Merge branch '1.9.0-release'

CHANGELOG.md

@@ -6,73 +6,92 @@ All notable changes to this project will be documented in this file.
 
 ### Notes
 
-- To improve security we have deciced to allow users to rename the default admin user. And use a new user "hestia-web" to become the default user to run Hestia on.
-- Dropped support Debian 10 due to EOL
+- To improve security, we now allow users to rename the default `admin` user.
+- Hestia now runs under a new `hestia-web` user.
+- In initial versions of HestiaCP, we used Jailkit to enabled Jailed SSH. It had major disadvantages, so we have decided it to replace it with [bubblewrap](https://github.com/containers/bubblewrap). Users running Jailed SSH in the past are advised to run the migration script! It can be found in `/usr/local/hestia/upgrade/manual/migrate_jailkit_to_bubblewrap.sh`. See [#4698](https://github.com/hestiacp/hestiacp/pull/4698)
+- We are aware that cgroups are currently not working as they should be. They work fine if you login with SSH as the user, but they don't work for PHP-FPM yet.
+- Dropped support for Debian 10 due to EOL.
+
+### Security
+
+- Fix issue where CIRD was not propperly validated CVE-XXXX-XXX-XXX
+- Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin users. CVE-XXXX-XXX-XXX
+- Solve security issues where restart flag accepted unvalidated values. CVE-XXXX-XXX-XXX
 
 ### Features
 
-- Added support for PHP 8.4
+- Add support for PHP 8.4
 - Add support for Ubuntu 24.04 Noble release (#4411 #4451)
-- Add support for Jailed SSH (#4052 #4245) @rjd222
+- Add support for Jailed SSH (#4052 #4245, #4698 #4687)
 - Implement CLI for Quick Install Apps (#4443)
-- Add support for Directadmin / Cpanel imports ( #4177 #4415 #4426 #4252 #4241)
-- Add support for Increamental Backups via Restic
-- Add support for Triggers in v-add-mail-domain / v-add-delete-mail-domain #4416 (See Docs)
+- Add support for DirectAdmin & cPanel imports (#4177 #4415 #4426 #4252 #4241)
+- Add support for Incremental Backups via Restic
+- Add support for Triggers in `v-add-mail-domain` / `v-add-delete-mail-domain` #4416 (See Docs)
 - Add new Quick Install Apps (#4433, #4509, #4327)
 - Add support for Limit CPU and RAM for Each User Using cgroup (#4372 #4325)
 - Add Web terminal (#3859)
 - Improve email account sidebar layout (#4154)
-- Allow Chmod in Filegator #4548
+- Allow chmod in FileGator #4548
 
 ### Bug fixes
 
-- Allow filegator to be translated (#4382 #4275)
+- Allow FileGator to be translated (#4382 #4275)
 - Fix bug caused by new release robthree/twofactorauth (#4410)
-- Create .wp-cli folder on create new user (#4403)
+- Create `.wp-cli` folder on create new user (#4403)
 - Fix SMTP Relay routing issue (#4389)
 - Fix Roundcube permissions (#4387)
-- Fix v-add-dns-record when adding TLSA records (#4376)
-- Fix handling of Snappymail (#4349)
-- Added creation of dovecot.log and permission setup to dovecot installation step (#4352)
-- Fix to the Localpart Mail validator so it can accept aliases starting and ending with (#4351)
-- Apache2: Enable mod_headers by default. (#4350)
+- Fix `v-add-dns-record` when adding TLSA records (#4376)
+- Fix handling of SnappyMail (#4349)
+- Added creation of `dovecot.log` and permission setup to the dovecot installation step (#4352)
+- Fix to the Localpart Mail validator so it can accept aliases starting and ending with `-` (#4351)
+- Apache2: Enable `mod_headers` by default. (#4350)
 - Update MediaWiki to 1.41.1 (#4344)
 - Add support for compressing via GZ or ZSTD (#4300 #4322)
 - Simplify spinner styles (#4319)
 - Animate deletion of notifications (#4316)
-- Update v-run-cli-cmd (#4310)
+- Update `v-run-cli-cmd` (#4310)
 - Show database server port in notification email (#4301)
-- Fixes permissions issue related with Issue #4248 (#4268)
-- remove PHP code, and fix installer warning (#4279)
+- Fix permissions issue related with Issue #4248 (#4268)
+- Remove PHP code, and fix installer warning (#4279)
 - Prevent \* from expanding in command (#4085)
 - Drop v-generate-debug-report (#4266)
 - Fix missing dot file backups
-- vsftpd use_localtime No #4261
-- Fix broken mysql v8 install on Debian (#4259)
+- Disable `use_localtime` for vsftpd (#4261)
+- Fix broken MySQL v8 install on Debian (#4259)
 - Use standard y/N format in installer to indicate default (#4251)
 - Fix broken HTML on login/reset pages (#4247)
-- Checks for usernames starting with a alphabetic character. (#4195 #4181)
+- Add checks for usernames starting with an alphabetic character. (#4195 #4181)
 - Correct formatting of user dir (#4098)
-- Add mjs as a file to serve statically (#4240)
+- Add `.mjs` as a file to serve statically (#4240)
 - Display system time on cron pages (#4236)
 - Patch Dokuwiki installer for issue #3889 (#4229)
-- Corrected path to ssl certs (#4202)
+- Corrected path to SSL certs (#4202)
 - Add value to input type text (#4193)
 - Correctly get the session cookie for web terminal (#3969)
 - Fix Bug with 403 errors Letsencrypt (#4622)
-- Update phpmyadmin.inc to improve loading static files
+- Update `phpmyadmin.inc` to improve loading static files
 - Fix issues with mapping ipv4 to ipv6 setups when server is behind proxies with login (#4606)
-- Fix issue with v-change-sys-ip-nat with VSFTPD and systems behind NAT (#4591)
+- Fix issue with `v-change-sys-ip-nat` with VSFTPD and systems behind NAT (#4591)
 - Fix issues with IDN domains and Apache2 and PHP (#4583)
-- Improve Owncloud templates (#4572)
-- Improve security Quick Install Apps (#457 #4569 #4568 #4567 #4566 #4565 #4564 #4563)
-- Add hestia-mail to hestia-users group and create hestia-users group on new install #4540 #4531
+- Improve OwnCloud templates (#4572)
+- Improve security for Quick Install Apps (#457 #4569 #4568 #4567 #4566 #4565 #4564 #4563)
+- Add `hestia-mail` to `hestia-users` group and create `hestia-users` group on new install #4540 #4531
+- Fix translations MariaDB / PHPMyadmin (#4725)
+- Remove some left overs from the old admin user (#4721)
+- Disallow `` ` `` character in cronjobs to avoid errors in cron list #4708
+- Drop Maxmind `high-risk-ip-sample-list` (#4692)
+- Hardening of installer security and improving usability (#4690)
+- White label for file manager (#4681) @MaxiZamorano
+- Fixed with cronjob `v-add-letsencrypt-domain` created new cronjob under "admin" user that didn't have sudo permissions
+- Customization of the file manager with interface improvements (#4678) @MaxiZamorano
+- Fix: Proftpd FTP Usage is showing incorrect information (#4672)
+- Add template for using webasyst with nginx+php-fpm (#4660)
 
