Merge remote-tracking branch 'upstream/main' into ipv6

CHANGELOG.md

@@ -4,20 +4,72 @@ All notable changes to this project will be documented in this file.
 
 ## [Development] - Service release
 
-### Breaking changes
+### Note
 
-- Dropped support for Debian 9 (Stretch) as it reached EOL date (New installs got already dropped with 1.6.0 release)
+- Debian 9 (Stretch) is no longer supported as it has reached end-of-life status.
+- Basic mobile support has been added in this release. This is early stages and we'd very much appreciate your feedback and any reporting of bugs, to further improve the mobile experience
 
 ### Features
 
-- Add support for DNSSEC support for DNS domains (#2938)
-- Add support for rate limit exim in packages (#2920)
-- Add support for ssh keys for SFTP (#2906)
-
-### Bugfixes
+- Added basic support for mobile devices (#3166, #3141, #3142, #3157, #3155, #3120, and many more)
+- Added DNSSEC support for DNS domains (#2938)
+- Added support for MySQL 8 (for new installations) (#xxxx @xxxxx)
+- Added support for exim rate limiting in package definitions (#2920)
+- Added support for ssh keys for SFTP backups (#2906)
+- Added Rclone support for backups to AWS, Cloudfare and [+40 other storage systems](https://rclone.org/overview/) (#2928)
+- Added support for importing Cpanel backups (#3238, #3232 @skamasle)
+- Added support for folder wildcards in backup exclusions (#2338 @youradds)
+- Added Nginx template for Mautic (#3192 3188 @youradds)
+- Added alias for composer (#3070)
+- Updated PhpPgAdmin and with support for PostgreSQL 15 (<https://github.com/hestiacp/phppgadmin>)
+- Upgrade MariaDB to 10.11 (#3305)
+
+### Bugfixes
+
+- Make .yaml files editable in the file manager (#3200 @BelleNottelling)
+- Fixed an issue with search not supporting user impersonation. (#3208 #3199)
+- Prevent users from renaming directories in /home/user/web/ (#3211)
+- Allow special characters for user account "Name" field (#3210)
+- Prevent usernames from containing special characters (#3220 #3213)
+- Increase DKIM length (#3218)
+- Improve password meter CSS (#3221)
+- Improve restart behaviour v-update-letsencrypt-ssl (#3231)
+- Fix order of applied patches on upgrade (#3239)
+- Improve upgrade behaviour for Roundcube and Filegator (#3237 #3236)
+- Allow ClientName@domain.com for login via Dovecot/Email (#3024)
+- Return a proper error code when unable to connect via API (#3235 #3169)
+- Synchronise $BIN and $HESTIA/BIN (#2185 @Steveorevo)
+- Block usage of unlimited backups (#3181)
+- Update paths /var/run/ to /run (#3159)
+- Update PHP versions on various Quick Install apps (#3167 #3149 @dadangnh)
+- Update Media Wiki version to 1.39.1 (#3168 @kizule)
+- Replace custom HTTPS socket code with libcurl (#3160)
+- Add config to avoid restarting daemons on error (#3183 @joeakun)
+- Fixed an issue with default template and Quick App installer #3133
+- Generalise password reset instructions. #3112
+- Allow .tpl files to be editable in File Manager (#3148 @neto737)
+- Fixed an issue where domain alias was not being created for domains with two-tier TLD's (such as .co.uk) (#3030)
+- Fix/sync issues with existing domains (#3028)
+- Fixed an issue Unable to create tmp directory (#3019)
+- Fixed an issue with mysqld-iptables in Fail2Ban (#3025)
+- Fixed an issue with Logrotate and Awstats (#3297)
+- Added Google Public DNS as a secondary resolver to nginx configuration
+- Fixed an issue with Proftpd and passive mode external IP (#3266)
+- Improve IPv6 handling in v-change-sys-port (#3276 @asmcc)
+- Set the correct conflicts for hestia-php on Ubuntu 22.04
+- Fixed an issue with erroneous deleting $domain.\* instead of $domain.pem (#3221)
+- Fixed an issue with domain redirect and idn2 domains (#3323 #3325)
+- Fixed an issue in Dokuwiki due to changing repository owner (#3327)
 
 ### Dependencies
 
+- Updated hestia-nginx to 1.23.3
+- Updated hestia-php to 8.2.3
+- Updated Roundcube to 1.6.1
+- Updated Filegator to 7.9.2
+- Updated phpMyAdmin to 5.2.21
+- Updated phpPgAdmin to 7.3.14-hestiacp
+
 ## [1.6.14] - Service release
 
