Fix multiple php error (hestiacp#3743)

jaapmarcus · web-flow · commit ab5a56b40dff · 2023-07-04T16:24:03.000+02:00
* Remove v_record_id from form Not used anyways * Fix array_walk function * Fix whitelabel page removed unused options * Sync up permissions with delete / add cron for auto update Role: admin could disable cron but not enable it again * Fix php errors on edit server page * Update docs link to new /docs/ endpoint Instead of https://hestiacp.com/docs/server-administration/troubleshooting.html Fix php bug in add mail
diff --git a/web/add/cron/autoupdate/index.php b/web/add/cron/autoupdate/index.php
@@ -5,7 +5,7 @@
 // Check token
 verify_csrf($_GET);
 
-if ($_SESSION["user"] == "admin") {
+if ($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") {
 	exec(HESTIA_CMD . "v-add-cron-hestia-autoupdate", $output, $return_var);
 	unset($output);
 }
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
@@ -167,11 +167,11 @@
 						$v_domain .
 						" " .
 						$v_smtp_relay_host .
-						" '" .
+						" " .
 						$v_smtp_relay_user .
-						"' '" .
+						" " .
 						$v_smtp_relay_pass .
-						"' " .
+						" " .
 						$v_smtp_relay_port,
 					$output,
 					$return_var,
diff --git a/web/delete/cron/autoupdate/index.php b/web/delete/cron/autoupdate/index.php
@@ -6,7 +6,7 @@
 // Check token
 verify_csrf($_GET);
 
-if ($_SESSION["userContext"] === "admin") {
+if ($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") {
 	exec(HESTIA_CMD . "v-delete-cron-hestia-autoupdate", $output, $return_var);
 	unset($output);
 }
diff --git a/web/edit/server/index.php b/web/edit/server/index.php
@@ -1460,44 +1460,49 @@
 
 	// Change POLICY_SYSTEM_PROTECTED_ADMIN
 	if (empty($_SESSION["error_msg"])) {
-		if (
-			$_POST["v_policy_system_protected_admin"] != $_SESSION["POLICY_SYSTEM_PROTECTED_ADMIN"]
-		) {
-			exec(
-				HESTIA_CMD .
-					"v-change-sys-config-value POLICY_SYSTEM_PROTECTED_ADMIN " .
-					quoteshellarg($_POST["v_policy_system_protected_admin"]),
-				$output,
-				$return_var,
-			);
-			check_return_code($return_var, $output);
-			unset($output);
-			if (empty($_SESSION["error_msg"])) {
-				$v_policy_system_protected_admin = $_POST["v_policy_system_protected_admin"];
+		if (!empty($_POST["v_policy_system_protected_admin"])) {
+			if (
+				$_POST["v_policy_system_protected_admin"] !=
+				$_SESSION["POLICY_SYSTEM_PROTECTED_ADMIN"]
+			) {
+				exec(
+					HESTIA_CMD .
+						"v-change-sys-config-value POLICY_SYSTEM_PROTECTED_ADMIN " .
+						quoteshellarg($_POST["v_policy_system_protected_admin"]),
+					$output,
+					$return_var,
+				);
+				check_return_code($return_var, $output);
+				unset($output);
+				if (empty($_SESSION["error_msg"])) {
+					$v_policy_system_protected_admin = $_POST["v_policy_system_protected_admin"];
+				}
+				$v_security_adv = "yes";
 			}
-			$v_security_adv = "yes";
 		}
 	}
 
 	// Change POLICY_USER_VIEW_SUSPENDED
 	if (empty($_SESSION["error_msg"])) {
-		if (
-			$_POST["v_policy_user_view_suspended"] != $_SESSION["POLICY_USER_VIEW_SUSPENDED"] &&
-			!empty($_SESSION["POLICY_USER_VIEW_SUSPENDED"])
-		) {
-			exec(
-				HESTIA_CMD .
-					"v-change-sys-config-value POLICY_USER_VIEW_SUSPENDED " .
-					quoteshellarg($_POST["v_policy_user_view_suspended"]),
-				$output,
-				$return_var,
-			);
-			check_return_code($return_var, $output);
-			unset($output);
-			if (empty($_SESSION["error_msg"])) {
-				$v_policy_system_hide_admin = $_POST["v_policy_user_view_suspended"];
+		if (!empty($_POST["v_policy_user_view_suspended"])) {
+			if (
+				$_POST["v_policy_user_view_suspended"] != $_SESSION["POLICY_USER_VIEW_SUSPENDED"] &&
+				!empty($_SESSION["POLICY_USER_VIEW_SUSPENDED"])
+			) {
+				exec(
+					HESTIA_CMD .
+						"v-change-sys-config-value POLICY_USER_VIEW_SUSPENDED " .
+						quoteshellarg($_POST["v_policy_user_view_suspended"]),
+					$output,
+					$return_var,
+				);
+				check_return_code($return_var, $output);
+				unset($output);
+				if (empty($_SESSION["error_msg"])) {
+					$v_policy_user_view_suspended = $_POST["v_policy_user_view_suspended"];
+				}
+				$v_security_adv = "yes";
 			}
-			$v_security_adv = "yes";
 		}
 	}
 