-### Depencies
+### Dependencies
 
-- Update hestia-nginx to 1.27.0
-- Update hestia-php to 8.3.9
-- Update Roundcube, Filegator, Snappy mail to the latest version
+- Update hestia-nginx to 1.27.3
+- Update hestia-php to 8.3.16
+- Update Roundcube, FileGator and SnappyMail to the latest version
 - Update Quick Installer apps to latest version (#4594)
 
 ## [1.8.12] - Service release
@@ -114,7 +133,7 @@ All notable changes to this project will be documented in this file.
 
 ### Security
 
-- Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin or other users [CVE-xxxx-xxxxx](https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0/)
+- Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin or other users [CVE-2023-5839](https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0/)
 - Reduce Nginx keepalive_requests to 1000 ([Nginx default](https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/#http2_max_concurrent_streams)) to limit risks of [CVE-2023-44487](https://www.cve.org/CVERecord?id=CVE-2023-44487)
 
 ### Bug fixes

bin/v-add-dns-domain

@@ -55,6 +55,7 @@ is_format_valid 'user' 'domain' 'ip'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
+is_format_valid 'restart'
 
 if [ "$($BIN/v-list-dns-domain $user $domain_utf plain | cut -f 1) " != "$domain" ]; then
 	is_domain_new 'dns' "$domain_utf"

bin/v-add-dns-on-web-alias

@@ -35,6 +35,7 @@ is_format_valid 'user' 'alias' 'ip' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
+
 if [ -e "$USER_DATA/dns/$alias.conf" ]; then
 	exit
 fi

bin/v-add-dns-record

@@ -105,9 +105,7 @@ is_object_new "dns/$domain" 'ID' "$id"
 is_dns_fqnd "$rtype" "$dvalue"
 is_dns_nameserver_valid "$domain" "$rtype" "$dvalue"
 is_format_valid 'ttl'
-if [ -n "$restart" ]; then
-	is_format_valid 'restart'
-fi
+is_format_valid 'restart'
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode

bin/v-add-firewall-ban

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add firewall blocking rule
-# options: IP CHAIN
+# options: IPV4_CIDR CHAIN
 #
 # example: v-add-firewall-ban 37.120.129.20 MAIL
 #
@@ -11,7 +11,7 @@
 #----------------------------------------------------------#
 
 # Argument definition
-ip=$1
+ipv4_cidr=$1
 chain=$(echo $2 | tr '[:lower:]' '[:upper:]')
 
 # Defining absolute path for iptables and modprobe
@@ -31,8 +31,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'IP CHAIN'
-is_format_valid 'ip' 'chain'
+check_args '2' "$#" 'IPV4_CIDR CHAIN'
+is_format_valid 'ipv4_cidr' 'chain'
 is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 
 # Perform verification if read-only mode is enabled
@@ -46,20 +46,20 @@ check_hestia_demo_mode
 heal_iptables_links
 
 # Checking server ip
-if [ -e "$HESTIA/data/ips/$ip" ] || [ "$ip" = '127.0.0.1' ]; then
+if [ -e "$HESTIA/data/ips/$ipv4_cidr" ] || [ "$ipv4_cidr" = '127.0.0.1' ]; then
 	exit
 fi
 
 # Checking ip exclusions
 excludes="$HESTIA/data/firewall/excludes.conf"
-check_excludes=$(grep "^$ip$" $excludes 2> /dev/null)
+check_excludes=$(grep "^$ipv4_cidr$" $excludes 2> /dev/null)
 if [ -n "$check_excludes" ]; then
 	exit
 fi
 
 # Checking ip in banlist
 conf="$HESTIA/data/firewall/banlist.conf"
-check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2> /dev/null)
+check_ip=$(grep "IP='$ipv4_cidr' CHAIN='$chain'" $conf 2> /dev/null)
 if [ -n "$check_ip" ]; then
 	exit
 fi
@@ -73,8 +73,8 @@ time=$(echo "$time_n_date" | cut -f 1 -d \ )
 date=$(echo "$time_n_date" | cut -f 2 -d \ )
 
 # Adding ip to banlist
-echo "IP='$ip' CHAIN='$chain' TIME='$time' DATE='$date'" >> $conf
-$iptables -I fail2ban-$chain 1 -s $ip \
+echo "IP='$ipv4_cidr' CHAIN='$chain' TIME='$time' DATE='$date'" >> $conf
+$iptables -I fail2ban-$chain 1 -s $ipv4_cidr \
 	-j REJECT --reject-with icmp-port-unreachable 2> /dev/null
 
