Fix multiple php 500 errors (#3789)

This commit fixes multiple PHP errors which were present in /var/log/hestia/nginx-error.log due to variable declaration changes.

func/main.sh

@@ -129,8 +129,8 @@ log_history() {
 	fi
 	touch $log
 
-	if [ '750' -lt "$(wc -l $log | cut -f 1 -d ' ')" ]; then
-		tail -n 499 $log > $log.moved
+	if [ '300' -lt "$(wc -l $log | cut -f 1 -d ' ')" ]; then
+		tail -n 250 $log > $log.moved
 		mv -f $log.moved $log
 		chmod 660 $log
 	fi

web/add/dns/index.php

@@ -397,7 +397,7 @@ if (empty($_GET["domain"])) {
 	if (empty($v_dnssec)) {
 		$v_dnssec = "";
 	}
-
+	$accept = $_GET["accept"] ?? "";
 	render_page($user, $TAB, "add_dns_rec");
 }
 

web/add/key/index.php

@@ -2,7 +2,6 @@
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
 ob_start();
-session_start();
 $TAB = "USER";
 
 // Main include

web/add/package/index.php

@@ -122,14 +122,15 @@ if (!empty($_POST["ok"])) {
 	$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
 	$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
 	$v_ratelimit = quoteshellarg($_POST["v_ratelimit"]);
-	$v_ns1 = trim($_POST["v_ns1"], ".");
-	$v_ns2 = trim($_POST["v_ns2"], ".");
-	$v_ns3 = trim($_POST["v_ns3"], ".");
-	$v_ns4 = trim($_POST["v_ns4"], ".");
-	$v_ns5 = trim($_POST["v_ns5"], ".");
-	$v_ns6 = trim($_POST["v_ns6"], ".");
-	$v_ns7 = trim($_POST["v_ns7"], ".");
-	$v_ns8 = trim($_POST["v_ns8"], ".");
+	$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
+	$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
+	$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
+	$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
+	$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
+	$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
+	$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
+	$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
+
 	$v_ns = $v_ns1 . "," . $v_ns2;
 	if (!empty($v_ns3)) {
 		$v_ns .= "," . $v_ns3;

web/edit/backup/exclusions/index.php

@@ -17,6 +17,7 @@ check_return_code($return_var, $output);
 $data = json_decode(implode("", $output), true);
 unset($output);
 
+$v_web = $v_mail = $v_db = $v_userdir = "";
 // Parse web
 $v_username = $user;
 foreach ($data["WEB"] as $key => $value) {
@@ -27,15 +28,6 @@ foreach ($data["WEB"] as $key => $value) {
 	}
 }
 
-// Parse dns
-foreach ($data["DNS"] as $key => $value) {
-	if (!empty($value)) {
-		$v_dns .= $key . ":" . $value . "\n";
-	} else {
-		$v_dns .= $key . "\n";
-	}
-}
-
 // Parse mail
 foreach ($data["MAIL"] as $key => $value) {
 	if (!empty($value)) {
@@ -68,32 +60,32 @@ if (!empty($_POST["save"])) {
 	// Check token
 	verify_csrf($_POST);
 
-	$v_web = $_POST["v_web"];
+	$v_web = $_POST["v_web"] ?? "";
 	$v_web_tmp = str_replace("\r\n", ",", $_POST["v_web"]);
 	$v_web_tmp = rtrim($v_web_tmp, ",");
 	$v_web_tmp = "WEB=" . quoteshellarg($v_web_tmp);
 
-	$v_dns = $_POST["v_dns"];
+	$v_dns = $_POST["v_dns"] ?? "";
 	$v_dns_tmp = str_replace("\r\n", ",", $_POST["v_dns"]);
 	$v_dns_tmp = rtrim($v_dns_tmp, ",");
 	$v_dns_tmp = "DNS=" . quoteshellarg($v_dns_tmp);
 
-	$v_mail = $_POST["v_mail"];
+	$v_mail = $_POST["v_mail"] ?? "";
 	$v_mail_tmp = str_replace("\r\n", ",", $_POST["v_mail"]);
 	$v_mail_tmp = rtrim($v_mail_tmp, ",");
 	$v_mail_tmp = "MAIL=" . quoteshellarg($v_mail_tmp);
 
-	$v_db = $_POST["v_db"];
+	$v_db = $_POST["v_db"] ?? "";
 	$v_db_tmp = str_replace("\r\n", ",", $_POST["v_db"]);
 	$v_db_tmp = rtrim($v_db_tmp, ",");
 	$v_db_tmp = "DB=" . quoteshellarg($v_db_tmp);
 