@@ -1533,39 +1538,45 @@
 
 	// Change POLICY_SYSTEM_HIDE_ADMIN
 	if (empty($_SESSION["error_msg"])) {
-		if ($_POST["v_policy_system_hide_admin"] != $_SESSION["POLICY_SYSTEM_HIDE_ADMIN"]) {
-			exec(
-				HESTIA_CMD .
-					"v-change-sys-config-value POLICY_SYSTEM_HIDE_ADMIN " .
-					quoteshellarg($_POST["v_policy_system_hide_admin"]),
-				$output,
-				$return_var,
-			);
-			check_return_code($return_var, $output);
-			unset($output);
-			if (empty($_SESSION["error_msg"])) {
-				$v_policy_system_hide_admin = $_POST["v_policy_system_hide_admin"];
+		if (!empty($_POST["v_policy_system_hide_admin"])) {
+			if ($_POST["v_policy_system_hide_admin"] != $_SESSION["POLICY_SYSTEM_HIDE_ADMIN"]) {
+				exec(
+					HESTIA_CMD .
+						"v-change-sys-config-value POLICY_SYSTEM_HIDE_ADMIN " .
+						quoteshellarg($_POST["v_policy_system_hide_admin"]),
+					$output,
+					$return_var,
+				);
+				check_return_code($return_var, $output);
+				unset($output);
+				if (empty($_SESSION["error_msg"])) {
+					$v_policy_system_hide_admin = $_POST["v_policy_system_hide_admin"];
+				}
+				$v_security_adv = "yes";
 			}
-			$v_security_adv = "yes";
 		}
 	}
 
 	// Change POLICY_SYSTEM_HIDE_SERVICES
 	if (empty($_SESSION["error_msg"])) {
-		if ($_POST["v_policy_system_hide_services"] != $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"]) {
-			exec(
-				HESTIA_CMD .
-					"v-change-sys-config-value POLICY_SYSTEM_HIDE_SERVICES " .
-					quoteshellarg($_POST["v_policy_system_hide_services"]),
-				$output,
-				$return_var,
-			);
-			check_return_code($return_var, $output);
-			unset($output);
-			if (empty($_SESSION["error_msg"])) {
-				$v_policy_system_hide_services = $_POST["v_policy_system_hide_services"];
+		if (!empty($_POST["v_policy_system_hide_services"])) {
+			if (
+				$_POST["v_policy_system_hide_services"] != $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"]
+			) {
+				exec(
+					HESTIA_CMD .
+						"v-change-sys-config-value POLICY_SYSTEM_HIDE_SERVICES " .
+						quoteshellarg($_POST["v_policy_system_hide_services"]),
+					$output,
+					$return_var,
+				);
+				check_return_code($return_var, $output);
+				unset($output);
+				if (empty($_SESSION["error_msg"])) {
+					$v_policy_system_hide_services = $_POST["v_policy_system_hide_services"];
+				}
+				$v_security_adv = "yes";
 			}
-			$v_security_adv = "yes";
 		}
 	}
 	// Change POLICY_SYSTEM_HIDE_SERVICES
diff --git a/web/edit/server/whitelabel/index.php b/web/edit/server/whitelabel/index.php
@@ -78,33 +78,6 @@
 			$return_var,
 		);
 	}
-	if ($_SESSION["LOGO_LOGIN"] != $_POST["v_logo_login"]) {
-		exec(
-			HESTIA_CMD .
-				"v-change-sys-config-value LOGO_LOGIN " .
-				quoteshellarg($_POST["v_logo_login"]),
-			$output,
-			$return_var,
-		);
-	}
-	if ($_SESSION["LOGO_HEADER"] != $_POST["v_logo_header"]) {
-		exec(
-			HESTIA_CMD .
-				"v-change-sys-config-value LOGO_HEADER " .
-				quoteshellarg($_POST["v_logo_header"]),
-			$output,
-			$return_var,
-		);
-	}
-	if ($_SESSION["LOGO_FAVICON"] != $_POST["v_logo_favicon"]) {
-		exec(
-			HESTIA_CMD .
-				"v-change-sys-config-value LOGO_FAVICON " .
-				quoteshellarg($_POST["v_logo_favicon"]),
-			$output,
-			$return_var,
-		);
-	}
 }
 
