صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
yosoyhendrix
/
hestiacp
mirrorاز https://github.com/hestiacp/hestiacp
1
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
فهرست منبع

Fix issue with Global SMTP settings not updating (#3730)

* Allow edit smtp global settings on password change

+ Patch XSS

* Fix issue with exim config todo prepare patch for existing instals

* Fix existing broken installs

* Update versions depencies Roundcube / Snappymail

* Fix issue with Debug panel

* Fix error

* Fix issue with password reset module
Jaap Marcus 2 سال پیش
والد
34b781fb22
کامیت
5a9ab8785f
8فایلهای تغییر یافته به همراه60 افزوده شده و 29 حذف شده
نمای یکپارچه نمایش آمار تفاوت ها
  1. 0 1
      .yarnrc.yml
  2. 1 1
      install/deb/exim/exim4.conf.4.95.template
  3. 2 2
      install/upgrade/upgrade.conf
  4. 13 11
      install/upgrade/versions/1.8.0.sh
  5. 3 3
      web/edit/mail/index.php
  6. 2 1
      web/edit/server/index.php
  7. 7 6
      web/reset/index.php
  8. 32 4
      web/templates/pages/debug_panel.php

+ 0 - 1
.yarnrc.yml
مشاهده فایل 

@@ -1 +0,0 @@
 
-nodeLinker: node-modules

+ 1 - 1
install/deb/exim/exim4.conf.4.95.template
مشاهده فایل 

@@ -15,7 +15,7 @@ add_environment = <; PATH=/bin:/usr/bin
 
 keep_environment =
 
 keep_environment =
 
 disable_ipv6 = true
 
 disable_ipv6 = true
 
 
 
-SRS_SECRET = readfile{/etc/exim4/srs.conf}
 
+SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
 
 
 
 smtputf8_advertise_hosts =
 
 smtputf8_advertise_hosts =
 
 domainlist local_domains = dsearch;/etc/exim4/domains/
 
 domainlist local_domains = dsearch;/etc/exim4/domains/

+ 2 - 2
install/upgrade/upgrade.conf
مشاهده فایل 

@@ -50,10 +50,10 @@ pga_v='7.14.4'
 
 
 
 # Set version of RoundCube (Webmail) to update during upgrade if not already installed
 
 # Set version of RoundCube (Webmail) to update during upgrade if not already installed
 
 # Note: only applies to "non-apt installs >= 1.4.0 or manually phased out"
 
 # Note: only applies to "non-apt installs >= 1.4.0 or manually phased out"
 
-rc_v='1.6.1'
 
+rc_v='1.6.2'
 
 
 
 # Set version of SnappyMail (Webmail) to update during upgrade if not already installed
 
 # Set version of SnappyMail (Webmail) to update during upgrade if not already installed
 
-sm_v='2.27.3'
 
+sm_v='2.28.3'
 
 
 
 # Update the File Manager or it's configuration file
 
 # Update the File Manager or it's configuration file
 
 # Check if Filegator requires an update based on current version and setting below
 
 # Check if Filegator requires an update based on current version and setting below

+ 13 - 11
install/upgrade/versions/1.8.0.sh
مشاهده فایل 

@@ -248,16 +248,18 @@ elif [ "$PROXY_SYSTEM" = "nginx" ]; then
 
 	done < <(ls "$HESTIA"/data/ips/ 2> /dev/null)
 
 	done < <(ls "$HESTIA"/data/ips/ 2> /dev/null)
 
 fi
 
 fi
 
 
 
-exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
 
-# if Exim version > 4.95 or greater!
 
-if version_ge "$exim_version" "4.95"; then
 
-	if ! grep -q 'SRS_SECRET' /etc/exim4/exim4.conf.template; then
 
-		srs=$(generate_password)
 
-		echo $srs > /etc/exim4/srs.conf
 
-		chmod 640 /etc/exim4/srs.conf
 
-		echo "[ * ] Update exim4.conf.template ..."
 