 # Changing permissions
@@ -85,7 +85,7 @@ chmod 660 $conf
 #----------------------------------------------------------#
 
 # Logging
-$BIN/v-log-action "system" "Warning" "Firewall" "Banned IP address $ip."
+$BIN/v-log-action "system" "Warning" "Firewall" "Banned IP address $ipv4_cidr."
 log_event "$OK" "$ARGUMENTS"
 
 exit

bin/v-add-firewall-rule

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add firewall rule
-# options: ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]
+# options: ACTION IPV4_CIDR PORT [PROTOCOL] [COMMENT] [RULE]
 #
 # example: v-add-firewall-rule DROP 185.137.111.77 25
 #
@@ -12,7 +12,7 @@
 
 # Argument definition
 action=$(echo $1 | tr '[:lower:]' '[:upper:]')
-ip=$2
+ipv4_cidr=$2
 port_ext=$3
 protocol=${4-TCP}
 protocol=$(echo $protocol | tr '[:lower:]' '[:upper:]')
@@ -47,7 +47,7 @@ sort_fw_rules() {
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '3' "$#" 'ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]'
+check_args '3' "$#" 'ACTION IPV4_CIDR PORT [PROTOCOL] [COMMENT] [RULE]'
 is_format_valid 'action' 'protocol' 'port_ext'
 is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 get_next_fw_rule
@@ -56,12 +56,12 @@ is_object_new '../../../data/firewall/rules' 'RULE' "$rule"
 if [ -n "$comment" ]; then
 	is_format_valid 'comment'
 fi
-if [[ "$ip" =~ ^ipset: ]]; then
-	ipset_name="${ip#ipset:}"
+if [[ "$ipv4_cidr" =~ ^ipset: ]]; then
+	ipset_name="${ipv4_cidr#ipset:}"
 	$BIN/v-list-firewall-ipset plain | grep "^$ipset_name\s" > /dev/null
 	check_result $? 'ipset object not found' "$E_NOTEXIST"
 else
-	is_format_valid 'ip'
+	is_format_valid 'ipv4_cidr'
 fi
 
 # Perform verification if read-only mode is enabled
@@ -78,7 +78,7 @@ date=$(echo "$time_n_date" | cut -f 2 -d \ )
 
 # Concatenating rule
 str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
-str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
+str="$str IP='$ipv4_cidr' COMMENT='$comment' SUSPENDED='no'"
 str="$str TIME='$time' DATE='$date'"
 
 # Adding to config

bin/v-add-mail-domain-ssl

@@ -51,13 +51,18 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]'
-is_format_valid 'user' 'domain' 'ssl_dir'
+is_format_valid 'user' 'domain' 'ssl_dir' 'restart'
+format_no_quotes "$ssl_dir"
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
 is_object_unsuspended 'mail' 'DOMAIN' "$domain"
 is_object_value_empty 'mail' 'DOMAIN' "$domain" '$SSL'
+if [ -n "$restart" ]; then
+	is_restart_valid 'restart' "$restart"
+fi
+
 is_web_domain_cert_valid
 
 # Perform verification if read-only mode is enabled

bin/v-add-sys-ssh-jail

@@ -1,8 +1,8 @@
 #!/bin/bash
 # info: add system ssh jail
-# options: [RESTART]
+# options: NONE
 #
-# example: v-add-sys-ssh-jail yes
+# example: v-add-sys-ssh-jail
 #
 # This function enables ssh jailed environment.
 

bin/v-add-web-domain

@@ -50,7 +50,7 @@ domain_utf=$(idn2 --quiet -d "$domain_idn")
 
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 check_args '2' "$#" 'USER DOMAIN [IP] [RESTART] [ALIASES] [PROXY_EXTENSIONS]'
-is_format_valid 'user' 'domain' 'aliases' 'ip' 'proxy_ext'
+is_format_valid 'user' 'domain' 'aliases' 'ip' 'proxy_ext' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS'

bin/v-add-web-domain-alias

@@ -45,7 +45,7 @@ if [ -z "$aliases" ]; then
 fi
 
 check_args '3' "$#" 'USER DOMAIN ALIASES [RESTART]'
-is_format_valid 'user' 'domain' 'aliases'
+is_format_valid 'user' 'domain' 'aliases' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-add-web-domain-backend

@@ -33,7 +33,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [TEMPLATE] [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_BACKEND" 'WEB_BACKEND'
 is_object_valid 'user' 'USER' "$user"
 is_backend_template_valid "$template"

bin/v-add-web-domain-httpauth

@@ -40,7 +40,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-add-web-domain-proxy

@@ -37,7 +37,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [TEMPLATE] [EXTENTIONS] [RESTART]'
-is_format_valid 'user' 'domain' 'extentions'
+is_format_valid 'user' 'domain' 'extentions' 'restart'
 is_system_enabled "$PROXY_SYSTEM" 'PROXY_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-add-web-domain-redirect

@@ -35,7 +35,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN REDIRECT [HTTP-CODE] [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_number_format_valid "$code" "code"
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-add-web-domain-ssl

@@ -49,7 +49,8 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]'
-is_format_valid 'user' 'domain' 'ssl_dir'
+is_format_valid 'user' 'domain' 'ssl_dir' 'restart'
+format_no_quotes "$ssl_dir"
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
@@ -57,6 +58,9 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 is_object_value_empty 'web' 'DOMAIN' "$domain" '$SSL'
+if [ -n "$restart" ]; then
+	is_restart_valid 'restart' "$restart"
+fi
 is_web_domain_cert_valid
 
 #----------------------------------------------------------#

bin/v-add-web-domain-ssl-force

@@ -28,8 +28,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-add-web-domain-ssl-hsts

@@ -26,8 +26,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-add-web-domain-stats-user

@@ -33,7 +33,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '4' "$#" 'USER DOMAIN STATS_USER STATS_PASS [RESTART]'
-is_format_valid 'user' 'domain' 'stats_user'
+is_format_valid 'user' 'domain' 'stats_user' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-add-web-php

@@ -35,7 +35,7 @@ fi
 php_fpm="/etc/init.d/php$version-fpm"
 