 // Check system configuration
@@ -123,9 +96,6 @@
 $v_from_name = $_SESSION["FROM_NAME"];
 $v_from_email = $_SESSION["FROM_EMAIL"];
 $v_subject_email = $_SESSION["SUBJECT_EMAIL"];
-$v_logo_header = $_SESSION["LOGO_HEADER"];
-$v_logo_login = $_SESSION["LOGO_LOGIN"];
-$v_logo_favicon = $_SESSION["LOGO_FAVICON"];
 // Render page
 render_page($user, $TAB, "edit_whitelabel");
 
diff --git a/web/templates/includes/panel.php b/web/templates/includes/panel.php
@@ -210,7 +210,7 @@ class="top-bar-menu-link u-hide-tablet"
 						?>
 							<!-- Help / Documentation -->
 							<li class="top-bar-menu-item">
-								<a title="<?= _("Help") ?>" class="top-bar-menu-link" href="https://hestiacp.com/docs/server-administration/troubleshooting.html" target="_blank" rel="noopener">
+								<a title="<?= _("Help") ?>" class="top-bar-menu-link" href="https://hestiacp.com/docs/" target="_blank" rel="noopener">
 									<i class="fas fa-circle-question"></i>
 									<span class="top-bar-menu-link-label u-hide-desktop"><?= _("Help") ?></span>
 								</a>
diff --git a/web/templates/pages/debug_panel.php b/web/templates/pages/debug_panel.php
@@ -26,7 +26,7 @@ class="debug-panel-toggle"
 				if(is_string($val)){
 					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 				}else if(is_array($val)){
-					array_walk_recursive($lang, function (&$value) {
+					array_walk_recursive($val, function (&$value) {
 							$value = htmlentities($value);
 					});
 					echo "<span class=\"u-text-bold\">" . $key . "= </span> "  .var_dump($val). " ";
@@ -39,7 +39,7 @@ class="debug-panel-toggle"
 				if(is_string($val)){
 					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 				}else if(is_array($val)){
-					array_walk_recursive($lang, function (&$value) {
+					array_walk_recursive($val, function (&$value) {
 							$value = htmlentities($value);
 					});
 					echo "<span class=\"u-text-bold\">" . $key . "= </span> "  .var_dump($val). " ";
@@ -52,7 +52,7 @@ class="debug-panel-toggle"
 				if(is_string($val)){
 					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 				}else if(is_array($val)){
-					array_walk_recursive($lang, function (&$value) {
+					array_walk_recursive($val, function (&$value) {
 							$value = htmlentities($value);
 					});
 					echo "<span class=\"u-text-bold\">" . $key . "= </span> "  .var_dump($val). " ";
diff --git a/web/templates/pages/edit_web.php b/web/templates/pages/edit_web.php
@@ -411,7 +411,6 @@ class="form-link"
 								</label>
 								<input type="text" class="form-control js-ftp-user" <?= $ftp_user['is_new'] != 1 ? 'disabled="disabled"' : '' ?>
 								name="v_ftp_user[<?= $i ?>][v_ftp_user]" id="v_ftp_user[<?= $i ?>][v_ftp_user]" value="<?= htmlentities(trim($v_ftp_user, "'")) ?>">
-								<input type="hidden" name="v_record_id" value="<?= htmlentities(trim($v_record_id, "'")) ?>">
 								<small class="hint js-ftp-user-hint"></small>
 							</div>
 							<div class="u-pl30 u-mb10">

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`// Check token`
`6`	`6`	`verify_csrf($_GET);`
`7`	`7`
`8`		`-if ($_SESSION["user"] == "admin") {`
	`8`	`+if ($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") {`
`9`	`9`	`exec(HESTIA_CMD . "v-add-cron-hestia-autoupdate", $output, $return_var);`
`10`	`10`	`unset($output);`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`// Check token`
`7`	`7`	`verify_csrf($_GET);`
`8`	`8`
`9`		`-if ($_SESSION["userContext"] === "admin") {`
	`9`	`+if ($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") {`
`10`	`10`	`exec(HESTIA_CMD . "v-delete-cron-hestia-autoupdate", $output, $return_var);`
`11`	`11`	`unset($output);`
`12`	`12`	`}`