-		patch /etc/exim4/exim4.conf.template $HESTIA/install/upgrade/patch/3661-exim-srs-support.patch
 
+if [ "$MAIL_SYSTEM" = "exim4" ]; then
 
+	exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
 
+	# if Exim version > 4.95 or greater!
 
+	if version_ge "$exim_version" "4.95"; then
 
+		if ! grep -q 'SRS_SECRET' /etc/exim4/exim4.conf.template; then
 
+			srs=$(generate_password)
 
+			echo $srs > /etc/exim4/srs.conf
 
+			chmod 640 /etc/exim4/srs.conf
 
+			echo "[ * ] Update exim4.conf.template ..."
 
+			patch /etc/exim4/exim4.conf.template $HESTIA/install/upgrade/patch/3661-exim-srs-support.patch
 
+		else
 
+			sed -i "s/SRS_SECRET = readfile{\/etc\/exim4\/srs.conf}/SRS_SECRET = \${readfile{\/etc\/exim4\/srs.conf}}/g" /etc/exim4/exim4.conf.template
 
+		fi
 
 	fi
 
 	fi
 
-else
 
-	echo $exim_version
 
 fi
 
 fi

+ 3 - 3
web/edit/mail/index.php
مشاهده فایل 

@@ -701,11 +701,11 @@ if (!empty($_POST["save"]) && !empty($_GET["domain"]) && empty($_GET["account"])
 
 						quoteshellarg($v_domain) .
 
 						quoteshellarg($v_domain) .
 
 						" " .
 
 						" " .
 
 						$v_smtp_relay_host .
 
 						$v_smtp_relay_host .
 
-						" '" .
 
+						" " .
 
 						$v_smtp_relay_user .
 
 						$v_smtp_relay_user .
 
-						"' '" .
 
+						" " .
 
 						$v_smtp_relay_pass .
 
 						$v_smtp_relay_pass .
 
-						"' " .
 
+						" " .
 
 						$v_smtp_relay_port,
 
 						$v_smtp_relay_port,
 
 					$output,
 
 					$output,
 
 					$return_var,
 
 					$return_var,

+ 2 - 1
web/edit/server/index.php
مشاهده فایل 

@@ -613,7 +613,8 @@ if (!empty($_POST["save"])) {
 
 			if (
 
 			if (
 
 				$_POST["v_smtp_relay_host"] != $v_smtp_relay_host ||
 
 				$_POST["v_smtp_relay_host"] != $v_smtp_relay_host ||
 
 				$_POST["v_smtp_relay_user"] != $v_smtp_relay_user ||
 
 				$_POST["v_smtp_relay_user"] != $v_smtp_relay_user ||
 
-				$_POST["v_smtp_relay_port"] != $v_smtp_relay_port
 
+				$_POST["v_smtp_relay_port"] != $v_smtp_relay_port ||
 
+				!empty($_POST["v_smtp_relay_pass"])
 
 			) {
 
 			) {
 
 				$v_smtp_relay = true;
 
 				$v_smtp_relay = true;
 
 				$v_smtp_relay_host = quoteshellarg($_POST["v_smtp_relay_host"]);
 
 				$v_smtp_relay_host = quoteshellarg($_POST["v_smtp_relay_host"]);

+ 7 - 6
web/reset/index.php
مشاهده فایل 

@@ -101,11 +101,13 @@ if (!empty($_POST["user"]) && empty($_POST["code"])) {
 
 							$_SERVER["HTTP_HOST"],
 
 							$_SERVER["HTTP_HOST"],
 
 						);
 
 						);
 
 						if ($port_is_defined) {
 
 						if ($port_is_defined) {
 
-							$port = preg_replace(
 
-								"/(\[?[^]]*\]?):([0-9]{1,5})$/",
 
-								"$2",
 
-								$_SERVER["HTTP_HOST"],
 
-							);
 
+							$port =
 
+								":" .
 
