Merge branch 'main' into release

CHANGELOG.md

@@ -1,6 +1,35 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.4.2] - Service release
+
+- **NOTE:** During the 1.4.1 / 1.4.0 release we have introduced a bug for Ubuntu 20.04 and 18.04 users with multiple network ports on the server. This release will solve the issue caused by this bug! If you are unable to download the backup please do the following:
+
+```
+    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+```
+
+Then run the update via 
+
+```
+    apt update && apt upgrade
+```
+
+### Bugfixes
+
+- Fix issue wit startup script for iptables / network (#1849) (@myrevery)
+- Fix problem with accidentally replacing nginx.conf during upgrade nginx (#1878 / @myrevery)
+- Fix issue with installing Ubuntu 18.04
+- Fix issue with login into file manger as admin user
+- Added proxy_extentions back to support older custom templates
+- Added the possibility to skip the forced reboot when interactive is set to no
+- Fixed an issue with modx template
+- Updated translations (Croatian, Czech and Italian)  
+- Fixed an issue where users where not able to save / update web domains when POLICY_USER_EDIT_WEB_TEMPLATES is enabled (#1872)
+- Fixed an issue where admin users where not able to add new ssh key for users (#1870)
+- Fixed an issue where domain.com was not affected as a valid domain (#1874)
+- Fixed an issue where "development" icon was not removed on update to release (#1835)
+  
 ## [1.4.1] - Bug fix
 
 - Fixed bug with 2FA enabled logins 

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.1 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.4.2 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>

bin/v-add-sys-roundcube

@@ -51,12 +51,12 @@ if [ -z "$HOMEDIR" ] || [ -z "$HESTIA_INSTALL_DIR" ]; then
 fi
 
 if [ -z "$(echo "$DB_SYSTEM" | grep -w 'mysql')" ]; then
-    echo "ERROR: Mysql not available. Instalation aborted"
+    echo "ERROR: Mysql not available. Installation aborted"
     exit 2
 fi
 
 if [ -d "/usr/share/roundcube" ]; then
-    echo "ERROR: Install done from atp source unable to continue"
+    echo "ERROR: Install done from apt source, unable to continue"
     exit 2;
 fi
 
@@ -64,7 +64,7 @@ fi
 if [ -f "/var/lib/roundcube/index.php" ]; then
     version=$(cat $RC_INSTALL_DIR/index.php | grep -o -E '[0-9].[0-9].[0-9]+' | head -1);
     if [ "$version" == "$rc_v" ]; then
-        echo "Error: Installed version ($version) is equal as the availble version ($rc_v)"
+        echo "Error: Installed version ($version) is equal to the available version ($rc_v)"
         exit 2;
     else 
         UPDATE="yes"

bin/v-add-web-domain

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add web domain
-# options: USER DOMAIN [IP] [ALIASES] [PROXY_EXTENSIONS] [RESTART]
+# options: USER DOMAIN [IP] [RESTART] [ALIASES] [PROXY_EXTENSIONS]
 # labels: web
 #
 # example: v-add-web-domain admin wonderland.com 192.18.22.43 yes www.wonderland.com

bin/v-stop-firewall

@@ -76,20 +76,14 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed"; then
-        preup="/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
+    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
+        preup="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
         if [ ! -e "$preup" ]; then
-            for iface in $(ip token | awk -F 'dev ' '{print $2}'); do 
-                if [ -z "$interfaces" ]; then
-                    interfaces=" \"\$IFACE\"==\"$iface\""
-                else
-                    interfaces="$interfaces || \"\$IFACE\"==\"$iface\" ";
-                fi
-            done
             IFS='%'
-            echo '#!/bin/bash' > $preup
+            echo '#!/bin/sh' > $preup
             echo '' >> $preup
-            echo 'if [['$interfaces']]; then' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
             echo '    sleep 3' >> $preup
             echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
             echo 'fi' >> $preup
@@ -97,10 +91,15 @@ else
             chmod +x $preup
         fi
     else
-        preup="/etc/network/if-pre-up.d/iptables"
+        preup="/etc/network/if-pre-up.d/hestia-iptables"
         if [ ! -e "$preup" ]; then
+            IFS='%'
             echo '#!/bin/sh' > $preup
-            echo "/sbin/iptables-restore < /etc/iptables.rules" >> $preup
+            echo '' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
+            echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
+            echo 'fi' >> $preup
             echo "exit 0" >> $preup
             chmod +x $preup
         fi

