/hestia/web/edit/user/index.php on line 346"
Undefined variable $return_var in /usr/local/hestia/web/delete/key/index.php on line 17
Undefined variable $v_aliases in /usr/local/hestia/web/templates/pages/generate_ssl.php on line 23"
Undefined array key "v_upgrade_send_notification_email" in /usr/local/hestia/web/edit/server/index.php on line 692
Undefined array key "v_upgrade_send_notification_email" in /usr/local/hestia/web/edit/server/index.php on line 693
Undefined array key "v_debug_mode" in /usr/local/hestia/web/edit/server/index.php on line 410
Undefined array key "userTheme" in /usr/local/hestia/web/edit/user/index.php on line 443
Trying to access array offset on value of type null in /usr/local/hestia/web/login/index.php on line 85;

* Fix error when using bulk action but nothing selected
* Remove unused endpoints
* Update /suspend/* endpoint
* Fix bug in access-key
* Update renovate.json

Author: jaapmarcus

renovate.json

@@ -5,10 +5,10 @@
 		":pinAllExceptPeerDependencies",
 		":disableDependencyDashboard",
 		"group:allNonMajor",
-		"schedule:earlyMondays"
+		"schedule:weekdays"
 	],
 	"enabledManagers": ["npm", "composer", "github-actions"],
 	"ignorePaths": ["**/node_modules/**", "install/deb/filemanager/filegator/composer.json"],
-	"reviewers": ["jaapmarcus"],
+	"reviewers": ["jaapmarcus", "krismkenn"],
 	"branchPrefix": "dependencies"
 }

web/add/key/index.php

@@ -31,7 +31,7 @@
 		$user = quoteshellarg($_GET["user"]);
 	}
 
-	if (!$_SESSION["error_msg"]) {
+	if (empty($_SESSION["error_msg"])) {
 		if ($_POST) {
 			//key if key already exists
 			exec(HESTIA_CMD . "v-list-user-ssh-key " . $user . " json", $output, $return_var);

web/bulk/access-key/index.php

@@ -23,6 +23,15 @@
 	exit();
 }
 
+if (empty($_POST["key"])) {
+	header("Location: /list/access-key/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/access-key/");
+	exit();
+}
+
 $key = $_POST["key"];
 $action = $_POST["action"];
 

web/bulk/backup/exclusions/index.php

@@ -2,9 +2,17 @@
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
 ob_start();
-
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
+if (empty($_POST["backup"])) {
+	header("Location: /list/backup/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/backup/");
+	exit();
+}
+
 $backup = $_POST["backup"];
 $action = $_POST["action"];
 

web/bulk/backup/index.php

@@ -7,7 +7,16 @@
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["job"])) {
+	header("Location: /list/cron/");
+	exit();
+}
 $job = $_POST["job"];
+
+if (empty($_POST["action"])) {
+	header("Location: /list/cron/");
+	exit();
+}
 $action = $_POST["action"];
 
 if ($_SESSION["userContext"] === "admin") {

web/bulk/cron/index.php

@@ -8,6 +8,15 @@
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["database"])) {
+	header("Location: /list/db/");
+	exit();
+}
+
+if (empty($_POST["action"])) {
+	header("Location: /list/db/");
+	exit();
+}
 $database = $_POST["database"];
 $action = $_POST["action"];
 

web/bulk/db/index.php

@@ -8,12 +8,26 @@
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["domain"])) {
+	header("Location: /list/dns/");
+	exit();
+}
+
+if (empty($_POST["action"])) {
+	header("Location: /list/dns/");
+	exit();
+}
+
 $domain = $_POST["domain"];
-$record = $_POST["record"];
+if (empty($_POST["record"])) {
+	$record = "";
+} else {
+	$record = $_POST["record"];
+}
 $action = $_POST["action"];
 
 if ($_SESSION["userContext"] === "admin") {
-	if (empty($record)) {
+	if (empty($_POST["record"])) {
 		switch ($action) {
 			case "rebuild":
 				$cmd = "v-rebuild-dns-domain";
@@ -48,7 +62,7 @@
 		}
 	}
 } else {
-	if (empty($record)) {
+	if (empty($_POST["record"])) {
 		switch ($action) {
 			case "delete":
 				$cmd = "v-delete-dns-domain";
@@ -69,12 +83,16 @@
 	}
 }
 
-if (empty($record)) {
-	foreach ($domain as $value) {
-		// DNS
-		$value = quoteshellarg($value);
-		exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
-		$restart = "yes";
+if (empty($_POST["record"])) {
+	if (is_array($_POST["domain"])) {
+		foreach ($domain as $value) {
+			// DNS
+			$value = quoteshellarg($value);
+			exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
+			$restart = "yes";
+		}
+	} else {
+		header("Location: /list/dns/?domain=" . $domain);
 	}
 } else {
 	foreach ($record as $value) {
@@ -94,7 +112,7 @@
 	exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
 }
 
-if (empty($record)) {
+if (empty($_POST["record"])) {
 	header("Location: /list/dns/");
 	exit();
 } else {

web/bulk/dns/index.php

@@ -15,6 +15,15 @@
 	exit();
 }
 
+if (empty($_POST["ipchain"])) {
+	header("Location: /list/firewall/banlist/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/firewall/banlist/");
+	exit();
+}
+
 $ipchain = $_POST["ipchain"];
 $action = $_POST["action"];
 

web/bulk/firewall/banlist/index.php

@@ -15,6 +15,15 @@
 	exit();
 }
 
+if (empty($_POST["rule"])) {
+	header("Location: /list/firewall/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/firewall/");
+	exit();
+}
+
 $rule = $_POST["rule"];
 $action = $_POST["action"];