-	$v_cron = $_POST["v_cron"];
+	$v_cron = $_POST["v_cron"] ?? "";
 	$v_cron_tmp = str_replace("\r\n", ",", $_POST["v_cron"]);
 	$v_cron_tmp = rtrim($v_cron_tmp, ",");
 	$v_cron_tmp = "CRON=" . quoteshellarg($v_cron_tmp);
 
-	$v_userdir = $_POST["v_userdir"];
+	$v_userdir = $_POST["v_userdir"] ?? "";
 	$v_userdir_tmp = str_replace("\r\n", ",", $_POST["v_userdir"]);
 	$v_userdir_tmp = rtrim($v_userdir_tmp, ",");
 	$v_userdir_tmp = "USER=" . quoteshellarg($v_userdir_tmp);

web/edit/package/index.php

@@ -224,7 +224,11 @@ if (!empty($_POST["save"])) {
 		$v_proxy_template = quoteshellarg($_POST["v_proxy_template"]);
 	}
 	$v_dns_template = quoteshellarg($_POST["v_dns_template"]);
-	$v_shell = quoteshellarg($_POST["v_shell"]);
+	if (!empty($_POST["v_shell"])) {
+		$v_shell = quoteshellarg($_POST["v_shell"]);
+	} else {
+		$v_shell = "nologin";
+	}
 	$v_web_domains = quoteshellarg($_POST["v_web_domains"]);
 	$v_web_aliases = quoteshellarg($_POST["v_web_aliases"]);
 	$v_dns_domains = quoteshellarg($_POST["v_dns_domains"]);
@@ -237,14 +241,14 @@ if (!empty($_POST["save"])) {
 	$v_backups = quoteshellarg($_POST["v_backups"]);
 	$v_disk_quota = quoteshellarg($_POST["v_disk_quota"]);
 	$v_bandwidth = quoteshellarg($_POST["v_bandwidth"]);
-	$v_ns1 = trim($_POST["v_ns1"], ".");
-	$v_ns2 = trim($_POST["v_ns2"], ".");
-	$v_ns3 = trim($_POST["v_ns3"], ".");
-	$v_ns4 = trim($_POST["v_ns4"], ".");
-	$v_ns5 = trim($_POST["v_ns5"], ".");
-	$v_ns6 = trim($_POST["v_ns6"], ".");
-	$v_ns7 = trim($_POST["v_ns7"], ".");
-	$v_ns8 = trim($_POST["v_ns8"], ".");
+	$v_ns1 = !empty($_POST["v_ns1"]) ? trim($_POST["v_ns1"], ".") : "";
+	$v_ns2 = !empty($_POST["v_ns2"]) ? trim($_POST["v_ns2"], ".") : "";
+	$v_ns3 = !empty($_POST["v_ns3"]) ? trim($_POST["v_ns3"], ".") : "";
+	$v_ns4 = !empty($_POST["v_ns4"]) ? trim($_POST["v_ns4"], ".") : "";
+	$v_ns5 = !empty($_POST["v_ns5"]) ? trim($_POST["v_ns5"], ".") : "";
+	$v_ns6 = !empty($_POST["v_ns6"]) ? trim($_POST["v_ns6"], ".") : "";
+	$v_ns7 = !empty($_POST["v_ns7"]) ? trim($_POST["v_ns7"], ".") : "";
+	$v_ns8 = !empty($_POST["v_ns8"]) ? trim($_POST["v_ns8"], ".") : "";
 	$v_ns = $v_ns1 . "," . $v_ns2;
 	if (!empty($v_ns3)) {
 		$v_ns .= "," . $v_ns3;

web/edit/user/index.php

@@ -24,7 +24,7 @@ if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
 
 // Prevent other users with admin privileges from editing properties of default 'admin' user
 if (
-	($_SESSION["userContext"] === "admin" && isset($_SESSION["look"]) && $user == "admin") ||
+	($_SESSION["userContext"] === "admin" && $_SESSION["look"] != "" && $user == "admin") ||
 	($_SESSION["userContext"] === "admin" &&
 		!isset($_SESSION["look"]) &&
 		$user == "admin" &&
@@ -361,19 +361,25 @@ if (!empty($_POST["save"])) {
 			}
 		}
 		// Change shell (admin only)
-		if (
-			$v_shell != $_POST["v_shell"] &&
-			$_SESSION["userContext"] === "admin" &&
-			empty($_SESSION["error_msg"])
-		) {
-			$v_shell = quoteshellarg($_POST["v_shell"]);
-			exec(
-				HESTIA_CMD . "v-change-user-shell " . quoteshellarg($v_username) . " " . $v_shell,
-				$output,
-				$return_var,
-			);
-			check_return_code($return_var, $output);
-			unset($output);
+		if (!empty($_POST["v_shell"])) {
+			if (
+				$v_shell != $_POST["v_shell"] &&
+				$_SESSION["userContext"] === "admin" &&
+				empty($_SESSION["error_msg"])
+			) {
+				$v_shell = quoteshellarg($_POST["v_shell"]);
+				exec(
+					HESTIA_CMD .
+						"v-change-user-shell " .
+						quoteshellarg($v_username) .
+						" " .
+						$v_shell,
+					$output,
+					$return_var,
+				);
+				check_return_code($return_var, $output);
+				unset($output);
+			}
 		}
 	}
 	// Change language

