Merge branch 'main' into feature/ui-themes_vestia

Author: Kristan Kenney

CHANGELOG.md

@@ -43,6 +43,14 @@ All notable changes to this project will be documented in this file.
 - Fixed xss vulnerability in v-add-sys-ip and user history log (thanks **@numanturle**)
 - Fixed remote execution possibility when deleting ssh key (thanks **@numanturle**)
 
+## [1.3.4] - Service Release
+### Features
+- No new features have been introduced in this release.
+
+### Bugfixes
+- Fixed xss vulnerability in v-add-sys-ip and user history log (thanks **@numanturle**)
+- Fixed remote execution possibility when deleting ssh key (thanks **@numanturle**)
+
 ## [1.3.3] - Service Release
 ### Bugfixes
 - Improved if web folder already exists and do not follow symlink on chmod (thanks @0xGsch and @kikoas1995).

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.3.3 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.3.4 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>

bin/v-add-mail-domain

@@ -154,7 +154,7 @@ fi
 # Add webmail configuration to mail domain
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
     if [ ! -z "$IMAP_SYSTEM" ]; then
-        $BIN/v-add-sys-webmail $user $domain '' '' ''
+        $BIN/v-add-sys-webmail $user $domain '' 'no'
     fi
 fi
 

bin/v-add-sys-filemanager

@@ -19,8 +19,8 @@ MODE=$1
 user="admin"
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
-FM_FILE="filegator_v${FM_V}.zip"
-FM_URL="https://github.com/filegator/filegator/releases/download/v${FM_V}/${FM_FILE}"
+FM_FILE="filegator_v${fm_v}.zip"
+FM_URL="https://github.com/filegator/filegator/releases/download/v${fm_v}/${FM_FILE}"
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
 
 

bin/v-add-sys-ip

@@ -42,7 +42,7 @@ source $HESTIA/conf/hestia.conf
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'IP NETMASK [INTERFACE] [USER] [STATUS] [NAME] [NATED_IP] [HELO]'
-is_format_valid 'ip' 'netmask' 'interface' 'user' 'ip_status'
+is_format_valid 'ip' 'netmask' 'iface' 'user' 'ip_status'
 is_ip_free
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-add-sys-webmail

@@ -1,12 +1,13 @@
 #!/bin/bash
 # info: add webmail support for a domain
-# options: USER DOMAIN WEBMAIL [RESTART] [QUIET]
+# options: USER DOMAIN [WEBMAIL] [RESTART] [QUIET]
 # labels: hestia
 #
 # example: v-add-sys-webmail user domain.com
+# example: v-add-sys-webmail user domain.com rainloop
+# example: v-add-sys-webmail user domain.com roundcube
 #
-# this function adds support for webmail services
-# to a mail domain.
+# this function enables webmail client for a mail domain.
 
 #----------------------------------------------------------#
 #                    Variable&Function                     #
@@ -51,7 +52,7 @@ if [ -z "$webmail" ]; then
     done
 fi
 
-check_args '3' "$#" 'USER DOMAIN WEBMAIL [RESTART]'
+check_args '2' "$#" 'USER DOMAIN [WEBMAIL] [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'
@@ -94,10 +95,10 @@ else
 
         if [ "$dns_domain" = "$domain" ]; then
             if [ -z "$webmail_record" ]; then
-                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip '' '' $restart
             else
-                $BIN/v-delete-dns-record $user $domain $webmail_record
-                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+                $BIN/v-delete-dns-record $user $domain $webmail_record $restart
+                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip '' '' $restart
             fi
         fi
     fi

bin/v-add-web-domain-ssl-force

@@ -85,11 +85,11 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' 'yes'
 
 # Restart web server
-$BIN/v-restart-web
+$BIN/v-restart-web $restart
 check_result $? "Web restart failed" > /dev/null
 
 # Restart proxy
-$BIN/v-restart-proxy
+$BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" > /dev/null
 
 # Logging

bin/v-add-web-domain-ssl-hsts

@@ -71,11 +71,11 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HSTS' 'yes'
 
 # Restart web server
-$BIN/v-restart-web
+$BIN/v-restart-web $restart
 check_result $? "Web restart failed" > /dev/null
 
 # Restart proxy
-$BIN/v-restart-proxy
+$BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" > /dev/null
 
 # Logging

bin/v-change-dns-domain-tpl

@@ -123,7 +123,7 @@ if [ "$template" = "office365" ]; then
     if [ "$?" -eq 0 ]; then
         record='@'
         formatted_domain=$(echo "$domain" | sed 's/\./-/g')
-        $BIN/v-add-dns-record $user $domain $record MX "${formatted_domain}.mail.protection.outlook.com." '0'
+        $BIN/v-add-dns-record $user $domain $record MX "${formatted_domain}.mail.protection.outlook.com." '0' '' $restart
     fi
 fi
 

bin/v-change-sys-api

@@ -0,0 +1,57 @@
+#!/bin/bash
+# info: Enable / Disable API access 
+# options: STATUS 
+# labels: hestia
+#
+# example: v-change-sys-api enable
+#          # Enable API
+#
+# example: v-change-sys-api disable
+#          # Disable API
+#
+# Enabled / Disable API
+
+
+status=$1
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+check_args '1' "$#" "STATUS"
+is_type_valid "enable,disable" "$status"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ "$status" = "enable" ]; then
+    if [ $API = "no" ]; then
+        if [ ! -f "$HESTIA/web/api/index.php" ]; then
+            wget -q https://raw.githubusercontent.com/hestiacp/hestiacp/release/web/api/index.php -O $HESTIA/web/api/index.php
+        else
+            sed -i 's|die("Error: Disabled");|//die("Error: Disabled");|g' $HESTIA/web/api/index.php
+        fi
+        $HESTIA/bin/v-change-sys-config-value "API" "yes"
+    fi
+else
+    if [ $API = "yes" ]; then
+        $HESTIA/bin/v-change-sys-config-value "API" "no"
+        $HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
+        sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Logging                            #
+#----------------------------------------------------------#
+
+log_history "API status has been changed to $status" '' 'admin'
+log_event "$OK" "$ARGUMENTS"