bin/v-update-firewall

@@ -183,15 +183,14 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed"; then
-        preup="/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
+    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
+        preup="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
         if [ ! -e "$preup" ]; then
             IFS='%'
-            echo '#!/bin/bash' > $preup
-            echo '' >> $preup
-            echo "${HESTIA}/bin/v-update-firewall-ipset" >> $preup
+            echo '#!/bin/sh' > $preup
             echo '' >> $preup
-            echo 'if [ "$IFACE" == "'$(/bin/ip token | awk -F 'dev ' '{print $2}')'" ]; then' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
             echo '    sleep 3' >> $preup
             echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
             echo 'fi' >> $preup
@@ -199,11 +198,15 @@ else
             chmod +x $preup
         fi
     else
-        preup="/etc/network/if-pre-up.d/iptables"
+        preup="/etc/network/if-pre-up.d/hestia-iptables"
         if [ ! -e "$preup" ]; then
+            IFS='%'
             echo '#!/bin/sh' > $preup
-            echo "${HESTIA}/bin/v-update-firewall-ipset" >> $preup
-            echo "/sbin/iptables-restore < /etc/iptables.rules" >> $preup
+            echo '' >> $preup
+            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
+            echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
+            echo 'fi' >> $preup
             echo "exit 0" >> $preup
             chmod +x $preup
         fi

func/domain.sh

@@ -231,7 +231,11 @@ add_web_config() {
             WEBTPL_LOCATION="$WEBTPL/$1/$WEB_BACKEND"
         fi
     fi
-
+    
+    # Note: Removing or renaming template variables will lead to broken custom templates.
+    #   -If possible custom templates should be automatically upgraded to use the new format
+    #   -Alternatively a depreciation period with proper notifications should be considered 
+    
     cat "${WEBTPL_LOCATION}/$2" | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$domain|g" \
@@ -248,6 +252,7 @@ add_web_config() {
             -e "s|%proxy_system%|$PROXY_SYSTEM|g" \
             -e "s|%proxy_port%|$PROXY_PORT|g" \
             -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \
+            -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \
             -e "s/%proxy_extensions%/${PROXY_EXT//,/|}/g" \
             -e "s|%user%|$user|g" \
             -e "s|%group%|$user|g" \
@@ -562,7 +567,7 @@ is_dns_fqnd() {
     r=$2
     fqdn_type=$(echo $t | grep "NS\|CNAME\|MX\|PTR\|SRV")
     tree_length=3
-    if [ $t = 'CNAME' ]; then
+    if [[ $t = 'CNAME' || $t = 'MX' ]]; then
         tree_length=2
     fi
 
@@ -739,6 +744,10 @@ add_webmail_config() {
         
     fi
     
+    # Note: Removing or renaming template variables will lead to broken custom templates.
+    #   -If possible custom templates should be automatically upgraded to use the new format
+    #   -Alternatively a depreciation period with proper notifications should be considered 
+    
     cat $MAILTPL/$1/$2 | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$WEBMAIL_ALIAS.$domain|g" \

func/upgrade.sh

@@ -151,8 +151,16 @@ upgrade_get_version() {
 
 upgrade_set_version() {
     # Set new version number in hestia.conf
-    sed -i "/VERSION/d" $HESTIA/conf/hestia.conf
-    echo "VERSION='$@'" >> $HESTIA/conf/hestia.conf
+    $BIN/v-change-sys-config-value "VERSION" "$@"
+}
+
+upgrade_set_branch() {
+    
+    # Set branch in hestia.conf
+    DISPLAY_VER=$(echo $@ | sed "s|~alpha||g" | sed "s|~beta||g");
+    if [ "$DISPLAY_VER" = "$@" ]; then 
+        $BIN/v-change-sys-config-value "RELEASE_BRANCH" "release"
+    fi
 }
 