web/edit/web/index.php

@@ -343,6 +343,9 @@ if (!empty($_POST["save"])) {
 		if (empty($_POST["v_nginx_cache_check"])) {
 			$_POST["v_nginx_cache_check"] = "";
 		}
+		if (empty($v_nginx_cache_duration)) {
+			$v_nginx_cache_duration = "";
+		}
 		if (
 			($_SESSION["WEB_SYSTEM"] == "nginx" &&
 				$v_nginx_cache_check != $_POST["v_nginx_cache_check"]) ||

web/inc/main.php

@@ -149,6 +149,9 @@ if (isset($_SESSION["look"]) && $_SESSION["look"] != "" && $_SESSION["userContex
 if (empty($user_plain)) {
 	$user_plain = "";
 }
+if (empty($_SESSION["look"])) {
+	$_SESSION["look"] = "";
+}
 
 require_once dirname(__FILE__) . "/i18n.php";
 
@@ -364,11 +367,6 @@ function humanize_usage_size($usage, $round = 2) {
 		}
 		$display_usage = number_format($usage, $round);
 	}
-	if (strlen($display_usage) > 4) {
-		if (is_float($display_usage)) {
-			return number_format($usage, $round - 1);
-		}
-	}
 	return $display_usage;
 }
 

web/list/backup/exclusions/index.php

@@ -9,7 +9,6 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 exec(HESTIA_CMD . "v-list-user-backup-exclusions $user json", $output, $return_var);
 $data = json_decode(implode("", $output), true);
 unset($output);
-
 // Render page
 render_page($user, $TAB, "list_backup_exclusions");
 

web/list/log/auth/index.php

@@ -8,7 +8,7 @@ $TAB = "LOG";
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
 // Edit as someone else?
-if ($_SESSION["userContext"] === "admin" && isset($_SESSION["look"])) {
+if ($_SESSION["userContext"] === "admin" && $_SESSION["look"] != "") {
 	$user = quoteshellarg($_SESSION["look"]);
 } elseif ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
 	$user = quoteshellarg($_GET["user"]);

web/list/log/index.php

@@ -29,14 +29,22 @@ if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
 exec(HESTIA_CMD . "v-list-user-log $user json", $output, $return_var);
 check_error($return_var);
 $data = json_decode(implode("", $output), true);
-$data = array_reverse($data);
-unset($output);
-if (empty($_SESSION["look"])) {
-	unset($_SESSION["look"]);
-}
+if (is_array($data)) {
+	$data = array_reverse($data);
+	unset($output);
 
-// Render page
-if ($user === "system") {
-	$user = "'" . $_SESSION["user"] . "'";
+	// Render page
+	if ($user === "system") {
+		$user = "'" . $_SESSION["user"] . "'";
+	}
+} else {
+	$data = [];
+	$data[] = [
+		"LEVEL" => "error",
+		"DATE" => date("Y-m-d"),
+		"TIME" => date("H:i:s"),
+		"MESSAGE" => "Unable to load logs",
+		"CATEGORY" => "system",
+	];
 }
 render_page($user, $TAB, "list_log");

web/templates/includes/panel.php

@@ -55,7 +55,7 @@
 
 				<!-- Notifications -->
 				<?php
-				$impersonatingAdmin = ($_SESSION['userContext'] === 'admin') && (isset($_SESSION['look']) && ($user == 'admin'));
+				$impersonatingAdmin = ($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] !== '' && ($user == 'admin'));
 				// Do not show notifications panel when impersonating 'admin' user
 				if (!$impersonatingAdmin) { ?>
 					<div x-data="notifications" class="top-bar-notifications">
@@ -154,7 +154,7 @@
 
