Merge branch 'fix/2021-03-domain-check' into main

bin/v-list-sys-config

@@ -68,7 +68,7 @@ json_list() {
         "LOGIN_STYLE": "'$LOGIN_STYLE'",
         "INACTIVE_SESSION_TIMEOUT": "'$INACTIVE_SESSION_TIMEOUT'",
         "PHPMYADMIN_KEY": "'$PHPMYADMIN_KEY'",
-        "ALLOW_USERS_SYSTEM": "'$ALLOW_USERS_SYSTEM'"
+        "ENFORCE_SUBDOMAIN_OWNERSHIP": "'$ENFORCE_SUBDOMAIN_OWNERSHIP'"
     }
     }'
 }

func/domain.sh

@@ -916,12 +916,12 @@ is_base_domain_owner(){
         if [ "$object" != "none" ]; then
             get_base_domain $object
             web=$(grep -F -H -h "DOMAIN='$basedomain'" $HESTIA/data/users/*/web.conf);
-            if [ $ALLOW_USERS_SYSTEM = "no" ]; then
+            if [ $ENFORCE_SUBDOMAIN_OWNERSHIP = "no" ]; then
                 if [ ! -z "$web" ]; then
                     parse_object_kv_list "$web"
                     if [ -z "$ALLOW_USERS" ] ||  [ "$ALLOW_USERS" != "yes" ]; then
-                    # Don't care if $basedomain all ready exists only if the owner is of the base domain is the current user
-                    is_domain_new "" $basedomain
+                        # Don't care if $basedomain all ready exists only if the owner is of the base domain is the current user
+                        is_domain_new "" $basedomain
                     fi
                 else
                     is_domain_new "" $basedomain

func/upgrade.sh

@@ -145,9 +145,9 @@ upgrade_health_check() {
     fi
 
     # Inactive session timeout
-    if [ -z "$ALLOW_USERS_SYSTEM" ]; then
-        echo "[ ! ] Adding missing variable to hestia.conf: ALLOW_USERS_SYSTEM ('yes')"
-        $BIN/v-change-sys-config-value "ALLOW_USERS_SYSTEM" "yes"
+    if [ -z "$ENFORCE_SUBDOMAIN_OWNERSHIP" ]; then
+        echo "[ ! ] Adding missing variable to hestia.conf: ENFORCE_SUBDOMAIN_OWNERSHIP ('yes')"
+        $BIN/v-change-sys-config-value "ENFORCE_SUBDOMAIN_OWNERSHIP" "yes"
     fi    
     
     echo "[ * ] Health check complete. Starting upgrade from $VERSION to $new_version..."

install/hst-install-debian.sh

@@ -1095,7 +1095,7 @@ echo "LOGIN_STYLE='default'" >> $HESTIA/conf/hestia.conf
 echo "INACTIVE_SESSION_TIMEOUT='60'" >> $HESTIA/conf/hestia.conf
 
 # Allow users to always create domains even the are not the owner of the main domain
-echo "ALLOW_USERS_SYSTEM='no'" >> $HESTIA/conf/hestia.conf
+echo "ENFORCE_SUBDOMAIN_OWNERSHIP='yes'" >> $HESTIA/conf/hestia.conf
 
 # Version & Release Branch
 echo "VERSION='${HESTIA_INSTALL_VER}'" >> $HESTIA/conf/hestia.conf

install/hst-install-ubuntu.sh

@@ -1128,7 +1128,7 @@ echo "LOGIN_STYLE='default'" >> $HESTIA/conf/hestia.conf
 echo "INACTIVE_SESSION_TIMEOUT='60'" >> $HESTIA/conf/hestia.conf
 
 # Allow users to always create domains even the are not the owner of the main domain
-echo "ALLOW_USERS_SYSTEM='no'" >> $HESTIA/conf/hestia.conf
+echo "ENFORCE_SUBDOMAIN_OWNERSHIP='yes'" >> $HESTIA/conf/hestia.conf
 