 upgrade_send_notification_to_panel () {

install/deb/filemanager/filegator/configuration.php

@@ -15,9 +15,12 @@ $dist_config['services']['Filegator\Services\Storage\Filesystem']['config']['ada
         if (isset($_SESSION['user'])) {
             $v_user = $_SESSION['user'];
         }
-        if (isset($_SESSION['look']) && ($_SESSION['userContext'] === 'admin') && ($_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN'] === 'no')) {
+        if (isset($_SESSION['look']) && ($_SESSION['userContext'] === 'admin')) {
             $v_user = $_SESSION['look'];
         }
+        if ((isset($_SESSION['look']) && ($_SESSION['look'] == 'admin') && ($_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN'] == 'yes') )) {
+            header('Location: /');
+        }
         # Create filemanager sftp key if missing and trash it after 30 min
         if (! file_exists('/home/'.basename($v_user).'/.ssh/hst-filemanager-key')) {
             exec ("sudo /usr/local/hestia/bin/v-add-user-sftp-key " . escapeshellarg(basename($v_user)) . " 30", $output, $return_var);

install/deb/templates/web/nginx/php-fpm/modx.stpl

@@ -58,12 +58,14 @@ server {
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
             include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-                if ($request_uri ~* "/manager/|index.php") {
-                    set $no_cache 1;
-                }
-                if ($http_cookie ~ SESS) {
-                    set $no_cache 1;
-                }
+            
+            if ($request_uri ~* "/manager/|index.php") {
+                set $no_cache 1;
+            }
+            if ($http_cookie ~ SESS) {
+                set $no_cache 1;
+            }
+        }
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/modx.tpl

@@ -53,12 +53,14 @@ server {
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
             include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-                if ($request_uri ~* "/manager/|index.php") {
-                    set $no_cache 1;
-                }
-                if ($http_cookie ~ SESS) {
-                    set $no_cache 1;
-                }
+            
+            if ($request_uri ~* "/manager/|index.php") {
+                set $no_cache 1;
+            }
+            if ($http_cookie ~ SESS) {
+                set $no_cache 1;
+            }
+        }
     }
 
     location /error/ {

install/hst-install-debian.sh

@@ -23,7 +23,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.4.1'
+HESTIA_INSTALL_VER='1.4.2~alpha'
 pma_v='5.1.0'
 rc_v="1.4.11"
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0")
@@ -1934,16 +1934,17 @@ rm -f $tmpfile
 # Add welcome message to notification panel
 $HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '<br>You are now ready to begin <a href="/add/user/">adding user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, view the <a href="https://docs.hestiacp.com/" target="_new">documentation</a> or visit our <a href="https://forum.hestiacp.com/" target="_new">user forum</a>.<br><br>Please report any bugs or issues via <a href="https://github.com/hestiacp/hestiacp/issues" target="_new"><i class="fab fa-github"></i> GitHub</a>.<br><br><b>Have a wonderful day!</b><br><br><i class="fas fa-heart status-icon red"></i> The Hestia Control Panel development team'
 
-echo "[ ! ] IMPORTANT: System will reboot"
-echo ""
-if [ "$interactive" = 'yes' ]; then
-    echo -n " Press any key to continue!"
-    read reboot
-fi
-
 # Clean-up
 # Sort final configuration file
 sort_config_file
 
-reboot
+if [ "$interactive" = 'yes' ]; then
+    echo "[ ! ] IMPORTANT: System will reboot"
+    echo ""
+    echo -n " Press any key to continue!"
+    read reboot
+    reboot
+else
+    echo "[ ! ] IMPORTANT: You must logout or restart the server before continuing"
+fi
 # EOF

install/hst-install-ubuntu.sh

@@ -23,7 +23,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.4.1'
+HESTIA_INSTALL_VER='1.4.2~alpha'
 pma_v='5.1.0'
 rc_v="1.4.11"
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0")
@@ -1210,9 +1210,13 @@ $HESTIA/bin/v-change-sys-hostname $servername 'no' > /dev/null 2>&1
 