 # Verify php version format
-if [[ ! $version =~ ^[0-9]\.[0-9]+ ]]; then
+if [[ ! $version =~ ^[0-9]+\.[0-9]+ ]]; then
 	echo "The specified PHP version format is invalid, it should look like [0-9].[0-9]."
 	echo "Example: 7.0, 7.4, 8.0"
 	exit "$E_INVALID"

bin/v-change-dns-domain-ip

@@ -39,7 +39,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN IP [RESTART]'
-is_format_valid 'user' 'domain' 'ip'
+is_format_valid 'user' 'domain' 'ip' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-dns-domain-soa

@@ -40,7 +40,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SOA [RESTART]'
-is_format_valid 'user' 'domain' 'soa'
+is_format_valid 'user' 'domain' 'soa' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-dns-domain-tpl

@@ -40,7 +40,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN TEMPLATE [RESTART]'
-is_format_valid 'user' 'domain' 'template'
+is_format_valid 'user' 'domain' 'template' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-dns-domain-ttl

@@ -39,7 +39,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN TTL [RESTART]'
-is_format_valid 'user' 'domain' 'ttl'
+is_format_valid 'user' 'domain' 'ttl' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-dns-record

@@ -44,7 +44,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '6' "$#" 'USER DOMAIN ID RECORD TYPE VALUE [PRIORITY] [RESTART] [TTL]'
-is_format_valid 'user' 'domain' 'id' 'record'
+is_format_valid 'user' 'domain' 'id' 'record' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-dns-record-id

@@ -40,7 +40,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '4' "$#" 'USER DOMAIN ID NEWID [RESTART]'
-is_format_valid 'user' 'domain' 'id' 'newid'
+is_format_valid 'user' 'domain' 'id' 'newid' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-firewall-rule

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: change firewall rule
-# options: RULE ACTION IP PORT [PROTOCOL] [COMMENT]
+# options: RULE ACTION IPV4_CIDR PORT [PROTOCOL] [COMMENT]
 #
 # example: v-change-firewall-rule 3 ACCEPT 5.188.123.17 443
 #
@@ -14,7 +14,7 @@
 # Argument definition
 rule=$1
 action=$(echo $2 | tr '[:lower:]' '[:upper:]')
-ip=$3
+ipv4_cidr=$3
 port_ext=$4
 protocol=${5-TCP}
 protocol=$(echo $protocol | tr '[:lower:]' '[:upper:]')
@@ -40,7 +40,7 @@ sort_fw_rules() {
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '4' "$#" 'RULE ACTION IP PORT [PROTOCOL] [COMMENT]'
+check_args '4' "$#" 'RULE ACTION IPV4_CIDR PORT [PROTOCOL] [COMMENT]'
 is_format_valid 'rule' 'action' 'protocol' 'port_ext'
 if [ ! -z "$comment" ]; then
 	is_format_valid 'comment'
@@ -48,12 +48,12 @@ fi
 is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 is_object_valid '../../../data/firewall/rules' 'RULE' "$rule"
 
-if [[ "$ip" =~ ^ipset: ]]; then
-	ipset_name="${ip#ipset:}"
+if [[ "$ipv4_cidr" =~ ^ipset: ]]; then
+	ipset_name="${ipv4_cidr#ipset:}"
 	$BIN/v-list-firewall-ipset plain | grep "^$ipset_name\s" > /dev/null
 	check_result $? 'ipset object not found' "$E_NOTEXIST"
 else
-	is_format_valid 'ip'
+	is_format_valid 'ipv4_cidr'
 fi
 
 # Perform verification if read-only mode is enabled
@@ -70,7 +70,7 @@ date=$(echo "$time_n_date" | cut -f 2 -d \ )
 
 # Concatenating firewall rule
 str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
-str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
+str="$str IP='$ipv4_cidr' COMMENT='$comment' SUSPENDED='no'"
 str="$str TIME='$time' DATE='$date'"
 
 # Deleting old rule

bin/v-change-mail-domain-sslcert

@@ -35,13 +35,14 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]'
-is_format_valid 'user' 'domain' 'ssl_dir'
+is_format_valid 'user' 'domain' 'ssl_dir' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain_idn"
 is_object_unsuspended 'mail' 'DOMAIN' "$domain_idn"
 is_object_value_exist 'mail' 'DOMAIN' "$domain_idn" '$SSL'
+
 is_web_domain_cert_valid
 
 # Perform verification if read-only mode is enabled

bin/v-change-sys-hestia-ssl

@@ -30,7 +30,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'SSL_DIR [RESTART]'
-is_format_valid 'ssl_dir'
+is_format_valid 'ssl_dir restart'
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode

bin/v-change-sys-ip-nat

@@ -33,6 +33,7 @@ check_args '2' "$#" 'IP NAT_IP [RESTART]'
 is_format_valid 'ip'
 is_format_valid 'nat_ip'
 is_ip_valid "$ip"
+is_restart_valid "$restart"
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode

bin/v-change-sys-webmail

@@ -27,6 +27,10 @@ NEW_ALIAS=$1
 
 restart=${2-yes}
 
+check_args '1' "$#" 'ALIAS [RESTART]'
+is_common_format_valid "$NEW_ALIAS" "Alias"
+is_restart_valid "$restart"
+
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 

bin/v-change-web-domain-backend-tpl

@@ -38,7 +38,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN TEMPLATE [RESTART]'
-is_format_valid 'user' 'domain' 'template'
+is_format_valid 'user' 'domain' 'template' 'restart'
 is_system_enabled "$WEB_BACKEND" 'WEB_BACKEND'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-web-domain-httpauth

@@ -34,7 +34,7 @@ htpasswd="$HOMEDIR/$user/conf/web/$domain/htpasswd"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]'
+check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"

bin/v-change-web-domain-ip

@@ -39,7 +39,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN IP [RESTART]'
-is_format_valid 'user' 'domain' 'ip'
+is_format_valid 'user' 'domain' 'ip' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-web-domain-name