 ## Bugfixes

bin/v-add-web-domain-redirect

@@ -42,18 +42,22 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 
-idn_redirect=$(idn2 --quiet $3)
-if [ $? == 0 ]; then
-	redirect=$idn_redirect
-fi
-
 if [[ "$3" =~ http://|https:// ]]; then
-	scheme=1
+	scheme_check=1
+	scheme=$($HESTIA_PHP -r '$url=parse_url($argv[1]); echo $url["scheme"];' "$redirect")
+	host=$($HESTIA_PHP -r '$url=parse_url($argv[1]); echo $url["host"];' "$redirect")
+	path=$($HESTIA_PHP -r '$url=parse_url($argv[1]); if(!empty($url["path"])){echo $url["path"];}' "$redirect")
+	host=$(idn2 --quiet "$host")
+	redirect="$scheme://$host$path"
 	isValidUrl=$(php -r '$url=$argv[1]; $url=filter_var($url,FILTER_VALIDATE_URL); echo $url;' "$redirect")
 	if [ -z "$isValidUrl" ]; then
 		check_result $E_INVALID "Invalid redirect"
 	fi
 else
+	host=$($HESTIA_PHP -r '$url=parse_url($argv[1]); echo $url["host"];' "http://$redirect")
+	path=$($HESTIA_PHP -r '$url=parse_url($argv[1]); if(!empty($url["path"])){echo $url["path"];}' "http://$redirect")
+	host=$(idn2 --quiet "$host")
+	redirect="$host$path"
 	isValidUrl=$(php -r '$url=$argv[1]; $url=filter_var($url,FILTER_VALIDATE_URL); echo $url;' "http://$redirect")
 	if [ -z "$isValidUrl" ]; then
 		check_result $E_INVALID "Invalid redirect"
@@ -72,9 +76,10 @@ if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
 	conf="$HOMEDIR/$user/conf/web/$domain/nginx.conf_redirect"
 	sconf="$HOMEDIR/$user/conf/web/$domain/nginx.ssl.conf_redirect"
 fi
+
 # Insert redirect commands
 if [ -n "$PROXY_SYSTEM" ] || [ "$WEB_SYSTEM" = 'nginx' ]; then
-	if [ "$scheme" = 1 ]; then
+	if [ "$scheme_check" = 1 ]; then
 		echo "   return $code $redirect\$request_uri;" > $conf
 		if [ ! -e "$sconf" ]; then
 			ln -s "$conf" "$sconf"

bin/v-delete-web-domain-ssl

@@ -62,7 +62,10 @@ fi
 
 # Deleting old certificate
 rm -f $HOMEDIR/$user/conf/web/$domain/ssl/$domain.*
-rm -f $USER_DATA/ssl/$domain.*
+rm -f $USER_DATA/ssl/$domain.ca
+rm -f $USER_DATA/ssl/$domain.crt
+rm -f $USER_DATA/ssl/$domain.key
+rm -f $USER_DATA/ssl/$domain.pem
 