 							<!-- File Manager -->
 							<?php if (isset($_SESSION["FILE_MANAGER"]) && !empty($_SESSION["FILE_MANAGER"]) && $_SESSION["FILE_MANAGER"] == "true") { ?>
-								<?php if ($_SESSION["userContext"] === "admin" && (isset($_SESSION["look"]) && $_SESSION["look"] === "admin" && $_SESSION["POLICY_SYSTEM_PROTECTED_ADMIN"] == "yes")) { ?>
+								<?php if ($_SESSION["userContext"] === "admin" &&  $_SESSION["look"] === "admin" && $_SESSION["POLICY_SYSTEM_PROTECTED_ADMIN"] == "yes") { ?>
 									<!-- Hide file manager when impersonating admin-->
 								<?php } else { ?>
 									<li class="top-bar-menu-item">
@@ -168,7 +168,7 @@
 
 							<!-- Server Settings -->
 							<?php if (($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] !== "yes") || $_SESSION["user"] === "admin") { ?>
-								<?php if ($_SESSION["userContext"] === "admin" && !empty($_SESSION["look"])) { ?>
+								<?php if ($_SESSION["userContext"] === "admin" && $_SESSION["look"] !== '') { ?>
 									<!-- Hide 'Server Settings' button when impersonating 'admin' or other users -->
 								<?php } else { ?>
 									<li class="top-bar-menu-item">
@@ -181,7 +181,7 @@
 							<?php } ?>
 
 							<!-- Edit User -->
-							<?php if ($_SESSION["userContext"] === "admin" && (isset($_SESSION["look"]) && $user == "admin")) { ?>
+							<?php if ($_SESSION["userContext"] === "admin" && ($_SESSION["look"] !== '' && $user == "admin")) { ?>
 								<!-- Hide 'edit user' entry point from other administrators for default 'admin' account-->
 								<li class="top-bar-menu-item">
 									<a title="<?= _("Logs") ?>" class="top-bar-menu-link <?php if ($TAB == 'LOG') echo 'active' ?>" href="/list/log/">
@@ -207,7 +207,7 @@
 									<span class="top-bar-menu-link-label u-hide-desktop"><?= _("Statistics") ?></span>
 								</a>
 							</li>
-							<?php if ( $_SESSION['HIDE_DOCS'] != 'yes'){
+							<?php if ( $_SESSION['HIDE_DOCS'] !== 'yes'){
 							?>
 								<!-- Help / Documentation -->
 								<li class="top-bar-menu-item">
@@ -257,7 +257,7 @@
 			<ul x-cloak x-show="open" class="main-menu-list">
 
 				<!-- Users tab -->
-				<?php if (($_SESSION['userContext'] == 'admin') && (empty($_SESSION['look']))) { ?>
+				<?php if (($_SESSION['userContext'] == 'admin') && ($_SESSION['look'] === '')) { ?>
 					<?php
 						if (($_SESSION['user'] !== 'admin') && ($_SESSION['POLICY_SYSTEM_HIDE_ADMIN'] === 'yes')) {
 							$user_count = $panel[$user]['U_USERS'] - 1;

web/templates/pages/add_db.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $_GET["accept"] === "true") || $user_plain !== "admin") { ?>
+			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>

web/templates/pages/add_dns.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $_GET["accept"] === "true") || $user_plain !== "admin") { ?>
+			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>

web/templates/pages/add_mail.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $_GET["accept"] === "true") || $user_plain !== "admin") { ?>
+			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>

web/templates/pages/add_web.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $_GET["accept"] === "true") || $user_plain !== "admin") { ?>
+			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>

web/templates/pages/edit_backup_exclusions.php

@@ -17,7 +17,7 @@
 
 <div class="container animate__animated animate__fadeIn">
 
-	<form id="main-form" name="v_edit_backup_exclusions" method="post" class="<?= _($v_status) ?>">
+	<form id="main-form" name="v_edit_backup_exclusions" method="post">
 		<input type="hidden" name="token" value="<?= $_SESSION["token"] ?>">
 		<input type="hidden" name="save" value="save">
 

web/templates/pages/edit_user.php

@@ -6,7 +6,7 @@
 				<i class="fas fa-arrow-left icon-blue"></i><?= _("Back") ?>
 			</a>
 			<?php
-				if (($_SESSION['userContext'] === 'admin') && (!isset($_SESSION['look'])) && ($_SESSION['user'] !== $v_username)) {
+				if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === '' ) && ($_SESSION['user'] !== $v_username)) {
 					$ssh_key_url = "/list/key/?user=".htmlentities($_GET['user'])."&token=".$_SESSION['token']."";
 					$log_url = "/list/log/?user=".htmlentities($_GET['user'])."&token=".$_SESSION['token']."";
 					$keys_url = "/list/access-key/?user=".htmlentities($_GET['user'])."&token=".$_SESSION['token']."";