@@ -39,7 +39,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN NEW_DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_domain_format_valid "$new_domain"
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"

bin/v-change-web-domain-proxy-tpl

@@ -42,7 +42,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN TEMPLATE [EXTENTIONS] [RESTART]'
-is_format_valid 'user' 'domain' 'template'
+is_format_valid 'user' 'domain' 'template' 'extentions' 'restart'
 is_system_enabled "$PROXY_SYSTEM" 'PROXY_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-web-domain-sslcert

@@ -45,6 +45,9 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+if [ -n "$restart" ]; then
+	is_restart_valid 'restart' "$restart"
+fi
 is_web_domain_cert_valid
 
 # Perform verification if read-only mode is enabled

bin/v-change-web-domain-sslhome

@@ -38,7 +38,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SSL_HOME [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-change-web-domain-tpl

@@ -40,7 +40,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN TEMPLATE [RESTART]'
-is_format_valid 'user' 'domain' 'template'
+is_format_valid 'user' 'domain' 'template' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

bin/v-delete-cron-job

@@ -28,7 +28,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER JOB [RESTART]'
-is_format_valid 'user' 'job'
+is_format_valid 'user' 'job' 'restart'
 is_system_enabled "$CRON_SYSTEM" 'CRON_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'cron' 'JOB' "$job"

bin/v-delete-dns-domain

@@ -33,8 +33,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 format_domain
 format_domain_idn
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"

bin/v-delete-dns-domains

@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-delete-dns-domains-src

@@ -28,7 +28,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER SRC [RESTART]'
-is_format_valid 'user' 'src'
+is_format_valid 'user' 'src' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-delete-dns-record

@@ -40,7 +40,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN ID [RESTART]'
-is_format_valid 'user' 'domain' 'id'
+is_format_valid 'user' 'domain' 'id' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"
 is_object_valid "dns/$domain" 'ID' "$id"

bin/v-delete-domain

@@ -27,8 +27,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 
 # Perform verification if read-only mode is enabled

bin/v-delete-fastcgi-cache

@@ -28,8 +28,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_valid 'web' 'DOMAIN' "$domain" "$FASTCGI_CACHE"

bin/v-delete-firewall-ban

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: delete firewall blocking rule
-# options: IP CHAIN
+# options: IPV4_CIDR CHAIN
 #
 # example: v-delete-firewall-ban 198.11.130.250 MAIL
 #
@@ -11,7 +11,7 @@
 #----------------------------------------------------------#
 
 # Argument definition
-ip=$1
+ipv4_cidr=$1
 chain=$(echo $2 | tr '[:lower:]' '[:upper:]')
 
 # Defining absolute path for iptables and modprobe
@@ -31,8 +31,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'IP CHAIN'
-is_format_valid 'ip' 'chain'
+check_args '2' "$#" 'IPV4_CIDR CHAIN'
+is_format_valid 'ipv4_cidr' 'chain'
 is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 
 # Perform verification if read-only mode is enabled
@@ -47,30 +47,30 @@ heal_iptables_links
 
 conf="$HESTIA/data/firewall/banlist.conf"
 if [ "$chain" == "ALL" ]; then
-	check_ip=$(grep "IP='$ip' CHAIN='*'" $conf)
+	check_ip=$(grep "IP='$ipv4_cidr' CHAIN='*'" $conf)
 	if [ -z "$check_ip" ]; then
 		exit
 	fi
-	grep "IP='$ip' CHAIN='*'" $conf | while read -r line; do
+	grep "IP='$ipv4_cidr' CHAIN='*'" $conf | while read -r line; do
 		parse_object_kv_list $line
 
 		# Deleting ip from banlist
 		sip=$(echo "$IP" | sed "s|/|\\\/|g")
 		sed -i "/IP='$sip' CHAIN='$CHAIN'/d" $conf
-		b=$($iptables -L fail2ban-$CHAIN --line-number -n | grep -w $ip | awk '{print $1}')
+		b=$($iptables -L fail2ban-$CHAIN --line-number -n | grep -w $ipv4_cidr | awk '{print $1}')
 		$iptables -D fail2ban-$CHAIN $b 2> /dev/null
 	done
 else
 	# Checking ip in banlist
-	check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2> /dev/null)
+	check_ip=$(grep "IP='$ipv4_cidr' CHAIN='$chain'" $conf 2> /dev/null)
 	if [ -z "$check_ip" ]; then
 		exit
 	fi
 
 	# Deleting ip from banlist
-	sip=$(echo "$ip" | sed "s|/|\\\/|g")
+	sip=$(echo "$ipv4_cidr" | sed "s|/|\\\/|g")
 	sed -i "/IP='$sip' CHAIN='$chain'/d" $conf
-	b=$($iptables -L fail2ban-$chain --line-number -n | grep -w $ip | awk '{print $1}')
+	b=$($iptables -L fail2ban-$chain --line-number -n | grep -w $ipv4_cidr | awk '{print $1}')
 	$iptables -D fail2ban-$chain $b 2> /dev/null
 fi
 
@@ -82,7 +82,7 @@ chmod 660 $conf
 #----------------------------------------------------------#
 
 # Logging
-$BIN/v-log-action "system" "Info" "Firewall" "Removed IP from ban list (IP: $ip, Service: $chain)."
+$BIN/v-log-action "system" "Info" "Firewall" "Removed IP from ban list (IP: $ipv4_cidr, Service: $chain)."
 log_event "$OK" "$ARGUMENTS"
 
 exit

bin/v-delete-letsencrypt-domain

@@ -31,7 +31,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART] [MAIL]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"

bin/v-delete-mail-domain-ssl

@@ -34,7 +34,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"

bin/v-delete-mail-domain-webmail

@@ -36,7 +36,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'

bin/v-delete-sys-cgroup → bin/v-delete-sys-cgroups

@@ -1,10 +1,10 @@
 #!/bin/bash
-# info: delete all cgroup
+# info: delete all cgroups
 # options: NONE
 #
-# example: v-delete-sys-cgroup
+# example: v-delete-sys-cgroups
 #
-# This function disables cgroup
+# This function disables cgroups
 