 # Generating SSL certificate
 echo "[ * ] Generating default self-signed SSL certificate..."
-$HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \
-     'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
-
+if [ "$release" = "18.04" ]; then
+    $HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
+         'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
+else
+    $HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \
+        'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
+fi
 # Parsing certificate file
 crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem |cut -f 1 -d:)
 key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
@@ -1962,16 +1966,17 @@ rm -f $tmpfile
 # Add welcome message to notification panel
 $HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '<br>You are now ready to begin <a href="/add/user/">adding user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, view the <a href="https://docs.hestiacp.com/" target="_new">documentation</a> or visit our <a href="https://forum.hestiacp.com/" target="_new">user forum</a>.<br><br>Please report any bugs or issues via <a href="https://github.com/hestiacp/hestiacp/issues" target="_new"><i class="fab fa-github"></i> GitHub</a>.<br><br><b>Have a wonderful day!</b><br><br><i class="fas fa-heart status-icon red"></i> The Hestia Control Panel development team'
 
-echo "[ ! ] IMPORTANT: System will reboot"
-echo ""
-if [ "$interactive" = 'yes' ]; then
-    echo -n " Press any key to continue!"
-    read reboot
-fi
-
 # Clean-up
 # Sort final configuration file
 sort_config_file
 
-reboot
+if [ "$interactive" = 'yes' ]; then
+    echo "[ ! ] IMPORTANT: System will reboot"
+    echo ""
+    echo -n " Press any key to continue!"
+    read reboot
+    reboot
+else
+    echo "[ ! ] IMPORTANT: You must logout or restart the server before continuing"
+fi
 # EOF

install/upgrade/manual/migrate_roundcube.sh

@@ -23,7 +23,7 @@ if [ ! -d "/usr/share/roundcube/" ]; then
 fi
 
 
-echo "For deleting Roudcube you will need confirm the removal with root password. Password can be found in /usr/local/hestia/conf/mysql.conf"
+echo "For deleting Roundcube you will need confirm the removal with root password. Password can be found in /usr/local/hestia/conf/mysql.conf"
 read -p "Please enter Y to continue" -n 1 -r
 echo    # (optional) move to a new line
 if [[ $REPLY =~ ^[Yy]$ ]]

install/upgrade/manual/upgrade_multi_php.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
-# Update www.conf to the a different version so users can safely deleted older php version. 
+# Update www.conf to a different version so users can safely delete older php version. 
 # www.conf is used for Roundcube, Rainloop and phpmyadmin
-# Removal of the "www.conf" php version will cause issues with Rainloop not working. Current script updates it to the latests version of PHP installed. If that is not wanted use this script
+# Removal of the "www.conf" php version will cause issues with Rainloop not working. Current script updates it to the latest version of PHP installed. If that is not wanted use this script
 
 version=$1
 if [ ! -x "$(command -v php)" ]; then

install/upgrade/versions/1.4.2.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.4.2
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+
+# Optimize loading firewall rules
+if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
+    echo "[ * ] Fix the issue of loading firewall rules..."
+    # Add rule to ensure the rule will be added when we update the firewall / /etc/iptables.rules
+    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+    rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
+    $BIN/v-update-firewall
+fi
+
+# Fix potential issue of updating to Nginx 1.21.0
+if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
+    default_conf="/etc/nginx/conf.d/default.conf"
+    nginx_conf="/etc/nginx/nginx.conf"
+
+    [ -f "${default_conf}" ]          && mv -f ${default_conf} ${default_conf}.dpkg-dist
+    [ -f "${default_conf}.dpkg-new" ] && mv -f ${default_conf}.dpkg-new ${default_conf}.dpkg-dist
+    [ -f "${nginx_conf}.dpkg-new" ]   && mv -f ${nginx_conf}.dpkg-new ${nginx_conf}.dpkg-dist
+    [ -f "${nginx_conf}.dpkg-old" ]   && mv -f ${nginx_conf} ${nginx_conf}.dpkg-dist \
+                                      && rm -f ${nginx_conf}.dpkg-old \
+                                      && cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/
+fi

src/deb/hestia/control

@@ -1,7 +1,7 @@
 Source: hestia
 Package: hestia
 Priority: optional
-Version: 1.4.1
+Version: 1.4.2
 Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/hestia/postinst