 # Deleting force ssl
 $BIN/v-delete-web-domain-ssl-force "$user" "$domain" 'no' 'yes'

docs/docs/contributing/testing.md

@@ -30,6 +30,19 @@ curl -s "https://beta-apt.hestiacp.com/pubkey.gpg" | gpg --dearmor | tee /usr/sh
 apt update && apt upgrade
 ```
 
+## Install from beta repo
+
+If you want to install a new Hestia installation form the beta server.
+
+```bash
+# Debian
+wget https://beta-apt.hestiacp.com/hst-install-debian.sh
+# or Ubuntu
+wget https://beta-apt.hestiacp.com/hst-install-ubuntu.sh
+```
+
+Then install via bash hst-install-debian.sh or bash hst-install-ubuntu.sh
+
 ## Disabling the beta repo
 
 Edit `/etc/apt/sources.list.d/hestia.list` and remove the `#` in front of `apt.hestiacp.com`, and add a `#` in front of `beta-apt.hestiacp.com`.

func/domain.sh

@@ -831,7 +831,10 @@ del_mail_ssl_config() {
 
 # Delete generated certificates from user configuration data directory
 del_mail_ssl_certificates() {
-	rm -f $USER_DATA/ssl/mail.$domain.*
+	rm -f $USER_DATA/ssl/mail.$domain.ca
+	rm -f $USER_DATA/ssl/mail.$domain.crt
+	rm -f $USER_DATA/ssl/mail.$domain.key
+	rm -f $USER_DATA/ssl/mail.$domain.pem
 	rm -f $HOMEDIR/$user/conf/mail/$domain/ssl/*
 }
 

func/main.sh

@@ -17,6 +17,7 @@ BIN=$HESTIA/bin
 HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 HESTIA_COMMON_DIR="$HESTIA/install/common"
 HESTIA_BACKUP="/root/hst_backups/$(date +%d%m%Y%H%M)"
+HESTIA_PHP="$HESTIA/php/bin/php"
 USER_DATA=$HESTIA/data/users/$user
 WEBTPL=$HESTIA/data/templates/web
 MAILTPL=$HESTIA/data/templates/mail

func/upgrade.sh

@@ -578,8 +578,8 @@ upgrade_phppgadmin() {
 upgrade_phpmyadmin() {
 	# Check if MariaDB/MySQL is installed on the server before attempting to install or upgrade phpMyAdmin
 	if [ -n "$(echo $DB_SYSTEM | grep -w 'mysql')" ]; then
-		pma_release_file=$(ls /usr/share/phpmyadmin/RELEASE-DATE-* 2> /dev/null | tail -n 1)
-		if version_ge "${pma_release_file##*-}" "$pma_v"; then
+		pma_version=$(jq -r .version /usr/share/phpmyadmin/package.json)
+		if version_ge "$pma_version" "$pma_v"; then
 			echo "[ * ] phpMyAdmin is up to date (${pma_release_file##*-})..."
 			# Update permissions
 			if [ -e /var/lib/phpmyadmin/blowfish_secret.inc.php ]; then
@@ -634,7 +634,7 @@ upgrade_filemanager() {
 		else
 			fm_version="1.0.0"
 		fi
-		if version_ge "$fm_version" "$fm_v"; then
+		if ! version_ge "$fm_version" "$fm_v"; then
 			echo "[ ! ] Upgrading File Manager to version $fm_v..."
 			# Reinstall the File Manager
 			$BIN/v-delete-sys-filemanager quiet yes
@@ -662,7 +662,7 @@ upgrade_roundcube() {
 			echo "      To upgrade to the latest version of Roundcube directly from upstream, from please run the command migrate_roundcube.sh located in: /usr/local/hestia/install/upgrade/manual/"
 		else
 			rc_version=$(cat /var/lib/roundcube/index.php | grep -o -E '[0-9].[0-9].[0-9]+' | head -1)
-			if version_ge "$rc_version" "$rc_v"; then
+			if ! version_ge "$rc_version" "$rc_v"; then
 				echo "[ ! ] Upgrading Roundcube to version $rc_v..."
 				$BIN/v-add-sys-roundcube
 			else
@@ -675,7 +675,7 @@ upgrade_roundcube() {
 upgrade_rainloop() {
 	if [ -n "$(echo "$WEBMAIL_SYSTEM" | grep -w 'rainloop')" ]; then
 		rl_version=$(cat /var/lib/rainloop/data/VERSION)
-		if version_ge "$rl_version" "$rl_v"; then
+		if ! version_ge "$rl_version" "$rl_v"; then
 			echo "[ ! ] Upgrading Rainloop to version $rl_v..."
 			$BIN/v-add-sys-rainloop
 		else

web/edit/web/index.php

@@ -1414,8 +1414,8 @@ if (!empty($_POST["save"])) {
 					$from_name = _("Hestia Control Panel");
 					$mailtext = sprintf(
 						_("FTP_ACCOUNT_READY"),
-						quoteshellarg($_GET["domain"]),
-						$user,
+						$v_domain,
+						$user_plain,
 						$v_ftp_username_for_emailing,
 						$v_ftp_user_data["v_ftp_password"],
 					);

web/src/app/WebApp/Installers/DokuWiki/DokuWikiSetup.php

@@ -49,7 +49,7 @@ class DokuWikiSetup extends BaseSetup {
 		"resources" => [
 			"archive" => [
 				"src" =>
-					"https://github.com/splitbrain/dokuwiki/archive/refs/tags/release_stable_2022-07-31a.zip",
+					"https://github.com/dokuwiki/dokuwiki/archive/refs/tags/release-2022-07-31a.zip",
 			],
 		],
 		"server" => [

web/templates/pages/edit_server.php

@@ -1227,7 +1227,7 @@
 								name="v_policy_user_edit_details"
 								id="v_policy_user_edit_details"
 							>
-								<option value="yes">>
+								<option value="yes">
 									<?= _("Yes") ?>
 								</option>
 								<option value="no" <?= $_SESSION["POLICY_USER_EDIT_DETAILS"] == "no" ? "selected" : "" ?>>

web/templates/pages/edit_user.php

@@ -131,7 +131,9 @@
 					<?php if (!empty($v_twofa)) { ?>
 						<p class="u-mb10"><?= _("2FA Reset Code:") . " " . $v_twofa ?></p>
 						<p class="u-mb10"><?= _("Please scan the code below in your 2FA application:") ?></p>
-						<div><img class="qr-code" src="<?= htmlentities($v_qrcode) ?>" alt=""></div>
+						<div class="u-mb10">
+							<img class="qr-code" src="<?= htmlentities($v_qrcode) ?>" alt="<?= _("2FA QR Code") ?>">
+						</div>
 					<?php } ?>
 				</div>
 				<div x-cloak x-show="!loginDisabled" id="password-options-ip">

web/templates/pages/login/reset2fa.php

@@ -19,7 +19,7 @@
 			<input type="hidden" name="token" value="<?= $_SESSION["token"] ?>">
 			<h1 class="login-title">
 				<?= _("Reset 2FA") ?>
-			</div>
+			</h1>
 			<?php show_error_message($ERROR); ?>
 			<div class="u-mb10">
 				<label for="user" class="form-label"><?= _("Username") ?></label>