 #----------------------------------------------------------#
 #                Variables & Functions                     #

bin/v-delete-user

@@ -34,7 +34,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_object_valid 'user' 'USER' "$user"
 if [ "$user" = "$ROOT_USER" ]; then
 	exit

bin/v-delete-web-domain

@@ -41,7 +41,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-alias

@@ -34,7 +34,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN DOM_ALIAS [RESTART]'
-is_format_valid 'user' 'domain' 'dom_alias'
+is_format_valid 'user' 'domain' 'dom_alias' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-backend

@@ -36,7 +36,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-httpauth

@@ -31,7 +31,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN AUTH_USER [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-proxy

@@ -36,7 +36,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$PROXY_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-redirect

@@ -30,7 +30,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-ssl

@@ -36,7 +36,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domain-ssl-force

@@ -30,8 +30,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_valid 'web' 'DOMAIN' "$domain" "$SSL_FORCE"

bin/v-delete-web-domain-ssl-hsts

@@ -30,8 +30,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_valid 'web' 'DOMAIN' "$domain" "$SSL_FORCE"

bin/v-delete-web-domain-stats-user

@@ -33,7 +33,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-delete-web-domains

@@ -29,7 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-rebuild-all

@@ -36,7 +36,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_object_valid 'user' 'USER' "$user"
 check_user=$(is_object_unsuspended 'user' 'USER' "$user")
 if [ -n "$check_user" ]; then

bin/v-rebuild-cron-jobs

@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$CRON_SYSTEM" 'CRON_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-rebuild-mail-domain

@@ -42,7 +42,7 @@ fi
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
 is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"

bin/v-rebuild-users

@@ -29,6 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+is_format_valid 'restart'
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 

bin/v-restart-cron

@@ -29,6 +29,12 @@ send_email_report() {
 	rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-restart-dns

@@ -36,6 +36,12 @@ send_email_report() {
 	rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-restart-ftp

@@ -29,6 +29,12 @@ send_email_report() {
 	rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-restart-mail

@@ -28,6 +28,12 @@ send_email_report() {
 	[[ -f "$tmpfile" ]] && rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-restart-proxy

@@ -38,6 +38,12 @@ send_email_report() {
 	rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-restart-system

@@ -27,6 +27,10 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'RESTART [DELAY]'
+is_format_valid 'restart'
+if [ -n "$delay" ]; then
+	is_format_valid "$delay" 'delay'
+fi
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode

bin/v-restart-web

@@ -41,6 +41,12 @@ send_email_report() {
 	rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-restart-web-backend

@@ -30,6 +30,19 @@ send_email_report() {
 	[[ -f "$tmpfile" ]] && rm -f $tmpfile
 }
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
+if [ -z "$version" ]; then
+	if [[ ! $version =~ ^[0-9]+\.[0-9]+ ]]; then
+		echo "The specified PHP version format is invalid, it should look like [0-9].[0-9]."
+		echo "Example: 7.0, 7.4, 8.0"
+		exit "$E_INVALID"
+	fi
+fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-suspend-cron-job

@@ -28,7 +28,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER JOB [RESTART]'
-is_format_valid 'user' 'job'
+is_format_valid 'user' 'job' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'cron' 'JOB' "$job"
 is_object_unsuspended 'cron' 'JOB' "$job"

bin/v-suspend-cron-jobs

@@ -26,8 +26,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '1' "$#" 'USER'
-is_format_valid 'user'
+check_args '1' "$#" 'USER [RESTART]'
+is_format_valid 'user' 'restart'
 is_object_valid 'user' 'USER' "$user"
 
 # Perform verification if read-only mode is enabled

bin/v-suspend-dns-domain

@@ -34,7 +34,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"

bin/v-suspend-dns-domains

@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-suspend-dns-record

@@ -37,7 +37,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN ID [RESTART]'
-is_format_valid 'user' 'domain' 'id'
+is_format_valid 'user' 'domain' 'id' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"

bin/v-suspend-domain

@@ -27,8 +27,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 

bin/v-suspend-user

@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 if [ "$user" = "$ROOT_USER" ]; then

bin/v-suspend-web-domain

@@ -40,7 +40,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-suspend-web-domains

@@ -29,7 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-unsuspend-cron-jobs

@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_object_valid 'user' 'USER' "$user"
 
 # Perform verification if read-only mode is enabled

bin/v-unsuspend-dns-domains

@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-unsuspend-dns-record

@@ -40,7 +40,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN ID [RESTART]'
-is_format_valid 'user' 'domain' 'id'
+is_format_valid 'user' 'domain' 'id' 'restart'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"

bin/v-unsuspend-domain

@@ -27,8 +27,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 
 # Perform verification if read-only mode is enabled

bin/v-unsuspend-mail-domain

@@ -35,8 +35,8 @@ format_domain_idn
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"

bin/v-unsuspend-user

@@ -26,8 +26,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '1' "$#" 'USER'
-is_format_valid 'user'
+check_args '1' "$#" 'USER [RESTART]'
+is_format_valid 'user' 'restart'
 is_object_valid 'user' 'USER' "$user"
 if [ "$user" = "$ROOT_USER" ]; then
 	exit

bin/v-unsuspend-web-domain

@@ -38,7 +38,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

bin/v-unsuspend-web-domains

@@ -29,7 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [RESTART]'
-is_format_valid 'user'
+is_format_valid 'user' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 

bin/v-update-dns-templates

@@ -24,6 +24,12 @@ source_conf "$HESTIA/conf/hestia.conf"
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'restart'
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-update-mail-domain-ssl

@@ -42,13 +42,14 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]'
-is_format_valid 'user' 'domain' 'ssl_dir'
+is_format_valid 'user' 'domain' 'ssl_dir' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
 is_object_unsuspended 'mail' 'DOMAIN' "$domain"
 is_object_value_exist 'mail' 'DOMAIN' "$domain" '$SSL'
+
 is_web_domain_cert_valid
 
 #----------------------------------------------------------#

bin/v-update-mail-templates

@@ -26,6 +26,9 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                       Action                             #
 #----------------------------------------------------------#
 