@@ -75,6 +75,7 @@ upgrade_rainloop | tee -a $LOG
 
 # Set new version number in hestia.conf
 upgrade_set_version $new_version
+upgrade_set_branch $new_version
 
 # Perform upgrade clean-up tasks (rebuild domains and users, restart services, delete temporary files)
 upgrade_cleanup_message | tee -a $LOG

src/hst_autocompile.sh

@@ -625,6 +625,8 @@ if [ "$HESTIA_B" = true ]; then
     chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/web/inc/mail-wrapper.php
     # Allow the executable to be executed
     chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/bin/*
+    find $BUILD_DIR_HESTIA/usr/local/hestia/install/ \( -name '*.sh' \) -exec chmod +x {} \;
+    chmod -x $BUILD_DIR_HESTIA/usr/local/hestia/install/* 
     chown -R root:root $BUILD_DIR_HESTIA
 
     if [ "$BUILD_DEB" = true ]; then

web/add/key/index.php

@@ -17,9 +17,15 @@ if (!empty($_POST['ok'])) {
         $_SESSION['error_msg'] = _('Field SSH_KEY can not be blank.');
     }
     
+    if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
+        $user = $_GET['user'];
+    }
+    
+    $user = escapeshellarg($user);
+    
     if(!$_SESSION['error_msg']){
         if($_POST){
-            //key if key already exisits
+            //key if key already exists
             exec (HESTIA_CMD . "v-list-user-ssh-key ".$user." json", $output, $return_var);
             $data = json_decode(implode('', $output), true);
             unset($output);

web/edit/web/index.php

@@ -90,14 +90,15 @@ if(!empty($data[$v_domain]['CUSTOM_DOCROOT']))
     $v_custom_doc_root = realpath($data[$v_domain]['CUSTOM_DOCROOT']) . DIRECTORY_SEPARATOR;
 
 if(!empty($v_custom_doc_root) &&
-    false !== preg_match('/\/home\/'.$v_username.'\/web\/([[:alnum:]].*)\/public_html\/([[:alnum:]].*)?/', $v_custom_doc_root, $matches) ) {
+    false !== preg_match('/\/home\/'.$v_username.'\/web\/([[:alnum:]].*?)\/public_html\/([[:alnum:]].*)?/', $v_custom_doc_root, $matches) ) {
+	// Regex for extracting target web domain and custom document root. Regex test: https://regex101.com/r/2CLvIF/1
 
     if(!empty($matches[1]))
         $v_custom_doc_domain = $matches[1];
 
     if(!empty($matches[2]))
         $v_custom_doc_folder = rtrim($matches[2], '/');
-
+    
     if($v_custom_doc_domain && !in_array($v_custom_doc_domain, $user_domains)) {
         $v_custom_doc_domain = '';
         $v_custom_doc_folder = '';
@@ -230,14 +231,87 @@ if (!empty($_POST['save'])) {
         }
     }
 
-    // Change template
-    if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
-        exec (HESTIA_CMD."v-change-web-domain-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v_template'])." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $restart_web = 'yes';
-    }
 
