Skip to content

Commit bbe3bc5

Browse files
jaapmarcusjaapmarcus
authored
hestiacp#1922 Fix of multiple small bugs introduced in 1.4.3 and before (hestiacp#1931)
* PHP error in list log and list log auth * Replace with ngettetxt to fix issue with code * Add error code v-delete-web-php * Fix issue with Server IP address messing up login PMA * Refresh hestia-sso if needed * Add missing "back" buttons Also Back points to /login/?logout to force clearing out cookies set during login attempts. * Show correct ip when behind a nat * Use localip instead of ip
1 parent 2dc8097 commit bbe3bc5

File tree

14 files changed

+56
-37
lines changed

14 files changed

+56
-37
lines changed

bin/v-delete-web-php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,10 +81,11 @@ done
8181
# Do a blank echo to get the \n back
8282
echo
8383

84-
# Check if installation was sucessfully
84+
# Check if installation was successfully
8585
if [ -f "$php_fpm" ]; then
8686
echo "ERROR: Uninstallation failed, please run the following command manually for debugging:"
8787
echo "apt-get purge $mph"
88+
exit 1;
8889
fi
8990

9091
# Cleanup php folder

install/deb/phpmyadmin/hestia-sso.php

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -74,35 +74,39 @@ function delete_temp_user ($database, $user, $dbuser, $host){
7474

7575
function get_user_ip(){
7676
// Saving user IPs to the session for preventing session hijacking
77-
$user_combined_ip = $_SERVER['REMOTE_ADDR'];
77+
$user_combined_ip = array();
78+
if($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']){
79+
$user_combined_ip[] = $_SERVER['REMOTE_ADDR'];
80+
}
7881
if(isset($_SERVER['HTTP_CLIENT_IP'])){
7982
$user_combined_ip .= '|'. $_SERVER['HTTP_CLIENT_IP'];
8083
}
8184
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
8285
if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']){
83-
$user_combined_ip .= '|'. $_SERVER['HTTP_X_FORWARDED_FOR'];
86+
$user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED_FOR'];
8487
}
8588
}
8689
if(isset($_SERVER['HTTP_FORWARDED_FOR'])){
8790
if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']){
88-
$user_combined_ip .= '|'. $_SERVER['HTTP_FORWARDED_FOR'];
91+
$user_combined_ip[] = $_SERVER['HTTP_FORWARDED_FOR'];
8992
}
9093
}
9194
if(isset($_SERVER['HTTP_X_FORWARDED'])){
9295
if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']){
93-
$user_combined_ip .= '|'. $_SERVER['HTTP_X_FORWARDED'];
96+
$user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];
9497
}
95-
} if(isset($_SERVER['HTTP_FORWARDED'])){
98+
}
99+
if(isset($_SERVER['HTTP_FORWARDED'])){
96100
if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']){
97-
$user_combined_ip .= '|'. $_SERVER['HTTP_FORWARDED'];
101+
$user_combined_ip[] = '|'. $_SERVER['HTTP_FORWARDED'];
98102
}
99103
}
100104
if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
101105
if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
102-
$user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
106+
$user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];
103107
}
104108
}
105-
return $user_combined_ip;
109+
return implode($user_combined_ip,'|');
106110
}
107111
}
108112

install/hst-install-debian.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1756,8 +1756,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
17561756
fi
17571757

17581758
if [ "$exim" = 'yes' ]; then
1759-
# Set HELO for IP as it didn't set during v-change-sys-hostname
1760-
$HESTIA/bin/v-change-sys-ip-helo $ip $servername
1759+
# Set HELO for IP as it didn't set during v-change-sys-hostname
1760+
$HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
17611761
fi
17621762

17631763
# Configuring libapache2-mod-remoteip

install/hst-install-ubuntu.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1788,8 +1788,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
17881788
fi
17891789

17901790
if [ "$exim" = 'yes' ]; then
1791-
# Set HELO for IP as it didn't set during v-change-sys-hostname
1792-
$HESTIA/bin/v-change-sys-ip-helo $ip $servername
1791+
# Set HELO for IP as it didn't set during v-change-sys-hostname
1792+
$HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
17931793
fi
17941794

17951795
# Configuring libapache2-mod-remoteip

install/upgrade/versions/1.4.4.sh

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
#!/bin/bash
2+
3+
# Hestia Control Panel upgrade script for target version 1.4.4
4+
5+
#######################################################################################
6+
####### Place additional commands below. #######
7+
#######################################################################################
8+
9+
# Reset PMA SSO to fix bug with Nginx + Apache2
10+
if [ "$PHPMYADMIN_KEY" != "" ]; then
11+
echo "[ * ] Refressh hestia-sso for PMA..."
12+
$BIN/v-delete-sys-pma-sso
13+
$BIN/v-add-sys-pma-sso
14+
fi

web/inc/main.php

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -225,17 +225,15 @@ function humanize_time($usage) {
225225
if ( $usage > 60 ) {
226226
$usage = $usage / 60;
227227
if ( $usage > 24 ) {
228-
$usage = $usage / 24;
229-
$usage = number_format($usage);
230-
$usage .= ' ' . _('day' . ($usage != 1) ?: 's');
228+
$usage = $usage / 24;
229+
$usage = number_format($usage);
230+
return sprintf(ngettext('%d day', '%d days', $usage), $usage);
231231
} else {
232-
$usage = number_format($usage);
233-
$usage .= ' ' . _('hour' . ($usage != 1) ?: 's');
232+
return sprintf(ngettext('%d hour', '%d hours', $usage), $usage);
234233
}
235234
} else {
236-
$usage .= ' ' . _('minute' . ($usage != 1) ?: 's');
235+
return sprintf(ngettext('%d minute', '%d minutes', $usage), $usage);
237236
}
238-
return $usage;
239237
}
240238