+check_args '1' "$#" '[RESTART]' '[SKIP]'
+is_format_valid 'restart'
+
 # Update templates
 cp -rf $HESTIA_INSTALL_DIR/templates/mail $HESTIA/data/templates/
 

bin/v-update-web-domain-ssl

@@ -42,7 +42,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]'
-is_format_valid 'user' 'domain' 'ssl_dir'
+is_format_valid 'user' 'domain' 'ssl_dir' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"

bin/v-update-web-templates

@@ -26,6 +26,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                       Action                             #
 #----------------------------------------------------------#
 
+is_format_valid 'restart'
+
 # Check if /install/upgrade/manual/install_awstats_geoip.sh has been applied
 awstats_patch=$(cat $HESTIA/data/templates/web/awstats/awstats.tpl | grep "LoadPlugin=\"geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat\"")
 

func/main.sh

@@ -791,117 +791,51 @@ is_alias_format_valid() {
 
 # IP format validator
 is_ip_format_valid() {
-	object_name=${2-ip}
-	ip_regex='([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'
-	ip_clean=$(echo "${1%/*}")
-	if ! [[ $ip_clean =~ ^$ip_regex\.$ip_regex\.$ip_regex\.$ip_regex$ ]]; then
-		check_result "$E_INVALID" "invalid $object_name format :: $1"
-	fi
-	if [ $1 != "$ip_clean" ]; then
-		ip_cidr="$ip_clean/"
-		ip_cidr=$(echo "${1#$ip_cidr}")
-		if [[ "$ip_cidr" -gt 32 ]] || [[ "$ip_cidr" =~ [:alnum:] ]]; then
-			check_result "$E_INVALID" "invalid $object_name format :: $1"
-		fi
-	fi
+    object_name=${2-ip}
+    valid=$($HESTIA_PHP -r '$ip="$argv[1]"; echo (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? 0 : 1);' $1);
+    if [ "$valid" -ne 0 ]; then
+        check_result "$E_INVALID" "invalid $object_name :: $1"
+    fi
 }
 
 # IPv6 format validator
 is_ipv6_format_valid() {
-	object_name=${2-ipv6}
-	ip_regex='([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'
-	t_ip=$(echo $1 | awk -F / '{print $1}')
-	t_cidr=$(echo $1 | awk -F / '{print $2}')
-	valid_cidr=1
-
-	WORD="[0-9A-Fa-f]\{1,4\}"
-	# flat address, no compressed words
-	FLAT="^${WORD}\(:${WORD}\)\{7\}$"
-
-	COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$"
-	COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$"
-	COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$"
-	COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$"
-	COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$"
-	COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$"
-	# trailing :: edge case, includes case of only :: (all 0's)
-	EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$"
-	# leading :: edge case
-	EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$"
-
-	echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)"
-	if [ $? -ne 0 ]; then
-		check_result "$E_INVALID" "invalid $object_name format :: $1"
-	fi
-
-	if [ -n "$(echo $1 | grep '/')" ]; then
-		if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then
-			valid_cidr=0
-		fi
-		if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
-			valid_cidr=0
-		fi
-	fi
-	if [ "$valid_cidr" -eq 0 ]; then
-		check_result "$E_INVALID" "invalid $object_name format :: $1"
-	fi
+    object_name=${2-ipv6}
+    valid=$($HESTIA_PHP -r '$ip="$argv[1]"; echo (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? 0 : 1);' $1);
+    if [ "$valid" -ne 0 ]; then
+        check_result "$E_INVALID" "invalid $object_name :: $1"
+    fi
 }
 
 is_ip46_format_valid() {
-	t_ip=$(echo $1 | awk -F / '{print $1}')
-	t_cidr=$(echo $1 | awk -F / '{print $2}')
-	valid_octets=0
-	valid_cidr=1
-	for octet in ${t_ip//./ }; do
-		if [[ $octet =~ ^[0-9]{1,3}$ ]] && [[ $octet -le 255 ]]; then
-			((++valid_octets))
-		fi
-	done
+    valid=$($HESTIA_PHP -r '$ip="$argv[1]"; echo (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6) ? 0 : 1);' $1);
+    if [ "$valid" -ne 0 ]; then
+        check_result "$E_INVALID" "invalid IP format :: $1"
+    fi
+}
 
-	if [ -n "$(echo $1 | grep '/')" ]; then
-		if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 32 ]]; then
-			valid_cidr=0
-		fi
-		if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
-			valid_cidr=0
-		fi
-	fi
-	if [ "$valid_octets" -lt 4 ] || [ "$valid_cidr" -eq 0 ]; then
-		#Check IPV6
-		ipv6_valid=""
-		WORD="[0-9A-Fa-f]\{1,4\}"
-		# flat address, no compressed words
-		FLAT="^${WORD}\(:${WORD}\)\{7\}$"
-
-		COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$"
-		COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$"
-		COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$"
-		COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$"
-		COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$"
-		COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$"
-		# trailing :: edge case, includes case of only :: (all 0's)
-		EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$"
-		# leading :: edge case
-		EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$"
-
-		echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)"
-		if [ $? -ne 0 ]; then
-			ipv6_valid="INVALID"
-		fi
+is_ipv4_cidr_format_valid() {
+    object_name=${2-ip}
+    valid=$($HESTIA_PHP -r '$cidr="$argv[1]"; list($ip, $netmask) = [...explode("/", $cidr), 32]; echo ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && $netmask <= 32) ? 0 : 1);' $1);
+    if [ "$valid" -ne 0 ]; then
+        check_result "$E_INVALID" "invalid $object_name :: $1"
+    fi
+}
 