+    if (($_SESSION['POLICY_USER_EDIT_WEB_TEMPLATES'] == 'yes') || ($_SESSION['userContext'] === "admin")){
+        // Change template
+        if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
+            exec (HESTIA_CMD."v-change-web-domain-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($_POST['v_template'])." 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            $restart_web = 'yes';
+        }
+        
+        // Change backend template
+        if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template'])  && (empty($_SESSION['error_msg']))) {
+            $v_backend_template = $_POST['v_backend_template'];
+            exec (HESTIA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_backend_template), $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+        }
+    
+        // Enable/Disable nginx cache
+        if (($_SESSION['WEB_SYSTEM'] == 'nginx') && ($v_nginx_cache_check != $_POST['v_nginx_cache_check'] ) || ($v_nginx_cache_duration != $_POST['v_nginx_cache_duration'] && $_POST['v_nginx_cache'] = "yes" ) && (empty($_SESSION['error_msg']))) {
+            if ( $_POST['v_nginx_cache_check'] == 'on' ) {
+                if (empty ($_POST['v_nginx_cache_duration'])){
+                    echo $_POST['v_nginx_cache_duration'] = "2m";
+                }
+                exec (HESTIA_CMD."v-add-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain).' '. escapeshellarg($_POST['v_nginx_cache_duration']) , $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output); 
+            } else {
+                exec (HESTIA_CMD."v-delete-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output); 
+            }
+            $restart_web = 'yes';
+        }
+    
+        // Delete proxy support
+        if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
+            exec (HESTIA_CMD."v-delete-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unset($v_proxy);
+            $restart_web = 'yes';
+        }
+    
+        // Change proxy template / Update extension list
+        if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg'])) ) {
+            $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
+            $ext = preg_replace("/,/", " ", $ext);
+            $ext = preg_replace('/\s+/', ' ',$ext);
+            $ext = trim($ext);
+            $ext = str_replace(' ', ", ", $ext);
+            if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
+                $ext = str_replace(', ', ",", $ext);
+                if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
+                exec (HESTIA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+                check_return_code($return_var,$output);
+                $v_proxy_ext = str_replace(',', ', ', $ext);
+                unset($output);
+                $restart_proxy = 'yes';
+            }
+        }
+    
+        // Add proxy support
+        if ((!empty($_SESSION['PROXY_SYSTEM'])) && (empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
+            $v_proxy_template = $_POST['v_proxy_template'];
+            if (!empty($_POST['v_proxy_ext'])) {
+                $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
+                $ext = preg_replace("/,/", " ", $ext);
+                $ext = preg_replace('/\s+/', ' ',$ext);
+                $ext = trim($ext);
+                $ext = str_replace(' ', ",", $ext);
+                $v_proxy_ext = str_replace(',', ', ', $ext);
+            }
+            exec (HESTIA_CMD."v-add-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            $restart_proxy = 'yes';
+        }
+        
+    
+    }
     // Change aliases
     if (empty($_SESSION['error_msg'])) {
         $waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
@@ -329,75 +403,6 @@ if (!empty($_POST['save'])) {
             unset($output);
         }
     }
-    
-    // Change backend template
-    if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template'])  && (empty($_SESSION['error_msg']))) {
-        $v_backend_template = $_POST['v_backend_template'];
-        exec (HESTIA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_backend_template), $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-    }
-
-    // Enable/Disable nginx cache
-    if (($_SESSION['WEB_SYSTEM'] == 'nginx') && ($v_nginx_cache_check != $_POST['v_nginx_cache_check'] ) || ($v_nginx_cache_duration != $_POST['v_nginx_cache_duration'] && $_POST['v_nginx_cache'] = "yes" ) && (empty($_SESSION['error_msg']))) {
-        if ( $_POST['v_nginx_cache_check'] == 'on' ) {
-            if (empty ($_POST['v_nginx_cache_duration'])){
-                echo $_POST['v_nginx_cache_duration'] = "2m";
-            }
-            exec (HESTIA_CMD."v-add-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain).' '. escapeshellarg($_POST['v_nginx_cache_duration']) , $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output); 
-        } else {
-            exec (HESTIA_CMD."v-delete-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output); 
-        }
-        $restart_web = 'yes';
-    }
-
-    // Delete proxy support
-    if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
-        exec (HESTIA_CMD."v-delete-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unset($v_proxy);
-        $restart_web = 'yes';
-    }
-
-    // Change proxy template / Update extension list
-    if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg'])) ) {
-        $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
-        $ext = preg_replace("/,/", " ", $ext);
-        $ext = preg_replace('/\s+/', ' ',$ext);
-        $ext = trim($ext);
-        $ext = str_replace(' ', ", ", $ext);
-        if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
-            $ext = str_replace(', ', ",", $ext);
-            if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
-            exec (HESTIA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_proxy_ext = str_replace(',', ', ', $ext);
-            unset($output);
-            $restart_proxy = 'yes';
-        }
-    }
-
-    // Add proxy support
-    if ((!empty($_SESSION['PROXY_SYSTEM'])) && (empty($v_proxy)) && (!empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
-        $v_proxy_template = $_POST['v_proxy_template'];
-        if (!empty($_POST['v_proxy_ext'])) {
-            $ext = preg_replace("/\n/", " ", $_POST['v_proxy_ext']);
-            $ext = preg_replace("/,/", " ", $ext);
-            $ext = preg_replace('/\s+/', ' ',$ext);
-            $ext = trim($ext);
-            $ext = str_replace(' ', ",", $ext);
-            $v_proxy_ext = str_replace(',', ', ', $ext);
-        }
-        exec (HESTIA_CMD."v-add-web-domain-proxy ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $restart_proxy = 'yes';
-    }
 