241239
function humanize_usage_size($usage) {
@@ -269,7 +267,7 @@ function humanize_usage_measure($usage) {
269267
} else {
270268
$measure = 'mb';
271269
}
272-
return _($measure);
270+
return $measure;
273271
}
274272

275273
function get_percentage($used,$total) {

web/login/index.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,13 @@
66

77
$TAB = 'login';
88

9-
/*
10-
// Logout
9+
1110
if (isset($_GET['logout'])) {
12-
setcookie('limit2fa','',time() - 3600,"/");
11+
unset($_SESSION);
12+
session_unset();
1313
session_destroy();
14+
header('Location: /login/');
1415
}
15-
*/
1616

1717
/* ACTIONS FOR CURRENT USER SESSION */
1818
if (isset($_SESSION['user'])) {

web/templates/pages/list_log.html

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,14 +7,14 @@
77
<?php } else if (($_SESSION['userContext'] === 'admin') && (htmlentities($_GET['user']) === 'system')) { ?>
88
<a href="/list/server/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
99
<?php } else { ?>
10-
<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
10+
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
1111
<a href="/edit/user/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
1212
<?php } else { ?>
1313
<a href="/edit/user/?user=<?=$user;?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
1414
<?php } ?>
1515
<?php } ?>
1616
<?php if (($_SESSION['userContext'] === 'admin') && (htmlentities($_GET['user']) !== 'admin')) { ?>
17-
<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
17+
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && (htmlentities($_GET['user']) !== 'admin')) { ?>
1818
<?php if (htmlentities($_GET['user']) !== 'system') {?>
1919
<a href="/list/log/auth/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr" title="<?=_('Login history');?>"><i class="fas fa-binoculars status-icon green"></i><?=_('Login history');?></a>
2020
<?php } ?>
@@ -35,7 +35,7 @@
3535
<div class="actions-panel display-inline-block" key-action="js">
3636
<a class="data-controls do_delete ui-button danger cancel">
3737
<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete');?>
38-
<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user'])))) {?>
38+
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user']))) {?>
3939
<input type="hidden" name="delete_url" value="/delete/log/?user=<?=htmlentities($_GET['user']);?>&token=<?=$_SESSION['token']?>" />
4040
<?php } else { ?>
4141
<input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />

web/templates/pages/list_log_auth.html

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<div class="l-center">
33
<div class="l-sort clearfix noselect">
44
<div class="l-unit-toolbar__buttonstrip">
5-
<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
5+
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && (htmlentities($_GET['user']) !== 'admin')) { ?>
66
<a href="/list/log/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
77
<?php } else { ?>
88
<a href="/list/log/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
@@ -17,7 +17,7 @@
1717
<div class="actions-panel display-inline-block" key-action="js">
1818
<a class="data-controls do_delete ui-button danger cancel">
1919
<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete');?>
20-
<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user'])))) {?>
20+
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user']))) {?>
2121
<input type="hidden" name="delete_url" value="/delete/log/auth/?user=<?=htmlentities($_GET['user']);?>&token=<?=$_SESSION['token']?>" />
2222
<?php } else { ?>
2323
<input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />

web/templates/pages/list_mail_dns.html

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>A</b></div>
3939
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>0</b></div>
4040
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
41-
<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=array_key_first($ips);?>" /></b></div>
41+
<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=(empty($ips[array_key_first($ips)]['NAT'])) ? array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>" /></b></div>
4242
</div>
4343
</div>
4444
<div class="l-unit animated fadeIn">
@@ -57,7 +57,7 @@
5757
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>A</b></div>
5858
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>&nbsp;</b></div>
5959
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
60-
<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=array_key_first($ips);?>" /></b></div>
60+
<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=(empty($ips[array_key_first($ips)]['NAT'])) ? array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>" /></b></div>
6161
</div>
6262
</div>
6363
<?php } ?>
@@ -67,7 +67,8 @@
6767
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>TXT</b></div>
6868
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>&nbsp;</b></div>
6969
<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
70-
<div class="clearfix l-unit__stat-col--left wide-3 "><b><input type="text" class="vst-input" value="<?=htmlspecialchars('v=spf1 a mx ip4:'.array_key_first($ips).'; -all');?>" /></b></div>
70+
<?php $ip = (empty($ips[array_key_first($ips)]['NAT'])) ? array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>
71+
<div class="clearfix l-unit__stat-col--left wide-3 "><b><input type="text" class="vst-input" value="<?=htmlspecialchars('v=spf1 a mx ip4:'.$ip.'; -all');?>" /></b></div>
7172
</div>
7273
</div>
7374
<div class="l-unit animated fadeIn">

0 commit comments

Comments
 (0)