-		if [ -n "$(echo $1 | grep '/')" ]; then
-			if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then
-				valid_cidr=0
-			fi
-			if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
-				valid_cidr=0
-			fi
-		fi
+is_ipv6_cidr_format_valid() {
+    object_name=${2-ipv6}
+    valid=$($HESTIA_PHP -r '$cidr="$argv[1]"; list($ip, $netmask) = [...explode("/", $cidr), 128]; echo ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && $netmask <= 128) ? 0 : 1);' $1);
+    if [ "$valid" -ne 0 ]; then
+        check_result "$E_INVALID" "invalid $object_name :: $1"
+    fi
+}
 
-		if [ -n "$ipv6_valid" ] || [ "$valid_cidr" -eq 0 ]; then
-			check_result "$E_INVALID" "invalid IP format :: $1"
-		fi
-	fi
+is_netmask_format_valid() {
+    object_name=${2-netmask}
+    valid=$($HESTIA_PHP -r '$netmask="$argv[1]"; echo (preg_match("/^(128|192|224|240|248|252|254|255)\.(0|128|192|224|240|248|252|254|255)\.(0|128|192|224|240|248|252|254|255)\.(0|128|192|224|240|248|252|254|255)/", $netmask) ? 0 : 1);' $1);
+    if [ "$valid" -ne 0 ]; then
+        check_result "$E_INVALID" "invalid $object_name :: $1"
+    fi
 }
 
 # Proxy extention format validator
@@ -1295,6 +1229,8 @@ is_format_valid() {
 				ip) is_ip_format_valid "$arg" ;;
 				ipv6) is_ipv6_format_valid "$arg" ;;
 				ip46) is_ip46_format_valid "$arg" ;;
+				ipv4_cidr) is_ipv4_cidr_format_valid "$arg" ;;
+				ipv6_cidr) is_ipv6_cidr_format_valid "$arg" ;;
 				ip_name) is_domain_format_valid "$arg" 'IP name' ;;
 				ip_status) is_ip_status_format_valid "$arg" ;;
 				job) is_int_format_valid "$arg" 'job' ;;
@@ -1305,7 +1241,7 @@ is_format_valid() {
 				month) is_cron_format_valid "$arg" $arg_name ;;
 				name) is_name_format_valid "$arg" "name" ;;
 				nat_ip) is_ip_format_valid "$arg" ;;
-				netmask) is_ip_format_valid "$arg" 'netmask' ;;
+				netmask) is_netmask_format_valid "$arg" 'netmask' ;;
 				newid) is_int_format_valid "$arg" 'id' ;;
 				ns1) is_domain_format_valid "$arg" 'ns1' ;;
 				ns2) is_domain_format_valid "$arg" 'ns2' ;;
@@ -1534,8 +1470,10 @@ format_aliases() {
 }
 
 is_restart_format_valid() {
-	if [ "$1" != 'yes' ] && [ "$1" != 'no' ] && [ "$1" != 'ssl' ] && [ "$1" != 'reload' ] && [ "$1" != 'updatessl' ]; then
-		check_result "$E_INVALID" "invalid $2 format :: $1"
+	if [ -n "$1" ]; then
+		if [ "$1" != 'yes' ] && [ "$1" != 'no' ] && [ "$1" != 'ssl' ] && [ "$1" != 'reload' ] && [ "$1" != 'updatessl' ] && [ "$1" != "scheduled" ]; then
+			check_result "$E_INVALID" "invalid $2 format :: $1"
+		fi
 	fi
 }
 

func/upgrade.sh

@@ -624,7 +624,9 @@ upgrade_phpmyadmin() {
 				chown root:hestiamail /var/lib/phpmyadmin/blowfish_secret.inc.php
 				chmod 0640 /var/lib/phpmyadmin/blowfish_secret.inc.php
 			fi
-			chown root:hestiamail /usr/share/phpmyadmin/tmp
+			chown hestiamail:hestiamail /usr/share/phpmyadmin/tmp
+			chown -R root:hestiamail /etc/phpmyadmin/
+
 			chmod 0770 /usr/share/phpmyadmin/tmp
 		else
 			# Display upgrade information
@@ -649,7 +651,7 @@ upgrade_phpmyadmin() {
 			# Create temporary folder and change permissions
 			if [ ! -d /usr/share/phpmyadmin/tmp ]; then
 				mkdir /usr/share/phpmyadmin/tmp
-				chown root:hestiamail /usr/share/phpmyadmin/tmp
+				chown hestiamail:hestiamail /usr/share/phpmyadmin/tmp
 				chmod 0770 /usr/share/phpmyadmin/tmp
 
 			fi
@@ -659,6 +661,9 @@ upgrade_phpmyadmin() {
 				chmod 0640 /var/lib/phpmyadmin/blowfish_secret.inc.php
 			fi
 
+			# Make sure to give it the correct permissions
+			chown -R root:hestiamail /etc/phpmyadmin/
+
 			# Clean up source files
 			rm -fr phpMyAdmin-$pma_v-all-languages
 			rm -f phpMyAdmin-$pma_v-all-languages.tar.gz

install/deb/apache2/hestia-event.conf

@@ -1,5 +1,5 @@
 <IfModule mpm_event_module>
     <FilesMatch \.php$>
-        SetHandler "proxy:fcgi://127.0.0.1:9000"
+         SetHandler "proxy:unix:/run/php/www.sock|fcgi://localhost"
     </FilesMatch>
 </IfModule>

install/deb/nginx/phpmyadmin.inc

@@ -16,12 +16,11 @@ location /%pma_alias% {
 		include       /etc/nginx/fastcgi_params;
 		fastcgi_index index.php;
 		fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
-		fastcgi_param SCRIPT_FILENAME $request_filename;
-		fastcgi_pass  127.0.0.1:9000;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_pass  unix:/run/php/www.sock;
 	}
 
-	# Serve static files like CSS and JS
-	location ~ ^/%pma_alias%/(.*\.(jpg|jpeg|gif|css|png|webp|js|ico|html|xml|txt))$ {
-		alias /usr/share/phpmyadmin/$1; # Corrected from root to alias
+	location /%pma_alias%/(.+\.(jpg|jpeg|gif|css|png|webp|js|ico|html|xml|txt))$ {
+		root /usr/share/phpmyadmin/;
 	}
 }