     // Change document root for ssl domain
     if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {

web/inc/mail-wrapper.php

@@ -27,7 +27,7 @@ if (!empty( $data['config']['LANGUAGE'])) {
 }
 
 // Define vars
-$from = 'Hestia Control Panel <hestia@'.gethostname().'>';
+$from = 'Hestia Control Panel <noreply@'.gethostname().'>';
 $to = $argv[3]."\n";
 $subject = $argv[2]."\n";
 $mailtext = file_get_contents("php://stdin");

web/templates/pages/add_key.html

@@ -2,7 +2,11 @@
 <div class="l-center edit">
 	<div class="l-sort clearfix">
 		<div class="l-unit-toolbar__buttonstrip">
-			<a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/key/"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
+                <a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/key/?user=<?=htmlentities($_GET['user']);?>"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php } else { ?>
+                <a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/key/"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php } ?>
 		</div>
 		<div class="l-unit-toolbar__buttonstrip float-right">
 			<a href="#" class="ui-button" data-action="submit" data-id="vstobjects"><i class="fas fa-save status-icon purple"></i><?=_('Save');?></a>

web/templates/pages/edit_server.html

@@ -448,7 +448,7 @@
 												</tr>
 												<tr>
 													<td>
-														<input type="text" size="20" class="vst-input" name="v_smtp_relay_pass">
+														<input type="text" size="20" class="vst-input password" name="v_smtp_relay_pass">
 													</td>
 												</tr>
 											</table>
@@ -545,7 +545,7 @@
 										</tr>
 										<tr>
 											<td class="step-left">
-												<input type="text" size="20" class="vst-input" name="v_mysql_password" value="">
+												<input type="text" size="20" class="vst-input password" name="v_mysql_password" value="">
 												<br><br>
 											</td>
 										</tr>
@@ -774,7 +774,7 @@
 															</tr>
 															<tr>
 																<td>
-																	<input type="text" size="20" class="vst-input" name="v_backup_password" value="<?=trim($v_backup_password, "'")?>">
+																	<input type="text" size="20" class="vst-input password" name="v_backup_password" value="<?=trim($v_backup_password, "'")?>">
 																	<br><br>
 																</td>
 															</tr>
@@ -1305,4 +1305,4 @@
 			</tr>
 		</table>
 	</form>
-</div>
+</div>

web/templates/pages/edit_web.html

@@ -5,7 +5,7 @@
 			<a class="ui-button cancel" dir="ltr" id="btn-back" href="/list/web/"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 		</div>
 		<div class="l-unit-toolbar__buttonstrip float-right">
-			<a href="/delete/web/cache/?domain=<?=$_GET['domain'];?>&token=<?=$_SESSION['token'];?>" class="ui-button cancel <?php if ( $v_nginx_cache == 'yes' || ($v_proxy_template == 'caching' && $_SESSION['PROXY_SYSTEM'] == 'nginx')) { echo "block"; } else{ echo "hidden"; }?>" id="v-clear-cache">
+			<a href="/delete/web/cache/?domain=<?=$v_domain;?>&token=<?=$_SESSION['token'];?>" class="ui-button cancel <?php if ( $v_nginx_cache == 'yes' || ($v_proxy_template == 'caching' && $_SESSION['PROXY_SYSTEM'] == 'nginx')) { echo "block"; } else{ echo "hidden"; }?>" id="v-clear-cache">
 				<i class="fas fa-trash status-icon red"></i><?=_('Purge Nginx Cache');?>
 			</a>
 			<?php if ($_SESSION['PLUGIN_APP_INSTALLER'] !== 'false') {?>

web/templates/pages/list_key.html

@@ -3,7 +3,11 @@
 	<div class="l-sort clearfix noselect">
 		<div class="l-unit-toolbar__buttonstrip">
 			<a class="ui-button cancel" dir="ltr" id="btn-back" href="/edit/user/?user=<?=$user;?>&token=<?=$_SESSION['token']?>"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
+            <?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
+            <a href="/add/key/?user=<?=htmlentities($_GET['user']);?>" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add SSH Key');?></a>
+            <?php } else { ?>
 			<a href="/add/key/" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add SSH Key');?></a>
+            <?php } ?>
 		</div>
 	</div>
 </div>