 # Version & Release Branch
 echo "VERSION='${HESTIA_INSTALL_VER}'" >> $HESTIA/conf/hestia.conf

install/upgrade/versions/1.4.0.sh

@@ -10,22 +10,23 @@
 if [ -e "/etc/nginx/nginx.conf" ]; then
     check=$(cat /etc/nginx/nginx.conf | grep 'fastcgi_cache_path');
     if [ -z "$check" ]; then 
-        echo "[ * ] Updating Nginx to support fast cgi cache..."
+        echo "[ * ] Enabling Nginx FastCGI cache support..."
         sed  -i 's/# Cache bypass/# FastCGI Cache settings\n    fastcgi_cache_path \/var\/cache\/nginx\/php-fpm levels=2\n    keys_zone=fcgi_cache:10m inactive=60m max_size=1024m;\n    fastcgi_cache_key \"$host$request_uri $cookie_user\";\n    fastcgi_temp_path  \/var\/cache\/nginx\/temp;\n    fastcgi_ignore_headers Expires Cache-Control;\n    fastcgi_cache_use_stale error timeout invalid_header;\n    fastcgi_cache_valid any 1d;\n\n    # Cache bypass/g' /etc/nginx/nginx.conf
     fi
 fi
 
-echo '[ * ] Set Role "Admin" to Administrator'
+echo '[ * ] Updating System Administrator account permissions...'
 $HESTIA/bin/v-change-user-role admin admin
 
 # Upgrading Mail System
 if [ "$MAIL_SYSTEM" == "exim4" ]; then
     if ! grep -q "send_via_smtp_relay" /etc/exim4/exim4.conf.template; then
 
-        echo '[ * ] Installing smtp relay feature'
+        echo '[ * ] Enabling SMTP relay support...'
         if grep -q "driver = plaintext" /etc/exim4/exim4.conf.template; then
             disable_smtp_relay=true
-            echo '[ ! ] SMTP Relay install requires manual intervention:'
+            echo '[ ! ] ERROR: Manual intervention required to enable SMTP Relay:'
+            echo ''
             echo '      Exim only supports one plaintext authenticator.'
             echo '      If you want to use the Hestia smtp relay feature,'
             echo '      please review the /etc/exim4/exim4.conf.template'
@@ -80,5 +81,6 @@ fi
 
 # Fix PostgreSQL repo
 if [ -f /etc/apt/sources.list.d/postgresql.list ]; then
+    echo "[*] Updating PostgreSQL repository..."
     sed -i 's|deb https://apt.postgresql.org/pub/repos/apt/|deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/|g' /etc/apt/sources.list.d/postgresql.list
 fi

web/edit/server/index.php

@@ -671,13 +671,13 @@ if (!empty($_POST['save'])) {
         }
     }
     
-    // Change ALLOW_USERS_SERVER
+    // Change ENFORCE_SUBDOMAIN_OWNERSHIP
     if (empty($_SESSION['error_msg'])) {
-        if ($_POST['v_allow_users_system'] != $_SESSION['v_allow_users_system']) {
-            exec (HESTIA_CMD."v-change-sys-config-value ALLOW_USERS_SYSTEM ".escapeshellarg($_POST['v_allow_users_system']), $output, $return_var);
+        if ($_POST['v_enforce_subdomain_ownership'] != $_SESSION['v_enforce_subdomain_ownership']) {
+            exec (HESTIA_CMD."v-change-sys-config-value ENFORCE_SUBDOMAIN_OWNERSHIP ".escapeshellarg($_POST['v_enforce_subdomain_ownership']), $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
-            if (empty($_SESSION['error_msg'])) $v_allow_users_system = $_POST['v_allow_users_system'];
+            if (empty($_SESSION['error_msg'])) $v_enforce_subdomain_ownership = $_POST['v_enforce_subdomain_ownership'];
             $v_security_adv = 'yes';
         }
     }

web/templates/admin/edit_server.html

@@ -993,14 +993,14 @@
                                         </tr>
                                         <tr>
                                             <td class="vst-text input-label">
-                                                <?php print _('Disable check domain owner');?>
+                                                <?php print _('Enforce subdomain ownership');?>
                                             </td>
                                         </tr>
                                         <tr>
                                             <td>
-                                                <select class="vst-list" name="v_allow_users_system">
+                                                <select class="vst-list" name="v_enforce_subdomain_ownership">
                                                     <option value='yes'><?php print _('yes'); ?></option>
-                                                    <option value='no' <?php if($_SESSION['ALLOW_USERS_SYSTEM'] == 'no') echo 'selected' ?> ><?php print _('no'); ?></option>
+                                                    <option value='no' <?php if($_SESSION['ENFORCE_SUBDOMAIN_OWNERSHIP'] == 'no') echo 'selected' ?> ><?php print _('no'); ?></option>
                                                 </select>
                                                 <br><br>
                                             </td>