+								preg_replace(
 
+									"/(\[?[^]]*\]?):([0-9]{1,5})$/",
 
+									"$2",
 
+									$_SERVER["HTTP_HOST"],
 
+								);
 
 						} else {
 
 						} else {
 
 							$port = "";
 
 							$port = "";
 
 						}
 
 						}
 
@@ -121,7 +123,6 @@ if (!empty($_POST["user"]) && empty($_POST["code"])) {
 
 
 
 					putenv("LANGUAGE=" . $data[$user]["LANGUAGE"]);
 
 					putenv("LANGUAGE=" . $data[$user]["LANGUAGE"]);
 
 					$name = empty($data[$user]["NAME"]) ? $user : $data[$user]["NAME"];
 
 					$name = empty($data[$user]["NAME"]) ? $user : $data[$user]["NAME"];
 
-
 
 					$mailtext = translate_email($template, [
 
 					$mailtext = translate_email($template, [
 
 						"name" => htmlentities($name),
 
 						"name" => htmlentities($name),
 
 						"hostname" => htmlentities($hostname . $port),
 
 						"hostname" => htmlentities($hostname . $port),

+ 32 - 4
web/templates/pages/debug_panel.php
مشاهده فایل 

@@ -1,3 +1,8 @@
 
+<?php
 
+if( !defined("HESTIA_DIR_BIN") ){
 
+	die("Direct access disabled");
 
+}
 
+?>
 
 <div x-data="{ open: false }" class="debug-panel">
 
 <div x-data="{ open: false }" class="debug-panel">
 
 	<button
 
 	<button
 
 		type="button"
 
 		type="button"
 
@@ -10,25 +15,48 @@
 
 		<?php
 
 		<?php
 
 			echo "<h3 class=\"u-mb10\">Server Variables</h3>";
 
 			echo "<h3 class=\"u-mb10\">Server Variables</h3>";
 
 			foreach ($_SERVER as $key => $val) {
 
 			foreach ($_SERVER as $key => $val) {
 
-				echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				if(is_string($val)){
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				}
 
 			}
 
 			}
 
   	?>
 
   	?>
 
 		<?php
 
 		<?php
 
 			echo "<h3 class=\"u-mb10 u-mt10\">Session Variables</h3>";
 
 			echo "<h3 class=\"u-mb10 u-mt10\">Session Variables</h3>";
 
 			foreach ($_SESSION as $key => $val) {
 
 			foreach ($_SESSION as $key => $val) {
 
-				echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				if(is_string($val)){
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				}else if(is_array($val)){
 
+					array_walk_recursive($lang, function (&$value) {
 
+							$value = htmlentities($value);
 
+					});
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> "  .var_dump($val). " ";
 
+				}
 
 			}
 
 			}
 
   	?>
 
   	?>
 
 		<?php
 
 		<?php
 
 			echo "<h3 class=\"u-mb10 u-mt10\">POST Variables</h3>";
 
 			echo "<h3 class=\"u-mb10 u-mt10\">POST Variables</h3>";
 
 			foreach ($_POST as $key => $val) {
 
 			foreach ($_POST as $key => $val) {
 
-				echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				if(is_string($val)){
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				}else if(is_array($val)){
 
+					array_walk_recursive($lang, function (&$value) {
 
+							$value = htmlentities($value);
 
+					});
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> "  .var_dump($val). " ";
 
+				}
 
 			}
 
 			}
 
   	?>
 
   	?>
 
 		<?php
 
 		<?php
 
 			echo "<h3 class=\"u-mb10 u-mt10\">GET Variables</h3>";
 
 			echo "<h3 class=\"u-mb10 u-mt10\">GET Variables</h3>";
 
 			foreach ($_GET as $key => $val) {
 
 			foreach ($_GET as $key => $val) {
 
-				echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				if(is_string($val)){
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> " . $val . " ";
 
+				}else if(is_array($val)){
 
+					array_walk_recursive($lang, function (&$value) {
 
+							$value = htmlentities($value);
 
+					});
 
+					echo "<span class=\"u-text-bold\">" . $key . "= </span> "  .var_dump($val). " ";
 
+				}
 
 			}
 
 			}
 
   	?>
 
   	?>
 
 	</div>
 
 	</div>